ds:SignatureType

最新推荐文章于 2024-01-25 00:37:58 发布

miaouu

最新推荐文章于 2024-01-25 00:37:58 发布

阅读量560

点赞数

分类专栏： drm 文章标签： reference object validation generation algorithm application

本文链接：https://blog.csdn.net/miaouu/article/details/5857730

版权

drm 专栏收录该内容

20 篇文章 0 订阅

订阅专栏

ds:SignatureType的定义，在规范rfc3275中。

1、定义
<element name="Signature" type="ds:SignatureType"/> <complexType name="SignatureType"> <sequence> <element ref="ds:SignedInfo"/> <element ref="ds:SignatureValue"/> <element ref="ds:KeyInfo" minOccurs="0"/> <element ref="ds:Object" minOccurs="0" maxOccurs="unbounded"/> </sequence> <attribute name="Id" type="ID" use="optional"/> </complexType> <element name="SignedInfo" type="ds:SignedInfoType"/> <complexType name="SignedInfoType"> <sequence> <element ref="ds:CanonicalizationMethod"/> <element ref="ds:SignatureMethod"/> <element ref="ds:Reference" maxOccurs="unbounded"/> </sequence> <attribute name="Id" type="ID" use="optional"/> </complexType> <element name="Reference" type="ds:ReferenceType"/> <complexType name="ReferenceType"> <sequence> <element ref="ds:Transforms" minOccurs="0"/> <element ref="ds:DigestMethod"/> <element ref="ds:DigestValue"/> </sequence> <attribute name="Id" type="ID" use="optional"/> <attribute name="URI" type="anyURI" use="optional"/> <attribute name="Type" type="anyURI" use="optional"/> </complexType>

2、Core Generation
      Refrence：
      1. Apply the Transforms, as determined by the application, to the data object.
      2. Calculate the digest value over the resulting data object.
      3. Create a Reference element, including the (optional) identification of the data object, any (optional) transform elements, the digest algorithm and the DigestValue.
      简述之：用Transforms对data objects进行转换，对转换后的obj用DigestMethod计算其digest；将objId、transforms、DigestMethod、digest构成refrence。

      Signature：
      1. Create SignedInfo element with SignatureMethod, CanonicalizationMethod and Reference(s).
      2. Canonicalize and then calculate the SignatureValue over SignedInfo based on algorithms specified in SignedInfo.
      3. Construct the Signature element that includes SignedInfo, Object(s) (if desired, encoding may be different than that used for signing), KeyInfo (if required), and SignatureValue.
      简述之：构造SignedInfo，对SignedInfo进行canonicalize再计算SignatureValue；将SignedInfo、Objects(不同于object data)、KeyInfo、SignatureValue构成signature element。

总结：CanonicalizationMethod是作用于SignedInfo的；SignatureMethod是用canonicalize后的SignedInfo计算SignatureValue的；Transforms是转换object data的算法；DigestMethod是用transform后的obj data计算DigestValue的；

3、Core Validation
      Reference:
      1. Canonicalize the SignedInfo element based on the CanonicalizationMethod in SignedInfo.
      2. For each Reference in SignedInfo:
            2.1 Obtain the data object to be digested. (通过URI得到Obj，然后进行转换)
            2.2 Digest the resulting data object using the DigestMethod specified in its Reference specification.
            2.3 Compare the generated digest value against DigestValue in the SignedInfo Reference.
      简述之：先对SignedInfo进行Canonicalize，这个不懂，应该是为下面的Signature作准备；通过URI得到Object data，对其进行transform，再计算其digest，跟reference中的DigestValue进行比较。

      Signature：
      1. Obtain the keying information from KeyInfo or from an external source.
      2. Obtain the canonical form of the SignatureMethod using the CanonicalizationMethod and use the result (and previously obtained KeyInfo) to confirm the SignatureValue over the SignedInfo element.
      简述之：得到keying information，其可能在KeyInfo element也可能从外部得到；用keying infor、SignatureMethod、SignedInfo element验证SignatureValue。

总结：Canonicalize感觉用的很乱。