javaxmlxml-signaturexml-dsigxmlsec

XMLDSig: Do I have to specify Reference URI in an enveloped signature


Suppose I have such xml:

<?xml version="1.0" encoding="UTF-8"?>
<CATALOG>
    <CD>
        <TITLE>Empire Burlesque</TITLE>                    
        <ARTIST>Bob Dylan</ARTIST>
        <COUNTRY id="123">USA</COUNTRY>
        <COMPANY>Columbia</COMPANY>
        <PRICE>10.90</PRICE>
        <YEAR>1985</YEAR>
    </CD>    
    <CD>
        <TITLE>Hide your heart</TITLE>
        <ARTIST>Bonnie Tyler</ARTIST>
        <COUNTRY>UK</COUNTRY>
        <COMPANY>CBS Records</COMPANY>
        <PRICE>9.90</PRICE>
        <YEAR>1988</YEAR>
    </CD>
    <CD>
        <TITLE>Greatest Hits</TITLE>
        <ARTIST>Dolly Parton</ARTIST>
        <COUNTRY>USA</COUNTRY>
        <COMPANY>RCA</COMPANY>
        <PRICE>9.90</PRICE>
        <YEAR>1982</YEAR>
    </CD>   
</CATALOG>

After signing I get:

<?xml version="1.0" encoding="UTF-8"?>
<CATALOG>
    <CD>
        <TITLE>Empire Burlesque</TITLE>                    
        <ARTIST>Bob Dylan</ARTIST>
        <COUNTRY id="123">USA</COUNTRY>
        <COMPANY>Columbia</COMPANY>
        <PRICE>10.90</PRICE>
        <YEAR>1985</YEAR>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-md5"/>
                <ds:Reference URI="">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#md5"/>
                    <ds:DigestValue>C6i9GSNZ8seoXxfuFc482Q==</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>
d/ufAnYK35PKUdi+O6DUytV+36OGAr5meHXq2qoOUp+zO1Q5HbJvIs01qlPT9oKiBEi2QiAF3Sya
ZVwi4hEI9xHkLiewmOxPo1KgVfJ1Ir2RPpkdegFYFx9QCMR4Z1M7zTkijCKv9ncWR4MYjOAfDrKf
fbvUX3AbRHlUYJj6M4QcrQUuBPhSqo4TcxtfblNqmKUT+141+sLSsuM2xy24YeyF7NUff9tirCiP
KgBHpFGtiJAdxugAlzqHaR9CP2kRA2Sg046NBo2yO/nTDfUKqquZm4aaZsLWbvKJYvrgqD4YgH4M
FFpK5ChgYa4oi7f9BAYxOFcY9f1OCHsvpdCbpw==
            </ds:SignatureValue>
            <ds:KeyInfo>
                <ds:KeyValue>
                    <ds:RSAKeyValue>
                        <ds:Modulus>
1Bphf/ypmjIyIbWKBS39IaBpUn/e7oylpexMhTtsKYnbKuufzDhReR15oJ9cavVa9BkSSmLjaLxt
jIzIswaoW0SnTR4VySpbkujoeCSzoIGTlQ2ae96vT4sZURferQ8GpS/iExpblSX5knD8TBDCt+MK
UNTpJzPy6HdYGBtKfcc5C0STt07WGnhnOYYrIht1y/blne2Ec90dCt3hQmInqbBUbp1Ngl4V7xXH
rSifvQ6X+Dzg10l/vx92vFwBM3we+7p8jbDey9KLWS44W/AXmcxmuBo4kTN4fS9Ld/ctMR7ATbP2
frjcHJoecsQs3tnK1VZjrnnQUsZxDqjWhYDx2w==
                        </ds:Modulus>
                        <ds:Exponent>AQAB</ds:Exponent>
                    </ds:RSAKeyValue>
                </ds:KeyValue>
                <ds:X509Data>
                    <ds:X509Certificate>
MIICwTCCAamgAwIBAgIITKhEP4iHnaQwDQYJKoZIhvcNAQENBQAwDjEMMAoGA1UEAwwDa2V5MB4X
DTE1MDQwMjIxMDAxN1oXDTI1MDQwMjIxMDAxN1owDjEMMAoGA1UEAwwDa2V5MIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCfKCAQEA1Bphf/ypmjIyIbWKBS39IaBpUn/e7oylpexMhTtsKYnbKuuf
zDhReR15oJ9cavVa9BkSSmLjaLxtjIzIswaoW0SnTR4VySpbkujoeCSzoIGTlQ2ae96vT4sZURfe
rQ8GpS/iExpblSX5knD8TBDCt+MKUNTpJzPy6HdYGBtKfcc5C0STt07WGnhnOYYrIht1y/blne2E
c90dCt3hQmInqbBUbp1Ngl4V7xXHrSifvQ6X+Azg10l/vx92vFwBM3we+7p8jbDey9KLWS44W/AX
mcxmuBo4kTN4fS9Ld/ctMR7ATbP2frjcHJoecsQs3tnK1VZjrnnQUsZxDqjWhYDx2wIDAQABoyMw
ITAOBgNVHQ8BAf8EBAMCBLAwDwYDVR0TAQH/BAUwAwEBADANBgkqhkiG9w0BAQ0FAAOCAQEAa3VI
zBGyt7mfHh9g9hAKYxUHkrPjiOQDoE3QP/2aZQlGMeD8OwgjZHA4d2iXLLOJt56lgQenEO2nFLxE
/SSEc4eOFHYR170W7eRuEqIByZhtu1DDMzCVzxTF/Gu/WtTeQzhu4q1Pl9zUyYeHhLIO+HzLJCn0
O2y6tD/E6zqqzPFSW1oXuISM4ZvFR+0wQgdgYMJa5JU6XwPvS2+7y2B28JFBUq90S4a4FVj65UT5
qrcgzi4Z2YF2phAD7Jkq3Oqdedmh9q1mg2VFg7v2/Kn+McTLSb0uX7svXMOr2IhZ1FppziQYx3UN
XPrBbbomwNITW6R56wCmB2nAcp93f9xrKw==
                    </ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
    </CD>    
    <CD>
        <TITLE>Hide your heart</TITLE>
        <ARTIST>Bonnie Tyler</ARTIST>
        <COUNTRY>UK</COUNTRY>
        <COMPANY>CBS Records</COMPANY>
        <PRICE>9.90</PRICE>
        <YEAR>1988</YEAR>
    </CD>
    <CD>
        <TITLE>Greatest Hits</TITLE>
        <ARTIST>Dolly Parton</ARTIST>
        <COUNTRY>USA</COUNTRY>
        <COMPANY>RCA</COMPANY>
        <PRICE>9.90</PRICE>
        <YEAR>1982</YEAR>
    </CD>   
</CATALOG>

Does the fact that the <Signature> is enveloped under <CD> means that it signs exactly the element, or because of the <ds:Reference URI=""> it means that the whole XML is signed? From reading the specification http://www.w3.org/TR/xmldsig-core/ I'm left with the impression that enveloped signatures don't need Reference URI's. Is this correct?


Solution

  • I think I got it.

    According to the specification the URI=""

    Identifies the node-set (minus any comment nodes) of the XML resource containing the signature

    which I understand as "Identifies all nodes (the node-set) of the XML document that contains the <ds:Signature> element. That would mean that URI="" <=> signed is the whole document.

    This statement is backed up by another resource - the Apache Santuario FAQ:

    3.1. What is the enveloped transform? The enveloped transform is a special transform that enables the use of so-called enveloped signatures.

    Enveloped signatures are signatures over an entire XML document, for which the element is included in the document itself. An example could be:

    <![CDATA[
    <?xml version=&quot;1.0&quot; encoding=&quot;UTF-8&quot;?>
       <Root>
         <SomeContent>
           ... 
         </SomeContent>
           <ds:Signature>
             <ds:SignedInfo>
               <ds:Reference URI="">
                 <ds:Transforms>
                   <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                 </ds:Transforms>
               </ds:Reference>
             </ds:SignedInfo>
             ....
           </ds:Signature>
       </Root>
    ]]>
    

    The Reference indicates that Root and it's descendants (except for comments) are signed, but the Transform element says to throw out the Signature element (that is the parent of this Reference) from the stream that is to be signed. Note that if there are other Signature elements in Root, they will remain untouched.

    ... Which translates to "The URI="" signed is the whole document that contains the <ds:Signature> and we have one <ds:Transform> which says that this signature is enveloped and therefore should be removed before verification"

    Therefore, the conclusion is: The URI="" and signature type (detached, enveloped, enveloping) are two completely different things. URIs are pointers to parts of the XML document that says what is signed and what isn't. URI="" means that the whole current document (the one that contains <ds:Signature>) is being signed. The signature type (detached, enveloped, enveloping) otoh affect what transformations should be applied before verification. In case of enveloped, the whole <ds:Signature> must be removed before verification.