Applying XML Digital Signatures

XML digital signatures digitally sign an element or, more typically, the entire XML document. Digitally signing an XML document is the process of creating a hash or fingerprint of the document and then encrypting this hash with a private key. This process prevents anyone from changing the document undetected; it also proofs the document sender's identity.

Signing XML Data

XML digital signatures are useful to verify the integrity of data and authenticity of the sender and for non-repudiation.

The various threat associated with this approach are Data Corruption, Brute-force attacks.

A digitally signed XML document provides the following benefits:

·          Integrity The document is exactly as it was when it was signed. The document cannot be modified in any way after signing, without invalidating the signature.

·          Authentication The document came from the signer and no one else.

·          Nonrepudiation The document signer cannot deny signing the document.

A digitally signed document, however, is not private. You should apply XML encryption if privacy is important. Candidates for digitally signed documents are documents such as contracts and agreements, for which it is important that the details of the contract did not change and the

XML Digital Signature Example

For a simplified example let us take the role of car dealership.

      Honda    Accord    2004    23000        Ford    Probe    1990    530        Ferrari    Enzos    2003    643330   Below code generates the encryption key.  Code Sample in C# void signDocument(string xmlDocumentUnsignedFilename, string xmlDocumentSignedFilename){           // Load the document to be signed, and key to use    XmlDocument xmlDoc = new XmlDocument();             xmlDoc.Load(xmlDocumentUnsignedFilename);           SignedXml signedXml = new SignedXml();    signedXml.SigningKey = rsaKey;        // Set up data object to contain the data the will be signed    DataObject dataObject = new DataObject();    dataObject.Data = xmlDoc.ChildNodes;    dataObject.Id = "SignedObject";         signedXml.AddObject(dataObject);    Reference reference = new Reference();    reference.Uri = "#SignedObject";        signedXml.AddReference(reference);     // Create signature    KeyInfo keyInfo = new KeyInfo();    keyInfo.AddClause(new RSAKeyValue(rsaKey));    signedXml.KeyInfo = keyInfo;    signedXml.ComputeSignature();     // Write signature to file    XmlElement xmlSignature = signedXml.GetXml();    xmlDoc = new XmlDocument();    XmlNode xmlNode = xmlDoc.ImportNode(xmlSignature, true);    xmlDoc.AppendChild(xmlNode);    xmlDoc.Save(xmlDocumentSignedFilename);}  XML Document After Digital Signing sPpOt0ysPVG7iPkC9/avA/4bjhM= VwiNfYfXdY7bPAk4nULVUdlbIs572RMEWeElk68jIzWojA+3WnmwU/jJU5KYc8/DvwX1gnW/kI/hIpPswcpURSO85nNTKIKwYHX/eS7f8h5JcSlCU1EUdnpxoHEwtbsEu8OuVYUR4AiBgnFlQPVeJldiKHjRdo14j+hkZSM8p6o= wRMK+SKiDIRBHRY1NUc6SpTt+3iPcMGFwdg27MgsU2ydaCJyTZMCsFfDewZ6jK+cJvLLi3+b46YwEYJ/GyPvdXSOGPHTNaDFTi7AsKAGu4eXkFhSExnDPUJlnOiToG0eMYXWj/DRvK8adMahoeqIkysmkUKq4YO9OvqMkwMyJ3M=AQAB     Honda     Accord     2004     23000      Ford     Probe     1990     530      Ferrari     Enzos     2003     643330  Validating the XML Signature using C# bool verifySignature(string xmlDocumentSignedFilename){    // Load signed XML document    XmlDocument xmlDoc = new XmlDocument();    xmlDoc.PreserveWhitespace = true;    xmlDoc.Load(xmlDocumentSignedFilename);         SignedXml signedXml = new SignedXml(xmlDoc);     // Get the signature element    XmlNodeList nodeList = xmlDoc.GetElementsByTagName(        "Signature", "http://www.w3.org/2000/09/xmldsig#");    signedXml.LoadXml((XmlElement)nodeList[0]);     // Validiate signature    if (signedXml.CheckSignature())        return true; // signature valid - document unmodified    else        return false; // signature invalid- document modified}