[giftfile-dev] Re: XML signature and PGP

Anthony Carrico acarrico at memebeam.org
Sat Nov 27 15:13:32 EST 2004
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> Karsten Behrens wrote:
>
> >I was wondering if you have any further technical information on how 
> >exactly you incorporated the PGP extensions into the standard to make 
> >things work for you. In my project, one of the aims is to have a 
> >document signed by both X509 and PGP keys.

There is not much published about using PGP with xmldsig, but PGP is
desirable because it does not have a central authority, and there is
an existing infrastructure for public key distribution. It would be
nice for projects that use PGP to work together for interoperability.

There are too many options in the xmldsig spec for a specific
application, so we use a RelaxNG schema to create a tight subset. Here
are the namespace declarations:

<grammar xmlns='http://relaxng.org/ns/structure/1.0'
         xmlns:ds='http://www.w3.org/2000/09/xmldsig#'
         ns='http://www.w3.org/2000/09/xmldsig#'
         datatypeLibrary='http://www.w3.org/2001/XMLSchema-datatypes'>

We wanted to use fingerprints to identify keys, because PGP "key ids"
are not unique enough: there are known to be keys in existence with
the same key id. The xmldsig standard does not have any specific
support for fingerprint KeyInfo, so we use a customized KeyInfo
element with full a fingerprint (instead of a PGP key id) in our
documents:

    <!-- Start KeyInfo -->

    <define name='Fingerprint'>
        <element ns='http://giftfile.org/2004/02/openpgp#'
                 name='Fingerprint'>
            <data type='base64Binary'/>
        </element>
    </define>

    <define name='KeyInfo'>
        <element name="KeyInfo"><ref name='KeyInfoType'/></element>
    </define>

    <define name='KeyInfoType'>
        <ref name='Fingerprint'/>
        <optional><attribute name='Id'><data type='ID'/></attribute></optional>
    </define>

    <!-- End KeyInfo -->

The other customization is the signature method algorithm. We use the
identifier "http://giftfile.org/2004/02/openpgp#signature" to indicate
a detached OpenPGP signature:

    <define name='SignatureMethodType'>
        <attribute name='Algorithm'>
            <!-- Note this is a custom algorithm -->
            <value type='anyURI'>http://giftfile.org/2004/02/openpgp#signature</value>
        </attribute>
    </define>

We also restrict the canonicalization algorithm:

    <define name='CanonicalizationMethodType'>
        <attribute name='Algorithm'>
            <value type='anyURI'>http://www.w3.org/2001/10/xml-exc-c14n#</value>
        </attribute>
    </define>

Finally, our application uses enveloped signature over the entire
document, so the Reference URI in our documents is always URI="".

Here is an example document without the signature:

<?xml version="1.0"?>
<message><greet>Hello Karsten</greet><Signature/></message>

Here is what the signed message looks like with the signature:

<?xml version="1.0"?>
<message>
  <greet>Hello Karsten</greet>
  <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
    <SignedInfo>
      <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
      <SignatureMethod Algorithm="http://giftfile.org/2004/02/openpgp#signature"/>
      <Reference URI="">
        <Transforms>
          <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
          <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
        </Transforms>
        <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
        <DigestValue>+A3yIrCmOCuxLqANq9ekRs2XvYs=</DigestValue>
      </Reference>
    </SignedInfo>
    <SignatureValue>iD8DBQBBqNphsYhrnH7Qa1wRAvF7AJ9SonFn8ocYuYrVyrP44OyEeKZgIACdHWU7geIodCuPTtl6
Ks01bkZ1p6A=</SignatureValue>
  </Signature>
</message>

Note that the indentation breaks the signature! Here is a version that
should validate:

<?xml version="1.0"?>
<message><greet>Hello Karsten</greet><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><SignatureMethod Algorithm="http://giftfile.org/2004/02/openpgp#signature"/><Reference URI=""><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>+A3yIrCmOCuxLqANq9ekRs2XvYs=</DigestValue></Reference></SignedInfo><SignatureValue>iD8DBQBBqNphsYhrnH7Qa1wRAvF7AJ9SonFn8ocYuYrVyrP44OyEeKZgIACdHWU7geIodCuPTtl6Ks01bkZ1p6A=</SignatureValue></Signature></message>

The complete RelaxNG schema for our PGP signatures is available in our
source code (xmldsig-custom.rng). You may use this schema if it is
appropriate for your application.

We have Python code (xmldsig.py) to interface to gpg and to create
signatures. You can use this code to generate signatures or to test
against your own code. Search xmldsig.py for
"enveloped_openpgp_custom", and look at the comments. The code is
interlaced line by line with the text from the signature generation
and validation algorithms from the standard. Please ask if you have
any questions about our design.

We plan to put our source code version control system (subversion)
online for anonymous access in the near future, but the test
distribution should be fine to play with
(http://giftfile.org/software/debian/). That includes a tar file if
you aren't using the Debian operating system.

If you have more questions please ask.

-- 
Anthony Carrico
http://giftfile.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://giftfile.org/lists/archive/giftfile-dev/attachments/20041127/7cf4e94e/attachment.pgp
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the giftfile-dev mailing list