Re: [Opensc-devel] Giving up on XML DSig => JSON

[Anders R. <and...@gm...>]

On 2013-08-29 09:26, Mat Arge wrote:
> That's a really cool idea.
> If you somehow wnat to have this adopted as an alternative to XML-DSIG and CMS 
> and ported to other languages, i think you should make a seperate project out 
> of it.

Thanx Mat,
Yes, I'm considering that.  After porting KeyGen2 to JSON I will be ready with that.
In the mean-time there's some more rationale here:

https://openkeystore.googlecode.com/svn/resources/trunk/docs/Enveloped-JSON-Signatures.pdf

Cheers
Anders

> 
> cheers
> Mat
> 
> On Wednesday 28. August 2013 18:06:43 Anders Rundgren wrote:
>> Since Google doesn't support XSD or XML DSig in Android I began looking at
>> other alternatives. There were none :-(   Therefore I created a 2000-line
>> system that writes and reads JSON from Java. In addition, I adopted a
>> scaled-down version of XML DSig's enveloped-signatures.
>>
>> The concept of enveloped signatures have been slammed by some people due to
>> a belief that canonicalization issues will be hard. FWIW, I just wrote the
>> entire thing in just a week and I didn't find any problems all.
>>
>> https://code.google.com/p/openkeystore/source/browse/#svn%2Flibrary%2Ftrunk%
>> 2Fsrc%2Forg%2Fwebpki%2Fjson
>>
>> It seems that I will be able to replace 200,000 lines of Apache code with
>> about 2,000 lines of custom code.
>>
>>   {
>>     "MyLittleSignature":
>>       {
>>         "Version": "http://example.com/signature",
>>         "Now": "2013-08-25T20:31:23+02:00",
>>         "HRT":
>>           {
>>             "RTl": "67",
>>             "YT":
>>               {
>>                 "HTL": "656756#",
>>                 "INTEGER": -689,
>>                 "Fantastic": false
>>               },
>>             "er": "33"
>>           },
>>         "ARR": [],
>>         "BARR":
>>           [{
>>              "HTL": "656756#",
>>              "INTEGER": -689,
>>              "Fantastic": true
>>            },
>>            {
>>              "HTL": "656756#",
>>              "INTEGER": -689,
>>              "Fantastic": false
>>            }],
>>         "ID": "ihqQONXvN5_LnmdAG7YU",
>>         "STRINGS": ["One","Two","Three"],
>>         "Intra": 78,
>>         "EnvelopedSignature":
>>           {
>>             "SignatureInfo":
>>               {
>>                 "Algorithm":
>> "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256", "Reference":
>>                   {
>>                     "Name": "ID",
>>                     "Value": "ihqQONXvN5_LnmdAG7YU"
>>                   },
>>                 "KeyInfo":
>>                   {
>>                     "PublicKey":
>>                       {
>>                         "EC":
>>                           {
>>                             "NamedCurve":
>> "http://xmlns.webpki.org/sks/algorithm#ec.p256", "X":
>> "lNxNvAUEE8t7DSQBft93LVSXxKCiVjhbWWfyg023FCk", "Y":
>> "LmTlQxXB3LgZrNLmhOfMaCnDizczC/RfQ6Kx8iNwfFA" }
>>                       }
>>                   }
>>               },
>>             "SignatureValue":
>> "MEUCIEhZtArhp8O7d1n7SRWRQcs3qePGBCrnKY8x2O3o+nvPAiEA0On5hez2EHmEwJIm/UK7Gx
>> qZeWWcaFzK9OVAhygAWVk" }
>>       }
>>   }
>>
>> Why bother with this you may wonder?  Well I can't imagine converting the
>> previous cool stuff to something yucky like JOSE's JWS:
>>
>> {
>> "message":
>> "eyJ0eXAiOibGciOiJIUzI1NiJ9.LmNvbS9pc19yb290Ijp0cnVlfQ.2K27uhbUJU1p1r_wW1gF
>> WFOEjXk" }
>>
>> Canonicalization (=removal of whitespace):
>>
>> "MyLittleSignature":{"Version":"http://example.com/signature","Now":"2013-08
>> -25T20:31:23+02:00","HRT":{"RTl":"67","YT":{"HTL":"656756#","INTEGER":-689,"
>> Fantastic":false},"er":"33"},"ARR":[],"BARR":[{"HTL":"656756#","INTEGER":-68
>> 9,"Fantastic":true},{"HTL":"656756#","INTEGER":-689,"Fantastic":false}],"ID"
>> :"ihqQONXvN5_LnmdAG7YU","STRINGS":["One","Two","Three"],"Intra":78,"Envelope
>> dSignature":{"SignatureInfo":{"Algorithm":"http://www.w3.org/2001/04/xmldsig
>> -more#ecdsa-sha256","Reference":{"Name":"ID","Value":"ihqQONXvN5_LnmdAG7YU"}
>> ,"KeyInfo":{"PublicKey":{"EC":{"NamedCurve":"http://xmlns.webpki.org/sks/alg
>> orithm#ec.p256","X":"lNxNvAUEE8t7DSQBft93LVSXxKCiVjhbWWfyg023FCk","
>> Y":"LmTlQxXB3LgZrNLmhOfMaCnDizczC/RfQ6Kx8iNwfFA"}}}}
>>
>> Cheers,
>> Anders
>>
>>
>> ----------------------------------------------------------------------------
>> -- Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more!
>> Discover the easy way to master current and previous Microsoft technologies
>> and advance your career. Get an incredible 1,500+ hours of step-by-step
>> tutorial videos with LearnDevNow. Subscribe today and save!
>> http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk
>> _______________________________________________
>> Opensc-devel mailing list
>> Ope...@li...
>> https://lists.sourceforge.net/lists/listinfo/opensc-devel
> 
> 
> ------------------------------------------------------------------------------
> Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more!
> Discover the easy way to master current and previous Microsoft technologies
> and advance your career. Get an incredible 1,500+ hours of step-by-step
> tutorial videos with LearnDevNow. Subscribe today and save!
> http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk
> _______________________________________________
> Opensc-devel mailing list
> Ope...@li...
> https://lists.sourceforge.net/lists/listinfo/opensc-devel
>