Menu
▾
▴
opensc-devel
|
From: Anders R. <and...@gm...> - 2013-08-28 16:07:06
|
Since Google doesn't support XSD or XML DSig in Android I began looking at other alternatives. There were none :-( Therefore I created a 2000-line system that writes and reads JSON from Java. In addition, I adopted a scaled-down version of XML DSig's enveloped-signatures. The concept of enveloped signatures have been slammed by some people due to a belief that canonicalization issues will be hard. FWIW, I just wrote the entire thing in just a week and I didn't find any problems all. https://code.google.com/p/openkeystore/source/browse/#svn%2Flibrary%2Ftrunk%2Fsrc%2Forg%2Fwebpki%2Fjson It seems that I will be able to replace 200,000 lines of Apache code with about 2,000 lines of custom code. { "MyLittleSignature": { "Version": "http://example.com/signature", "Now": "2013-08-25T20:31:23+02:00", "HRT": { "RTl": "67", "YT": { "HTL": "656756#", "INTEGER": -689, "Fantastic": false }, "er": "33" }, "ARR": [], "BARR": [{ "HTL": "656756#", "INTEGER": -689, "Fantastic": true }, { "HTL": "656756#", "INTEGER": -689, "Fantastic": false }], "ID": "ihqQONXvN5_LnmdAG7YU", "STRINGS": ["One","Two","Three"], "Intra": 78, "EnvelopedSignature": { "SignatureInfo": { "Algorithm": "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256", "Reference": { "Name": "ID", "Value": "ihqQONXvN5_LnmdAG7YU" }, "KeyInfo": { "PublicKey": { "EC": { "NamedCurve": "http://xmlns.webpki.org/sks/algorithm#ec.p256", "X": "lNxNvAUEE8t7DSQBft93LVSXxKCiVjhbWWfyg023FCk", "Y": "LmTlQxXB3LgZrNLmhOfMaCnDizczC/RfQ6Kx8iNwfFA" } } } }, "SignatureValue": "MEUCIEhZtArhp8O7d1n7SRWRQcs3qePGBCrnKY8x2O3o+nvPAiEA0On5hez2EHmEwJIm/UK7GxqZeWWcaFzK9OVAhygAWVk" } } } Why bother with this you may wonder? Well I can't imagine converting the previous cool stuff to something yucky like JOSE's JWS: { "message": "eyJ0eXAiOibGciOiJIUzI1NiJ9.LmNvbS9pc19yb290Ijp0cnVlfQ.2K27uhbUJU1p1r_wW1gFWFOEjXk" } Canonicalization (=removal of whitespace): "MyLittleSignature":{"Version":"http://example.com/signature","Now":"2013-08-25T20:31:23+02:00","HRT":{"RTl":"67","YT":{"HTL":"656756#","INTEGER":-689,"Fantastic":false},"er":"33"},"ARR":[],"BARR":[{"HTL":"656756#","INTEGER":-689,"Fantastic":true},{"HTL":"656756#","INTEGER":-689,"Fantastic":false}],"ID":"ihqQONXvN5_LnmdAG7YU","STRINGS":["One","Two","Three"],"Intra":78,"EnvelopedSignature":{"SignatureInfo":{"Algorithm":"http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256","Reference":{"Name":"ID","Value":"ihqQONXvN5_LnmdAG7YU"},"KeyInfo":{"PublicKey":{"EC":{"NamedCurve":"http://xmlns.webpki.org/sks/algorithm#ec.p256","X":"lNxNvAUEE8t7DSQBft93LVSXxKCiVjhbWWfyg023FCk"," Y":"LmTlQxXB3LgZrNLmhOfMaCnDizczC/RfQ6Kx8iNwfFA"}}}} Cheers, Anders |
|
From: Mat A. <arg...@gm...> - 2013-08-29 07:26:57
|
That's a really cool idea. If you somehow wnat to have this adopted as an alternative to XML-DSIG and CMS and ported to other languages, i think you should make a seperate project out of it. cheers Mat On Wednesday 28. August 2013 18:06:43 Anders Rundgren wrote: > Since Google doesn't support XSD or XML DSig in Android I began looking at > other alternatives. There were none :-( Therefore I created a 2000-line > system that writes and reads JSON from Java. In addition, I adopted a > scaled-down version of XML DSig's enveloped-signatures. > > The concept of enveloped signatures have been slammed by some people due to > a belief that canonicalization issues will be hard. FWIW, I just wrote the > entire thing in just a week and I didn't find any problems all. > > https://code.google.com/p/openkeystore/source/browse/#svn%2Flibrary%2Ftrunk% > 2Fsrc%2Forg%2Fwebpki%2Fjson > > It seems that I will be able to replace 200,000 lines of Apache code with > about 2,000 lines of custom code. > > { > "MyLittleSignature": > { > "Version": "http://example.com/signature", > "Now": "2013-08-25T20:31:23+02:00", > "HRT": > { > "RTl": "67", > "YT": > { > "HTL": "656756#", > "INTEGER": -689, > "Fantastic": false > }, > "er": "33" > }, > "ARR": [], > "BARR": > [{ > "HTL": "656756#", > "INTEGER": -689, > "Fantastic": true > }, > { > "HTL": "656756#", > "INTEGER": -689, > "Fantastic": false > }], > "ID": "ihqQONXvN5_LnmdAG7YU", > "STRINGS": ["One","Two","Three"], > "Intra": 78, > "EnvelopedSignature": > { > "SignatureInfo": > { > "Algorithm": > "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256", "Reference": > { > "Name": "ID", > "Value": "ihqQONXvN5_LnmdAG7YU" > }, > "KeyInfo": > { > "PublicKey": > { > "EC": > { > "NamedCurve": > "http://xmlns.webpki.org/sks/algorithm#ec.p256", "X": > "lNxNvAUEE8t7DSQBft93LVSXxKCiVjhbWWfyg023FCk", "Y": > "LmTlQxXB3LgZrNLmhOfMaCnDizczC/RfQ6Kx8iNwfFA" } > } > } > }, > "SignatureValue": > "MEUCIEhZtArhp8O7d1n7SRWRQcs3qePGBCrnKY8x2O3o+nvPAiEA0On5hez2EHmEwJIm/UK7Gx > qZeWWcaFzK9OVAhygAWVk" } > } > } > > Why bother with this you may wonder? Well I can't imagine converting the > previous cool stuff to something yucky like JOSE's JWS: > > { > "message": > "eyJ0eXAiOibGciOiJIUzI1NiJ9.LmNvbS9pc19yb290Ijp0cnVlfQ.2K27uhbUJU1p1r_wW1gF > WFOEjXk" } > > Canonicalization (=removal of whitespace): > > "MyLittleSignature":{"Version":"http://example.com/signature","Now":"2013-08 > -25T20:31:23+02:00","HRT":{"RTl":"67","YT":{"HTL":"656756#","INTEGER":-689," > Fantastic":false},"er":"33"},"ARR":[],"BARR":[{"HTL":"656756#","INTEGER":-68 > 9,"Fantastic":true},{"HTL":"656756#","INTEGER":-689,"Fantastic":false}],"ID" > :"ihqQONXvN5_LnmdAG7YU","STRINGS":["One","Two","Three"],"Intra":78,"Envelope > dSignature":{"SignatureInfo":{"Algorithm":"http://www.w3.org/2001/04/xmldsig > -more#ecdsa-sha256","Reference":{"Name":"ID","Value":"ihqQONXvN5_LnmdAG7YU"} > ,"KeyInfo":{"PublicKey":{"EC":{"NamedCurve":"http://xmlns.webpki.org/sks/alg > orithm#ec.p256","X":"lNxNvAUEE8t7DSQBft93LVSXxKCiVjhbWWfyg023FCk"," > Y":"LmTlQxXB3LgZrNLmhOfMaCnDizczC/RfQ6Kx8iNwfFA"}}}} > > Cheers, > Anders > > > ---------------------------------------------------------------------------- > -- Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! > Discover the easy way to master current and previous Microsoft technologies > and advance your career. Get an incredible 1,500+ hours of step-by-step > tutorial videos with LearnDevNow. Subscribe today and save! > http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk > _______________________________________________ > Opensc-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/opensc-devel |
|
From: Anders R. <and...@gm...> - 2013-08-29 07:31:51
|
On 2013-08-29 09:26, Mat Arge wrote: > That's a really cool idea. > If you somehow wnat to have this adopted as an alternative to XML-DSIG and CMS > and ported to other languages, i think you should make a seperate project out > of it. Thanx Mat, Yes, I'm considering that. After porting KeyGen2 to JSON I will be ready with that. In the mean-time there's some more rationale here: https://openkeystore.googlecode.com/svn/resources/trunk/docs/Enveloped-JSON-Signatures.pdf Cheers Anders > > cheers > Mat > > On Wednesday 28. August 2013 18:06:43 Anders Rundgren wrote: >> Since Google doesn't support XSD or XML DSig in Android I began looking at >> other alternatives. There were none :-( Therefore I created a 2000-line >> system that writes and reads JSON from Java. In addition, I adopted a >> scaled-down version of XML DSig's enveloped-signatures. >> >> The concept of enveloped signatures have been slammed by some people due to >> a belief that canonicalization issues will be hard. FWIW, I just wrote the >> entire thing in just a week and I didn't find any problems all. >> >> https://code.google.com/p/openkeystore/source/browse/#svn%2Flibrary%2Ftrunk% >> 2Fsrc%2Forg%2Fwebpki%2Fjson >> >> It seems that I will be able to replace 200,000 lines of Apache code with >> about 2,000 lines of custom code. >> >> { >> "MyLittleSignature": >> { >> "Version": "http://example.com/signature", >> "Now": "2013-08-25T20:31:23+02:00", >> "HRT": >> { >> "RTl": "67", >> "YT": >> { >> "HTL": "656756#", >> "INTEGER": -689, >> "Fantastic": false >> }, >> "er": "33" >> }, >> "ARR": [], >> "BARR": >> [{ >> "HTL": "656756#", >> "INTEGER": -689, >> "Fantastic": true >> }, >> { >> "HTL": "656756#", >> "INTEGER": -689, >> "Fantastic": false >> }], >> "ID": "ihqQONXvN5_LnmdAG7YU", >> "STRINGS": ["One","Two","Three"], >> "Intra": 78, >> "EnvelopedSignature": >> { >> "SignatureInfo": >> { >> "Algorithm": >> "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256", "Reference": >> { >> "Name": "ID", >> "Value": "ihqQONXvN5_LnmdAG7YU" >> }, >> "KeyInfo": >> { >> "PublicKey": >> { >> "EC": >> { >> "NamedCurve": >> "http://xmlns.webpki.org/sks/algorithm#ec.p256", "X": >> "lNxNvAUEE8t7DSQBft93LVSXxKCiVjhbWWfyg023FCk", "Y": >> "LmTlQxXB3LgZrNLmhOfMaCnDizczC/RfQ6Kx8iNwfFA" } >> } >> } >> }, >> "SignatureValue": >> "MEUCIEhZtArhp8O7d1n7SRWRQcs3qePGBCrnKY8x2O3o+nvPAiEA0On5hez2EHmEwJIm/UK7Gx >> qZeWWcaFzK9OVAhygAWVk" } >> } >> } >> >> Why bother with this you may wonder? Well I can't imagine converting the >> previous cool stuff to something yucky like JOSE's JWS: >> >> { >> "message": >> "eyJ0eXAiOibGciOiJIUzI1NiJ9.LmNvbS9pc19yb290Ijp0cnVlfQ.2K27uhbUJU1p1r_wW1gF >> WFOEjXk" } >> >> Canonicalization (=removal of whitespace): >> >> "MyLittleSignature":{"Version":"http://example.com/signature","Now":"2013-08 >> -25T20:31:23+02:00","HRT":{"RTl":"67","YT":{"HTL":"656756#","INTEGER":-689," >> Fantastic":false},"er":"33"},"ARR":[],"BARR":[{"HTL":"656756#","INTEGER":-68 >> 9,"Fantastic":true},{"HTL":"656756#","INTEGER":-689,"Fantastic":false}],"ID" >> :"ihqQONXvN5_LnmdAG7YU","STRINGS":["One","Two","Three"],"Intra":78,"Envelope >> dSignature":{"SignatureInfo":{"Algorithm":"http://www.w3.org/2001/04/xmldsig >> -more#ecdsa-sha256","Reference":{"Name":"ID","Value":"ihqQONXvN5_LnmdAG7YU"} >> ,"KeyInfo":{"PublicKey":{"EC":{"NamedCurve":"http://xmlns.webpki.org/sks/alg >> orithm#ec.p256","X":"lNxNvAUEE8t7DSQBft93LVSXxKCiVjhbWWfyg023FCk"," >> Y":"LmTlQxXB3LgZrNLmhOfMaCnDizczC/RfQ6Kx8iNwfFA"}}}} >> >> Cheers, >> Anders >> >> >> ---------------------------------------------------------------------------- >> -- Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! >> Discover the easy way to master current and previous Microsoft technologies >> and advance your career. Get an incredible 1,500+ hours of step-by-step >> tutorial videos with LearnDevNow. Subscribe today and save! >> http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk >> _______________________________________________ >> Opensc-devel mailing list >> Ope...@li... >> https://lists.sourceforge.net/lists/listinfo/opensc-devel > > > ------------------------------------------------------------------------------ > Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! > Discover the easy way to master current and previous Microsoft technologies > and advance your career. Get an incredible 1,500+ hours of step-by-step > tutorial videos with LearnDevNow. Subscribe today and save! > http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk > _______________________________________________ > Opensc-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/opensc-devel > |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X