In two words: im-possible.
crypto.signText does not sign the text that you pass to it. It
constructs a summary document containing a hash of that text and some
other parameters, and signs that summary instead. Without those extra
parameters there is no way to verify the signature - hence why I include
an AuthenticatedAttributes block in my converted signatures.
To make this excruciatingly clear: the signature operation that Mozilla
provides is not compatible with the signature operation that
XML-Signature requires.
As a side note, RFC 2315 allows for a signature covering only the
supplied document to be created, and in fact encourages implementations
which don't include extra authenticated attributes to do that when
signing untyped data. NSS doesn't follow this recommendation (perhaps
due to the inclusion of signingTime?), which is a terrible pity, because
if it did, we could construct a valid XML-Signature in the browser with
the assistance of a pure-Javascript hash algorithm implementation. But alas.
My XML-Signature extension suffers from a number of shortcomings, some
of them security related (in particular, it doesn't actually sign the
ds:SignedInfo, meaning you have to beware of an attacker swapping hash
algorithms out from under you), trading them off against the utility of
generating signatures from a browser with no downloads or plugins
required. However, it can never become a standard algorithm on a par
with the existing XML-Signature - it's only appropriate for use where
there is no way to generate a real XML-Signature.
(As another side-note, the problems could basically be solved by signing
the ds:SignedInfo, instead of the actual document, but that mandates
having a hash algorithm available to prepare the ds:Signature, and
generally gets finickier than I cared to pursue at the time)
I've published support for this extension for both Apache's xmlsec Java
library (which is installable at run-time) and Aleksey's libxmlsec
(which regrettably requires patching and recompiling), and it happens to
work for my purposes. YMMV.
m.
j.fabre wrote:
Hi Anders (and Mikolaj and all the Mozilla mail-list subscribers :-) )
I´ve analized the information at the links you provided me, but the
inconvenient for the signing mechanism proposed is that the resulting
signature doesn´t match with the XML-Signature standard. They use a
strange attribute called AuthenticatedAttributes, where the signing
date and content type attribute are placed in.
Do you think that there could be any way to avoid the use of the
AuthenticatedAttributes element to conform to XML-Signature standard ?
What do you think about substitute it for a Reference element, which
points to the extra attributes added by Signtext function,
encapsulated, for example, in a <ds:Object> element in order to be
XML-Signature standard compliant ?
I think that it would be desirable that the resulting XML-Signature
element could be verified by any library which implements XML-DSig,
without any kind of extra "custom" components.
Any help will be appreciated.
Regads.
Jesús el tuty.
Anders Rundgren escribió:
Hi again Jesús,
Thanx for the nice comment.
Maybe the following links could be of some interest?
http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2006JanMar/0008.html
http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2006AprJun/0007.html
I also think that a native solution would be much better but
unfortunately
the Mozilla team is fairly uninterested in these things. One of the
reasons
is of course that there is no real standard for the thing I call
"on-line signing"
which involves (as I see it) quite a bit more than producing XML DSig,
because the document/view must be in there in some way. There are
*many* ways to do that. All of them quite different :-(
regards
Anders Rundgren
----- Original Message -----
From: "j.fabre" <[EMAIL PROTECTED]>
Cc: <dev-tech-crypto@lists.mozilla.org>
Sent: Tuesday, December 05, 2006 20:04
Subject: Re: Problem with crypto.Signtext and A PKCS #9 signing
timeattribute
Hi Anders,
First of all, I must thank you for your "more than quick" answer, and
then I will explain you my concrete situation:
I´m trying to convert the signature produced by crypto.signtext() to XML
format at the server-side. In order to achieve this, I need a "clean"
detached signature, without any kind of "extra" date attributes. I think
that only in this way I could map the signature produced by
crypto.signtext() to an XML signature.
I think that the most appropiate option would be to implement a
"non-java" plugin that accesses to Firefox´s credential store. But I
don´t know certainly if this option is feasible.
Could you help me to solve this subject ?
Thanks a lot man.
Jesús el tuty.
Anders Rundgren escribió:
Hi J,
Your only option is to try a proprietary signature plugin.
There are many, most of them are in the form of Java applets.
Some are free, including open source, some are licensed.
Personally I think that you should try to live with the
client-side time-stamp because it adds some evidence to
the on-line transaction. Commercial signature plugins
AFAIK, almost always insert time-stamps and often
other things as well, like the URI of the requester.
A signature without any environmental attributes (context)
seems a bit "naked" in my opinion.
Anders Rundgren
----- Original Message -----
From: "j.fabre" <[EMAIL PROTECTED]>
To: <dev-tech-crypto@lists.mozilla.org>
Sent: Tuesday, December 05, 2006 19:15
Subject: Problem with crypto.Signtext and A PKCS #9 signing time
attribute
Hi all,
I´m looking for a signing tool which allows me to sign a text in
Mozilla
Firefox (now I´m using version 2.0 of this browser). I found
crypto.Signtext function, but this tool adds a PKCS#9 signing time
attribute that I want to avoid.
¿Anyone knows how I could sign text, forms, etc from Firefox 2.0
without
any kind of extra attribute in the final signature?
Any help will be appreciated.
Thanks in advance.
PD1: I have tried with secclab extension, but it doesn´t install
properly in Firefox 2.0
PD2: ¿It would be posible to create a "custom Signtext" function which
doesn´t include this time attribute?
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
--
--------------------------------------------------------------------
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
