Giving up on XML DSig => JSON

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Giving up on XML DSig => JSON

Anders Rundgren-2
Since Google doesn't support XSD or XML DSig in Android I began looking at other alternatives.
There were none :-(   Therefore I created a 2000-line system that writes and reads JSON from Java.
In addition, I adopted a scaled-down version of XML DSig's enveloped-signatures.

The concept of enveloped signatures have been slammed by some people due to a belief that canonicalization issues will be hard.
FWIW, I just wrote the entire thing in just a week and I didn't find any problems all.

https://code.google.com/p/openkeystore/source/browse/#svn%2Flibrary%2Ftrunk%2Fsrc%2Forg%2Fwebpki%2Fjson

It seems that I will be able to replace 200,000 lines of Apache code with about 2,000 lines of custom code.

  {
    "MyLittleSignature":
      {
        "Version": "http://example.com/signature",
        "Now": "2013-08-25T20:31:23+02:00",
        "HRT":
          {
            "RTl": "67",
            "YT":
              {
                "HTL": "656756#",
                "INTEGER": -689,
                "Fantastic": false
              },
            "er": "33"
          },
        "ARR": [],
        "BARR":
          [{
             "HTL": "656756#",
             "INTEGER": -689,
             "Fantastic": true
           },
           {
             "HTL": "656756#",
             "INTEGER": -689,
             "Fantastic": false
           }],
        "ID": "ihqQONXvN5_LnmdAG7YU",
        "STRINGS": ["One","Two","Three"],
        "Intra": 78,
        "EnvelopedSignature":
          {
            "SignatureInfo":
              {
                "Algorithm": "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256",
                "Reference":
                  {
                    "Name": "ID",
                    "Value": "ihqQONXvN5_LnmdAG7YU"
                  },
                "KeyInfo":
                  {
                    "PublicKey":
                      {
                        "EC":
                          {
                            "NamedCurve": "http://xmlns.webpki.org/sks/algorithm#ec.p256",
                            "X": "lNxNvAUEE8t7DSQBft93LVSXxKCiVjhbWWfyg023FCk",
                            "Y": "LmTlQxXB3LgZrNLmhOfMaCnDizczC/RfQ6Kx8iNwfFA"
                          }
                      }
                  }
              },
            "SignatureValue": "MEUCIEhZtArhp8O7d1n7SRWRQcs3qePGBCrnKY8x2O3o+nvPAiEA0On5hez2EHmEwJIm/UK7GxqZeWWcaFzK9OVAhygAWVk"
          }
      }
  }

Why bother with this you may wonder?  Well I can't imagine converting the previous cool stuff to something yucky like JOSE's JWS:

{
"message": "eyJ0eXAiOibGciOiJIUzI1NiJ9.LmNvbS9pc19yb290Ijp0cnVlfQ.2K27uhbUJU1p1r_wW1gFWFOEjXk"
}

Canonicalization (=removal of whitespace):

"MyLittleSignature":{"Version":"http://example.com/signature","Now":"2013-08-25T20:31:23+02:00","HRT":{"RTl":"67","YT":{"HTL":"656756#","INTEGER":-689,"Fantastic":false},"er":"33"},"ARR":[],"BARR":[{"HTL":"656756#","INTEGER":-689,"Fantastic":true},{"HTL":"656756#","INTEGER":-689,"Fantastic":false}],"ID":"ihqQONXvN5_LnmdAG7YU","STRINGS":["One","Two","Three"],"Intra":78,"EnvelopedSignature":{"SignatureInfo":{"Algorithm":"http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256","Reference":{"Name":"ID","Value":"ihqQONXvN5_LnmdAG7YU"},"KeyInfo":{"PublicKey":{"EC":{"NamedCurve":"http://xmlns.webpki.org/sks/algorithm#ec.p256","X":"lNxNvAUEE8t7DSQBft93LVSXxKCiVjhbWWfyg023FCk"," Y":"LmTlQxXB3LgZrNLmhOfMaCnDizczC/RfQ6Kx8iNwfFA"}}}}

Cheers,
Anders


------------------------------------------------------------------------------
Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more!
Discover the easy way to master current and previous Microsoft technologies
and advance your career. Get an incredible 1,500+ hours of step-by-step
tutorial videos with LearnDevNow. Subscribe today and save!
http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Giving up on XML DSig => JSON

Mat Arge
That's a really cool idea.
If you somehow wnat to have this adopted as an alternative to XML-DSIG and CMS
and ported to other languages, i think you should make a seperate project out
of it.

cheers
Mat

On Wednesday 28. August 2013 18:06:43 Anders Rundgren wrote:

> Since Google doesn't support XSD or XML DSig in Android I began looking at
> other alternatives. There were none :-(   Therefore I created a 2000-line
> system that writes and reads JSON from Java. In addition, I adopted a
> scaled-down version of XML DSig's enveloped-signatures.
>
> The concept of enveloped signatures have been slammed by some people due to
> a belief that canonicalization issues will be hard. FWIW, I just wrote the
> entire thing in just a week and I didn't find any problems all.
>
> <a href="https://code.google.com/p/openkeystore/source/browse/#svn%2Flibrary%2Ftrunk%">https://code.google.com/p/openkeystore/source/browse/#svn%2Flibrary%2Ftrunk%
> 2Fsrc%2Forg%2Fwebpki%2Fjson
>
> It seems that I will be able to replace 200,000 lines of Apache code with
> about 2,000 lines of custom code.
>
>   {
>     "MyLittleSignature":
>       {
>         "Version": "http://example.com/signature",
>         "Now": "2013-08-25T20:31:23+02:00",
>         "HRT":
>           {
>             "RTl": "67",
>             "YT":
>               {
>                 "HTL": "656756#",
>                 "INTEGER": -689,
>                 "Fantastic": false
>               },
>             "er": "33"
>           },
>         "ARR": [],
>         "BARR":
>           [{
>              "HTL": "656756#",
>              "INTEGER": -689,
>              "Fantastic": true
>            },
>            {
>              "HTL": "656756#",
>              "INTEGER": -689,
>              "Fantastic": false
>            }],
>         "ID": "ihqQONXvN5_LnmdAG7YU",
>         "STRINGS": ["One","Two","Three"],
>         "Intra": 78,
>         "EnvelopedSignature":
>           {
>             "SignatureInfo":
>               {
>                 "Algorithm":
> "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256", "Reference":
>                   {
>                     "Name": "ID",
>                     "Value": "ihqQONXvN5_LnmdAG7YU"
>                   },
>                 "KeyInfo":
>                   {
>                     "PublicKey":
>                       {
>                         "EC":
>                           {
>                             "NamedCurve":
> "http://xmlns.webpki.org/sks/algorithm#ec.p256", "X":
> "lNxNvAUEE8t7DSQBft93LVSXxKCiVjhbWWfyg023FCk", "Y":
> "LmTlQxXB3LgZrNLmhOfMaCnDizczC/RfQ6Kx8iNwfFA" }
>                       }
>                   }
>               },
>             "SignatureValue":
> "MEUCIEhZtArhp8O7d1n7SRWRQcs3qePGBCrnKY8x2O3o+nvPAiEA0On5hez2EHmEwJIm/UK7Gx
> qZeWWcaFzK9OVAhygAWVk" }
>       }
>   }
>
> Why bother with this you may wonder?  Well I can't imagine converting the
> previous cool stuff to something yucky like JOSE's JWS:
>
> {
> "message":
> "eyJ0eXAiOibGciOiJIUzI1NiJ9.LmNvbS9pc19yb290Ijp0cnVlfQ.2K27uhbUJU1p1r_wW1gF
> WFOEjXk" }
>
> Canonicalization (=removal of whitespace):
>
> "MyLittleSignature":{"Version":"http://example.com/signature","Now":"2013-08
> -25T20:31:23+02:00","HRT":{"RTl":"67","YT":{"HTL":"656756#","INTEGER":-689,"
> Fantastic":false},"er":"33"},"ARR":[],"BARR":[{"HTL":"656756#","INTEGER":-68
> 9,"Fantastic":true},{"HTL":"656756#","INTEGER":-689,"Fantastic":false}],"ID"
> :"ihqQONXvN5_LnmdAG7YU","STRINGS":["One","Two","Three"],"Intra":78,"Envelope
> dSignature":{"SignatureInfo":{"Algorithm":"http://www.w3.org/2001/04/xmldsig
> -more#ecdsa-sha256","Reference":{"Name":"ID","Value":"ihqQONXvN5_LnmdAG7YU"}
> ,"KeyInfo":{"PublicKey":{"EC":{"NamedCurve":"http://xmlns.webpki.org/sks/alg
> orithm#ec.p256","X":"lNxNvAUEE8t7DSQBft93LVSXxKCiVjhbWWfyg023FCk","
> Y":"LmTlQxXB3LgZrNLmhOfMaCnDizczC/RfQ6Kx8iNwfFA"}}}}
>
> Cheers,
> Anders
>
>
> ----------------------------------------------------------------------------
> -- Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more!
> Discover the easy way to master current and previous Microsoft technologies
> and advance your career. Get an incredible 1,500+ hours of step-by-step
> tutorial videos with LearnDevNow. Subscribe today and save!
> http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk
> _______________________________________________
> Opensc-devel mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/opensc-devel


------------------------------------------------------------------------------
Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more!
Discover the easy way to master current and previous Microsoft technologies
and advance your career. Get an incredible 1,500+ hours of step-by-step
tutorial videos with LearnDevNow. Subscribe today and save!
http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Giving up on XML DSig => JSON

Anders Rundgren-2
On 2013-08-29 09:26, Mat Arge wrote:
> That's a really cool idea.
> If you somehow wnat to have this adopted as an alternative to XML-DSIG and CMS
> and ported to other languages, i think you should make a seperate project out
> of it.

Thanx Mat,
Yes, I'm considering that.  After porting KeyGen2 to JSON I will be ready with that.
In the mean-time there's some more rationale here:

https://openkeystore.googlecode.com/svn/resources/trunk/docs/Enveloped-JSON-Signatures.pdf

Cheers
Anders

>
> cheers
> Mat
>
> On Wednesday 28. August 2013 18:06:43 Anders Rundgren wrote:
>> Since Google doesn't support XSD or XML DSig in Android I began looking at
>> other alternatives. There were none :-(   Therefore I created a 2000-line
>> system that writes and reads JSON from Java. In addition, I adopted a
>> scaled-down version of XML DSig's enveloped-signatures.
>>
>> The concept of enveloped signatures have been slammed by some people due to
>> a belief that canonicalization issues will be hard. FWIW, I just wrote the
>> entire thing in just a week and I didn't find any problems all.
>>
>> <a href="https://code.google.com/p/openkeystore/source/browse/#svn%2Flibrary%2Ftrunk%">https://code.google.com/p/openkeystore/source/browse/#svn%2Flibrary%2Ftrunk%
>> 2Fsrc%2Forg%2Fwebpki%2Fjson
>>
>> It seems that I will be able to replace 200,000 lines of Apache code with
>> about 2,000 lines of custom code.
>>
>>   {
>>     "MyLittleSignature":
>>       {
>>         "Version": "http://example.com/signature",
>>         "Now": "2013-08-25T20:31:23+02:00",
>>         "HRT":
>>           {
>>             "RTl": "67",
>>             "YT":
>>               {
>>                 "HTL": "656756#",
>>                 "INTEGER": -689,
>>                 "Fantastic": false
>>               },
>>             "er": "33"
>>           },
>>         "ARR": [],
>>         "BARR":
>>           [{
>>              "HTL": "656756#",
>>              "INTEGER": -689,
>>              "Fantastic": true
>>            },
>>            {
>>              "HTL": "656756#",
>>              "INTEGER": -689,
>>              "Fantastic": false
>>            }],
>>         "ID": "ihqQONXvN5_LnmdAG7YU",
>>         "STRINGS": ["One","Two","Three"],
>>         "Intra": 78,
>>         "EnvelopedSignature":
>>           {
>>             "SignatureInfo":
>>               {
>>                 "Algorithm":
>> "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256", "Reference":
>>                   {
>>                     "Name": "ID",
>>                     "Value": "ihqQONXvN5_LnmdAG7YU"
>>                   },
>>                 "KeyInfo":
>>                   {
>>                     "PublicKey":
>>                       {
>>                         "EC":
>>                           {
>>                             "NamedCurve":
>> "http://xmlns.webpki.org/sks/algorithm#ec.p256", "X":
>> "lNxNvAUEE8t7DSQBft93LVSXxKCiVjhbWWfyg023FCk", "Y":
>> "LmTlQxXB3LgZrNLmhOfMaCnDizczC/RfQ6Kx8iNwfFA" }
>>                       }
>>                   }
>>               },
>>             "SignatureValue":
>> "MEUCIEhZtArhp8O7d1n7SRWRQcs3qePGBCrnKY8x2O3o+nvPAiEA0On5hez2EHmEwJIm/UK7Gx
>> qZeWWcaFzK9OVAhygAWVk" }
>>       }
>>   }
>>
>> Why bother with this you may wonder?  Well I can't imagine converting the
>> previous cool stuff to something yucky like JOSE's JWS:
>>
>> {
>> "message":
>> "eyJ0eXAiOibGciOiJIUzI1NiJ9.LmNvbS9pc19yb290Ijp0cnVlfQ.2K27uhbUJU1p1r_wW1gF
>> WFOEjXk" }
>>
>> Canonicalization (=removal of whitespace):
>>
>> "MyLittleSignature":{"Version":"http://example.com/signature","Now":"2013-08
>> -25T20:31:23+02:00","HRT":{"RTl":"67","YT":{"HTL":"656756#","INTEGER":-689,"
>> Fantastic":false},"er":"33"},"ARR":[],"BARR":[{"HTL":"656756#","INTEGER":-68
>> 9,"Fantastic":true},{"HTL":"656756#","INTEGER":-689,"Fantastic":false}],"ID"
>> :"ihqQONXvN5_LnmdAG7YU","STRINGS":["One","Two","Three"],"Intra":78,"Envelope
>> dSignature":{"SignatureInfo":{"Algorithm":"http://www.w3.org/2001/04/xmldsig
>> -more#ecdsa-sha256","Reference":{"Name":"ID","Value":"ihqQONXvN5_LnmdAG7YU"}
>> ,"KeyInfo":{"PublicKey":{"EC":{"NamedCurve":"http://xmlns.webpki.org/sks/alg
>> orithm#ec.p256","X":"lNxNvAUEE8t7DSQBft93LVSXxKCiVjhbWWfyg023FCk","
>> Y":"LmTlQxXB3LgZrNLmhOfMaCnDizczC/RfQ6Kx8iNwfFA"}}}}
>>
>> Cheers,
>> Anders
>>
>>
>> ----------------------------------------------------------------------------
>> -- Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more!
>> Discover the easy way to master current and previous Microsoft technologies
>> and advance your career. Get an incredible 1,500+ hours of step-by-step
>> tutorial videos with LearnDevNow. Subscribe today and save!
>> http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk
>> _______________________________________________
>> Opensc-devel mailing list
>> [hidden email]
>> https://lists.sourceforge.net/lists/listinfo/opensc-devel
>
>
> ------------------------------------------------------------------------------
> Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more!
> Discover the easy way to master current and previous Microsoft technologies
> and advance your career. Get an incredible 1,500+ hours of step-by-step
> tutorial videos with LearnDevNow. Subscribe today and save!
> http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk
> _______________________________________________
> Opensc-devel mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/opensc-devel
>


------------------------------------------------------------------------------
Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more!
Discover the easy way to master current and previous Microsoft technologies
and advance your career. Get an incredible 1,500+ hours of step-by-step
tutorial videos with LearnDevNow. Subscribe today and save!
http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel