xml-signature

'SignatureMethod' Algorithm vs. 'DigestMethod' Algorithm in XML Signature


If we take the following Signature element as an example:

<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
    <ds:SignedInfo>
      <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
      <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
      <ds:Reference URI="#_884D49DAD03AD60748547F8322C11AA0">
        <ds:Transforms>
          <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
          <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
        </ds:Transforms>
        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
        <ds:DigestValue>...</ds:DigestValue>
      </ds:Reference>
    </ds:SignedInfo>
    <ds:SignatureValue>...</ds:SignatureValue>
    <ds:KeyInfo>
      <ds:KeyName>...</ds:KeyName>
    </ds:KeyInfo>
 </ds:Signature>

There is a SignatureMethod Algorithm (http://www.w3.org/2000/09/xmldsig#rsa-sha1) and a DigestMethod Algorithm (http://www.w3.org/2000/09/xmldsig#sha1).

As far as I understand SignatureMethod Algorithm being 'rsa-sha1' means the content to be signed is first hashed (digested) using SHA1 and then signed using RSA.

Does the DigestMethod Algorithm always equals to the digest mechanism specified in the SignatureMethod Algorithm (sha1 part of 'rsa-sha1')?

I believe it's not the case, because it would be useless to specify the same algorithm twice. What I speculate is that there can be multiple 'Reference's that can be digested using different DigestMethod Algorithms, and the collection of those digests will be again hashed using the digest mechanism specified by the SignatureMethod Algorithm.

I'm trying to understand this by referring the 'XML Signature Syntax and Processing' Specification. Would really appreciate if someone can confirm whether I have understood correctly, or explain the purposes served by those two algorithms. Thanks.


Solution

  • You're perfectly right, the DigestMethod Algorithm elements refer to their parent Reference element. You can have different DigestMethod Algorithms for your multiple Reference elements, and again a different SignatureMethod Algorithm to hash and sign all the References.