Abstract
The digital signature is one of the most important cryptographic primitives. It provides data integrity, message authentication and non-repudiation, which are required attributes in security critical services, such as electronic commerce, voting or health care. Whereas previous data formats for digital signatures concentrated on signing the entire document, the XML signature standard is feasible to secure complex workflows on a document with multiple signatures.
In a proof of concept implementation we demonstrate that verifying and trustworthily displaying of signed documents is realizable in standard Web browsers. The focus of our work are multisigned XML documents that introduce new requirements particularly in the field of presentation.
Chapter PDF
References
Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1996)
European Parliament and Council: Directive 1999/93/ec of the european parliament and of the council of 13 december 1999 on a community framework for electronic signatures. Official Journal of the European Communities (2000)
The W3C: XML-Signature Syntax and Processing, W3C Recommendation (2002), http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/
The W3C: XSL Transformations (XSLT), W3C Recommendation, Version 1.0 (1999), http://www.w3.org/TR/1999/REC-xslt-19991116
The Apache Software Foundation: Apache XML Security API, Version 1.1.0 (2004), http://xml.apache.org/security
Pordesch, U.: Die elektronische Form und das Präsentationsproblem. Nomos Verlagsgesellschaft (2002)
Weber, A.: See what you sign: Secure Implementations of Digital Signatures. In: International Conference on Intelligence and Services in Networks (1998)
Scheibelhofer, K.: What You See Is What You Sign - Trustworthy Display of XML Documents for Signing and Verification. In: Communications and Multimedia Security (2001)
Spalka, A., Cremers, A., Langweg, H.: The fairy tale of ‘what you see is what you sign‘ - Trojan Horse Attacks on Software for Digital Signature. In: IFIP WG 9.6/11.7 Working Conference (2001)
Kain, K., Smith, S., Asokan, R.: Digital Signatures and Electronic Documents: A Cautionary Tale. In: Communications and Multimedia Security (2002)
Callas, J., Donnerhacke, L., Finney, H., Thayer, R.: OpenPGP Message Format. Network Working Group (1998) Request for Comment 2440
Hoffman, P.: Enhanced Security Services for S/MIME. Network Working Group (1999) Request for Comment 2634
Housley, R.: Cryptographic Message Syntax. Network Working Group (1999) Request for Comments 2630
Kaliski, B.: PKCS #7: Cryptographic Message Syntax Version 1.5. Network Working Group (1998) Request for Comment 2315
Utimaco AG: WYSIWYS - What you see is what you sign (2003), http://www.utimaco.com/eng/content_pdf/wysiwys.pdf
Scheibelhofer, K.: Signing XML Documents and the Concept of ”What You See Is What You Sign”. Institute for Applied Information Processing and Communications, Graz University of Technology (2001)
The W3C: XML Path Language (XPath), W3C Recommendation, Version 1.0 (1999), http://www.w3.org/TR/1999/REC-xpath-19991116
The Apache Software Foundation: Apache Xalan-Java, Version 2.6.0 (2004), http://xml.apache.org/xalan-j/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 IFIP International Federation for Information Processing
About this paper
Cite this paper
Kubbilun, W., Gajek, S., Psarros, M., Schwenk, J. (2005). Trustworthy Verification and Visualisation of Multiple XML-Signatures. In: Dittmann, J., Katzenbeisser, S., Uhl, A. (eds) Communications and Multimedia Security. CMS 2005. Lecture Notes in Computer Science, vol 3677. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11552055_41
Download citation
DOI: https://doi.org/10.1007/11552055_41
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-28791-9
Online ISBN: 978-3-540-31978-8
eBook Packages: Computer ScienceComputer Science (R0)