DigestMethod | |||
URI | specified by | employed JCA/JCE Algorithm | |
http://www.w3.org/2000/09/xmldsig#sha1 | XML-Signature Syntax and Processing | MessageDigest.SHA1 | |
http://www.w3.org/2001/04/xmlenc#sha256 | XML Encryption Syntax and Processing | MessageDigest.SHA256 | |
http://www.w3.org/2001/04/xmlenc#sha512 | XML Encryption Syntax and Processing | MessageDigest.SHA512 | |
http://www.w3.org/2001/04/xmlenc#ripemd160 | XML Encryption Syntax and Processing | MessageDigest.RIPEMD160 | |
http://www.w3.org/2001/04/xmldsig-more#md5 | RFC4051 section 2.1.1 | MessageDigest.MD5 | |
http://www.w3.org/2001/04/xmldsig-more#sha224 | RFC4051 section 2.1.2 | MessageDigest.SHA224 | |
http://www.w3.org/2001/04/xmldsig-more#sha384 | RFC4051 section 2.1.3 | MessageDigest.SHA384 | |
http://www.w3.org/2007/05/xmldsig-more#sha3-224 | RFC6931 section 2.1.5 | MessageDigest.SHA3-224 | http://www.w3.org/2007/05/xmldsig-more#sha3-256 | RFC6931 section 2.1.5 | MessageDigest.SHA3-256 | http://www.w3.org/2007/05/xmldsig-more#sha3-384 | RFC6931 section 2.1.5 | MessageDigest.SHA3-384 | http://www.w3.org/2007/05/xmldsig-more#sha3-512 | RFC6931 section 2.1.5 | MessageDigest.SHA3-512 |
SignatureMethod | |||
URI | specified by | employed JCA/JCE Algorithm | |
http://www.w3.org/2000/09/xmldsig#dsa-sha1 | XML-Signature Syntax and Processing | Signature.DSA | |
http://www.w3.org/2000/09/xmldsig#rsa-sha1 | XML-Signature Syntax and Processing | Signature.SHA1withRSA | |
http://www.w3.org/2000/09/xmldsig#hmac-sha1 | XML-Signature Syntax and Processing | Mac.HMAC/SHA | |
http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 | RFC4051 section 2.3.2 | Signature.SHA256withRSA | |
http://www.w3.org/2001/04/xmldsig-more#rsa-sha384 | RFC4051 section 2.3.3 | Signature.SHA384withRSA | |
http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 | RFC4051 section 2.3.4 | Signature.SHA512withRSA | |
http://www.w3.org/2001/04/xmldsig-more#rsa-md5 | RFC4051 section 2.3.1 | Signature.MD5withRSA | |
http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160 | RFC4051 section 2.3.5 | Signature.RIPEMD160withRSA | |
http://www.w3.org/2001/04/xmldsig-more#hmac-sha224 | RFC4051 section 2.2.2 | Mac.HmacSHA224 | |
http://www.w3.org/2001/04/xmldsig-more#hmac-sha256 | RFC4051 section 2.2.2 | Mac.HmacSHA256 | |
http://www.w3.org/2001/04/xmldsig-more#hmac-sha384 | RFC4051 section 2.2.2 | Mac.HmacSHA384 | |
http://www.w3.org/2001/04/xmldsig-more#hmac-sha512 | RFC4051 section 2.2.2 | Mac.HmacSHA512 | |
http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160 | RFC4051 section 2.2.3 | Mac.HmacRipeMd160 | |
http://www.w3.org/2001/04/xmldsig-more#hmac-md5 | RFC4051 section 2.2.1 | Mac.HmacMD5 | |
http://www.w3.org/2007/05/xmldsig-more#rsa-pss | RFC6931 section 2.3.9 | Signature.RSASSA-PSS | |
http://www.w3.org/2007/05/xmldsig-more#md2-rsa-MGF1 | RFC6931 section 2.3.10 | Signature.MD2withRSAandMGF1 | |
http://www.w3.org/2007/05/xmldsig-more#md5-rsa-MGF1 | RFC6931 section 2.3.10 | Signature.MD5withRSAandMGF1 | |
http://www.w3.org/2007/05/xmldsig-more#sha1-rsa-MGF1 | RFC6931 section 2.3.10 | Signature.SHA1withRSAandMGF1 | |
http://www.w3.org/2007/05/xmldsig-more#sha224-rsa-MGF1 | RFC6931 section 2.3.10 | Signature.SHA224withRSAandMGF1 | |
http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1 | RFC6931 section 2.3.10 | Signature.SHA256withRSAandMGF1 | |
http://www.w3.org/2007/05/xmldsig-more#sha384-rsa-MGF1 | RFC6931 section 2.3.10 | Signature.SHA384withRSAandMGF1 | |
http://www.w3.org/2007/05/xmldsig-more#sha512-rsa-MGF1 | RFC6931 section 2.3.10 | Signature.SHA512withRSAandMGF1 | |
http://www.w3.org/2007/05/xmldsig-more#ripemd128-rsa-MGF1 | RFC6931 section 2.3.10 | Signature.RIPEMD128withRSAandMGF1 | |
http://www.w3.org/2007/05/xmldsig-more#ripemd160-rsa-MGF1 | RFC6931 section 2.3.10 | Signature.RIPEMD160withRSAandMGF1 | |
http://www.w3.org/2007/05/xmldsig-more#whirlpool-rsa-MGF1 | RFC6931 section 2.3.10 | Signature.WHIRLPOOLwithRSAandMGF1 | |
http://www.w3.org/2007/05/xmldsig-more#sha3-224-rsa-MGF1 | RFC6931 section 2.3.10 | Signature.SHA3-224withRSAandMGF1 | |
http://www.w3.org/2007/05/xmldsig-more#sha3-256-rsa-MGF1 | RFC6931 section 2.3.10 | Signature.SHA3-256withRSAandMGF1 | |
http://www.w3.org/2007/05/xmldsig-more#sha3-384-rsa-MGF1 | RFC6931 section 2.3.10 | Signature.SHA3-384withRSAandMGF1 | |
http://www.w3.org/2007/05/xmldsig-more#sha3-512-rsa-MGF1 | RFC6931 section 2.3.10 | Signature.SHA3-512withRSAandMGF1 | SignatureMethod requiring the IAIK ECC library (ECCelerate) |
http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1 | RFC4051 section 2.3.6 | Signature.ECDSA | |
http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha224 | RFC4051 section 2.3.6 | Signature.SHA224withECDSA | |
http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256 | RFC4051 section 2.3.6 | Signature.SHA256withECDSA | |
http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384 | RFC4051 section 2.3.6 | Signature.SHA384withECDSA | |
http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512 | RFC4051 section 2.3.6 | Signature.SHA512withECDSA | |
http://www.w3.org/2007/05/xmldsig-more#ecdsa-ripemd160 | INTERNET-DRAFT which will likely obsolete RCF4051 |
Signature.RIPEMD160withECDSA | |
EncryptionMethod | |||
URI | specified by | employed JCA/JCE Algorithm | |
http://www.w3.org/2001/04/xmlenc#tripledes-cbc | XML Encryption Syntax and Processing | Cipher.DESede/CBC/ISO10126Padding | |
http://www.w3.org/2001/04/xmlenc#aes128-cbc | XML Encryption Syntax and Processing | Cipher.AES/CBC/ISO10126Padding | |
http://www.w3.org/2001/04/xmlenc#aes192-cbc | XML Encryption Syntax and Processing | Cipher.AES/CBC/ISO10126Padding | |
http://www.w3.org/2001/04/xmlenc#aes256-cbc | XML Encryption Syntax and Processing | Cipher.AES/CBC/ISO10126Padding | |
http://www.w3.org/2001/04/xmlenc#rsa-1_5 | XML Encryption Syntax and Processing | Cipher.RSA | |
http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p | XML Encryption Syntax and Processing | Cipher.RSA/ECB/OAEP | |
http://www.w3.org/2001/04/xmlenc#kw-tripledes | XML Encryption Syntax and Processing | Cipher.DESede/CBC/NoPadding | |
http://www.w3.org/2001/04/xmlenc#kw-aes128 | XML Encryption Syntax and Processing | Cipher.AES/ECB/NoPadding | |
http://www.w3.org/2001/04/xmlenc#kw-aes192 | XML Encryption Syntax and Processing | Cipher.AES/ECB/NoPadding | |
http://www.w3.org/2001/04/xmlenc#kw-aes256 | XML Encryption Syntax and Processing | Cipher.AES/ECB/NoPadding | |
http://www.w3.org/2001/04/xmldsig-more#arcfour | RFC4051 section 2.6.1 | Cipher.ARCFOUR/ECB/NoPadding | |
http://www.w3.org/2001/04/xmldsig-more#camellia128-cbc | RFC4051 section 2.6.2 | Cipher.Camellia/CBC/ISO10126Padding | |
http://www.w3.org/2001/04/xmldsig-more#camellia192-cbc | RFC4051 section 2.6.2 | Cipher.Camellia/CBC/ISO10126Padding | |
http://www.w3.org/2001/04/xmldsig-more#camellia256-cbc | RFC4051 section 2.6.2 | Cipher.Camellia/CBC/ISO10126Padding | |
http://www.w3.org/2001/04/xmldsig-more#kw-camellia128-cbc | RFC4051 section 2.6.3 | Cipher.Camellia/ECB/NoPadding | |
http://www.w3.org/2001/04/xmldsig-more#kw-camellia192-cbc | RFC4051 section 2.6.3 | Cipher.Camellia/ECB/NoPadding | |
http://www.w3.org/2001/04/xmldsig-more#kw-camellia256-cbc | RFC4051 section 2.6.3 | Cipher.Camellia/ECB/NoPadding | |
Transform | |||
URI | specified by | employed JCA/JCE Algorithm | |
http://www.w3.org/2000/09/xmldsig#base64 | XML-Signature Syntax and Processing | – | |
http://www.w3.org/2000/09/xmldsig#enveloped-signature | XML-Signature Syntax and Processing | – | |
http://www.w3.org/TR/1999/REC-xpath-19991116 | XML-Signature Syntax and Processing | – | |
http://www.w3.org/TR/1999/REC-xslt-19991116 | XML-Signature Syntax and Processing | – | |
http://www.w3.org/2002/06/xmldsig-filter2 | XML-Signature XPath Filter 2.0 | – | |
CanonicalizationMethod
(can also be used as Transform) |
|||
URI | specified by | employed JCA/JCE Algorithm | |
http://www.w3.org/TR/2001/REC-xml-c14n-20010315 | XML-Signature Syntax and Processing | – | |
http://www.w3.org/TR/2001/REC-xml-c14n-20010315 #WithComments |
XML-Signature Syntax and Processing | – | |
http://www.w3.org/2001/10/xml-exc-c14n# | Exclusive XML Canonicalization | – | |
http://www.w3.org/2001/10/xml-exc-c14n#WithComments | Exclusive XML Canonicalization | – | |
http://www.w3.org/2006/12/xml-c14n11 (Experimental) | XML-Signature Syntax and Processing section 6.5.2 | – | |
http://www.w3.org/2006/12/xml-c14n11#WithComments (Experimental) | XML-Signature Syntax and Processing section 6.5.2 | – |
XSECT supports all required and many optional algorithms of XML-Signature Syntax and Processing (XMLDSig) and XML Encryption Syntax and Processing (XMLEnc). In addition it supports many of the algorithms specified in RFC4051 and RSA-PSS (with and without parameters) from RFC6931. For a complete list of supported algorithms see features.
XSECT supports all Java™ versions since JDK 1.2.1 and has been successfully tested with JDK 1.2.1, JDK 1.3.1, JDK 1.4.2, JDK 1.5.0, JDK 1.6.0, JDK 1.7.0, JDK 1.8.0.
On July 12th 2007 Bradly Hill from iSEC Partners (http://isecpartners.com/ ) published a command injection attack in the context of XML Signature and Encryption:
http://www.isecpartners.com/files/XMLDSIG_Command_Injection.pdf
Brad Hill made a draft of his paper available to SIC/IAIK end of February 2007 (thanks to Brad), so that SIC/IAIK was able to develop countermeasures against this attack and release a patch version of its XML Security Toolkit XSECT end of March 2007. Immediately after this release IAIK informed all customers concerned. Now – after Brad Hill has officially published his paper – we can make our customer notification available to the public audience:
We have been informed about a critical attack regarding XLST processing. We examined the Xalan stylesheet processor in its default configuration and found that applications based on this library may be vulnerable to this attack, which may allow execution of arbitrary code. Versions 1.10 and higher of our XSECT library contain countermeasures to block this kind of attack in the context of XML Signature and Encryption. Please note that the problem is NOT located in the XSECT library. Any application that uses Xalan for stylesheet transformations may be affected. Besides the upgrade of XSECT, we highly recommend a review of any Xalan-based application.
On request, customers of the older IXSIL library can also get a maintenance release that contains similar countermeasures.
It is advisable to fix vulnerable applications as soon as possible. Inside stylesheet transformations, Apache Xalan supports certain non-standard extensions of the stylesheet language. The support for these extensions is enabled by default. Applications that use stylesheets from unknown sources may be vulnerable to this attack. An attacker who can trick an application to process a chosen stylesheet can execute arbitrary code with the rights of the application containing Xalan. Applications that create or verify XML signatures with stylesheet transformations in their references, e.g. to transform XML data into HTML text, can be susceptible. An attacker may send an XML signature to a service that automatically verifies the signature. During verification it may execute any included stylesheets. This stylesheet, however, can include arbitrary code that Apache Xalan will execute. Newer versions of Apache Xalan allow disabling these extension features as a countermeasure. XSECT version 1.10 disables these extensions in newer versions of Xalan and includes additional countermeasures for older versions of Xalan.
The following demo is to show the use of the ECDSA in XMLDSIG and was created in reply to a newsgroup posting.
The following demo is to show the use of the URIDereferencer, and how to work without a URI inside and was created in reply to a newsgroup posting.
You will have to download the evaluation versions of IAIK’s JCE and XSECT and copy the following jar files into the same directory as the demo jar file.
Then run java -jar XSECT-Demo-NG20060713.jar , to get debug output you can also create a debug.flag file in the same directory by typing ‘echo “”
> debug.flag’ on your command line and then run the demo again.
Online Javadoc for XSECT.
Class or Package | Bug / Change / New Feature | Description and Examples |
---|---|---|
NF | Added SHA3 digest and SHA3 based RSA PSS signature algorithms according to RFC 6931 (Additional XML Security Uniform Resource Identifiers). |
Class or Package | Bug / Change / New Feature | Description and Examples |
---|---|---|
NF | Provides a special version of iaik_xsect.jar allowing to use unlimited strength cryptography also if only the default jurisdiction policy files are installed (to may be used in countries with no restrictions of key sizes) |
|
NF | Corresponding IAIK XAdES library: 2.13 |
Class or Package | Bug / Change / New Feature | Description and Examples |
---|---|---|
NF, C | jar files are signed with old (for supporting old DSA JCE code signing CA) and new (for supporting new RSA JCE code signing CA) IAIK-JCE provider certificates. The new certificate provides a stronger protection (SHA256withRSA) than the old one (SHA1withDSA). The new JCE code signing CA is effective for Java versions 8u121, 7u131, 6u141 upwards. To support other (former) Java versions the jar files must be signed with the old provider certificate, too. |
|
iaik.xml.crypto.dom.DOMCryptoContext | NF | Added new property “iaik.xml.crypto.utils.DOMUtils.parse.XercesSecurityManager” for passing a XERCES Security Manager to be used by the parser. |
iaik.xml.crypto.dsig.keyinfo.EccelerateDSAKeyValueImpl | B | Marshaling and unmarshaling of ECDSAKeyVAlue failed if domain parameters were explicit encoded. |
iaik.xml.crypto.dsig.keyinfo.KeyValueImpl | B | Fixed error on setting public key via constructor when old IAIK EC library is used. |
NF | Added support for IAIK Eccelerate >= 4.0 |
|
NF | Corresponding IAIK XAdES library: 2.12 |
Class or Package | Bug / Change / New Feature | Description and Examples |
---|---|---|
NF | XSECT version to be used with IAIK XAdES ETSI_EN_319_132v1.1.0 library |
|
For older versions please see the version history included in the XSECT distribution. |