Introducing 

Prezi AI.

Your new presentation assistant.

Refine, enhance, and tailor your content, source relevant images, and edit visuals quicker than ever before.

Loading…
Transcript

W3C

XML structure for a basic signature format

  • Signed resources (XML or not)
  • Signature value
  • Metadata (algorithms, keys, certificates)

Processing rules

Directive 1999/93/EC

  • Legal framework for electronic signatures

Handwritten signature <=> qualified electronic signature

  • Non repudiation
  • Long term verification

XML-DSIG is insufficient

Extends XML-DSIG

New formats with additional information

Qualifying Properties

  • Certificates and revocation data
  • Time-stamps
  • Policies
  • ...

- Signature or signed data objects

- Signed or unsigned

A XAdES signature is created from 2 sets of data:

  • Data related to the signature and the signatory
  • Data related to the signed data objects

Abstraction over the XAdES structure and processing rules

Signed data objects

  • References or embedded
  • Qualifying properties and transforms

Qualifying properties

- High level representation

  • Hides the XML details
  • Ex: X509Certificate instance (library API) vs. certificate digest and issuer/serial (spec)

Base structure (XML-DSIG)

  • Information from the signature profile
  • Definition of the signed data objects

- Apache XML Security

Some tasks that are part of signature production/verification:

  • Key/certificate selection
  • Interation with time-stamp authorities
  • Algorithm selection
  • Selection of optional signature qualifying properties
  • Certificate validation

The "how" is not relevant

Base XML-DSIG structure

  • Signed data object references
  • Algorithms
  • Some validation data

- Apache XML Security

XAdES Structure

  • Gather the qualifying properties
  • Transform the high-level representation into DOM
  • Incorporate the properties in the signature

XAdES4j

A Java library for XAdES services

Architecture

Tests

XML Signatures

Signature Profile

Set of invariant characteristics of the signatory and its signatures

UE Laws

XML Advanced

Electronic Signatures (XAdES)

XML Digital

Signatures

(XML-DSIG)

Service Providers

Profile: configuration of the service providers that should be used in signature production/verification

  • Well known interfaces
  • Independent
  • The library includes several implementations
  • Extensibility

Implementation

Goals and Motivation

Generate low level data

Build the DOM tree (marshaling)

  • XAdES has gowing relevance
  • Java only supports XML-DSIG
  • Solid/complete/public implementations of XAdES are hard to find

Property Data Objects

  • Intermediate representation of the qualifying properties
  • Contain all the property data but don’t address any XML-specific issues
  • Support for production and verification of signatures in the four main XAdES forms
  • Optionally, support for the extended forms

  • Flexibility and extensibility

- Key/certificate selection

- Interaction with time-stamp authorities

- Property marshalling/unmarshalling

The diferent service providers are used along the signature production/verification

  • Ex: verifying a time-stamp property

Dependency injection (Guice)

- Profiles support all the configuration

  • Internal or external dependencies
  • Default configurations
Learn more about creating dynamic, engaging presentations with Prezi