Versions Compared

Old Version 2

changes.mady.by.user Ian Young

Saved on

compared with

New Version 3

changes.mady.by.user Ian Young

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

By default, XmlSecTool selects the following digest and signature algorithms for each of the credential types:

CredentialDigestSignature
RSASHA-256RSA + SHA-256
ECSHA-256ECDSA + SHA-256
DSASHA-256DSA + SHA-1

To select a different hash function, XmlSecTool provides the --digest option, which takes the name of a hash function as parameter.  For example:

...

Selecting a value for the --digest option changes both the digest algorithm and, for RSA and Elliptic Curve credentials, the appropriate component of the signature algorithm.  For example, selecting –digest SHA-512 would result in the following algorithms being selected for each credential type:

CredentialDigestSignature
RSASHA-512RSA + SHA-512
ECSHA-512ECDSA + SHA-512
DSASHA-512DSA + SHA-1

In some situations, this simplified selection process does not allow you to use the digest and signature algorithms you need for a particular application.  For example, hash functions such as MD5 are not included because they are regarded as being too weak for regular use.  In these cases, you can override the digest algorithm and signature algorithms selected based on the --digest option using the --digestAlgorithm and --signatureAlgorithm options.  These each take as parameter the full URI identifier of the algorithm to use, so that any algorithm supported by the Apache Santuario cryptographic library in use can be specified.  You can mix these fine-grained options with --digest, as in the following example:

...

You should use the --digestAlgorithm and --signatureAlgorithm options, either together or individually, only if you understand the full implications of using non-standard algorithm combinations.

Signature

...

Verification Algorithms Restrictions

As the state of the art in cryptanalysis progresses, algorithms that were once acceptable for use in digital signatures become first deprecated and then disallowed.  For example, the SHA-1 cryptographic hash function is now regarded as weak. NIST deprecated the use of SHA-1 in digital signatures from 2011, and disallows its use entirely from 2014. In order to guard against attacks on algorithms once regarded as strong but since determined to be weak, xmlsectool provides a signature verification algorithm blacklist mechanismmechanism to disallow weak algorithms; a signature being verified will be rejected if it makes use of an algorithm on the blacklistdisallowed list.

xmlsectool ships with a built-in default blacklist.  In version 2.By default, xmlsectool version 3.0.0 , this blacklist contains only disallowed algorithms related to the MD5 and SHA-1 message digest functions.  This may be extended in future releases to include additional algorithms when appropriate.

If the default blacklist behaviour is not suitable, whether because it includes disallows an algorithm you need xmlsectool to accept or because it does not include disallow algorithms you regard as too weak, you can manipulate it using the following command-line options:

  • --clearBlacklistallowAllDigests removes the default blacklistdisallowed algorithms, so that all algorithms are allowed.  Do this only if you are sure that you need to use one of the algorithms in the default blacklistthat are disallowed by default, and therefore need complete control over the blacklist contents.behaviour. It is better to use, e.g., "–-allowDigest SHA-1" if you can (see below). 
  • --blacklistDigest adds disallowDigest disallows algorithms related to the given digest function to the blacklist.  For example, --blacklistDigest disallowDigest SHA256 would add disallow algorithms related to the SHA-256 digest function to the blacklist.  This This option may appear any number of times.
  • --whitelistDigest (added in xmlsectool V2.0.0) removes algorithms allowDigest allows algorithms related to the given digest function to the blacklistbe used during signature verification. For example, --whitelistDigest allowDigest SHA1 would remove algorithms related to permit signatures based on the SHA-1 digest function from the blacklistto be verified. This option may appear any number of times.
  • --listBlacklistlistAlgorithms is an action option you can use to display the resulting contents of the blacklistalgorithms which are currently disallowed. See the examples below.

These options can appear on the command line in any order, but will always be processed in the order given above.  Note also that these options only change the behaviour of xmlsectool for a single invocation; you must include them in the command line every time you want to override the default blacklistdefaults.

Example: viewing the default blacklist.

No Format
$ ./xmlsectool.sh --listBlacklistlistAlgorithms
DigestDisallowed algorithmdigest blacklistalgorithms:
   http://www.w3.org/2000/09/xmldsig#sha1
   http://www.w3.org/2001/04/xmldsig-more#md5
Signature
Disallowed algorithmsignature blacklistalgorithms:
   http://www.w3.org/2000/09/xmldsig#rsa-sha1
   http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1
   http://www.w3.org/2001/04/xmldsig-more#rsa-md5

Example: extending the default blacklistlist of disallowed algorithms.

No Format
$ ./xmlsectool.sh --blacklistDigestdisallowDigest SHA256 --listBlacklistlistAlgorithms
DigestDisallowed algorithmdigest blacklistalgorithms:
   http://www.w3.org/2000/09/xmldsig#sha1
   http://www.w3.org/2001/04/xmldsig-more#md5
   http://www.w3.org/2001/04/xmlenc#sha256

SignatureDisallowed algorithmsignature blacklistalgorithms:
   http://www.w3.org/2000/09/xmldsig#rsa-sha1
   http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1
   http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256
   http://www.w3.org/2001/04/xmldsig-more#rsa-md5
   http://www.w3.org/2001/04/xmldsig-more#rsa-sha256

Example: removing algorithms from the default blacklistlist of disallowed algorithms.

No Format
$ ./xmlsectool.sh --whitelistDigestallowDigest SHA1 --listBlacklistlistAlgorithms
DigestDisallowed algorithmdigest blacklistalgorithms:
   http://www.w3.org/2001/04/xmldsig-more#md5

SignatureDisallowed algorithmsignature blacklistalgorithms:
   http://www.w3.org/2001/04/xmldsig-more#rsa-md5

...

No Format
$ ./xmlsectool.sh --clearBlacklistallowAllDigests --blacklistDigestdisallowDigest SHA1 --listBlacklistlistAlgorithms
DigestDisallowed algorithmdigest blacklistalgorithms:
   http://www.w3.org/2000/09/xmldsig#sha1
Signature
Disallowed algorithmsignature blacklistalgorithms:
   http://www.w3.org/2000/09/xmldsig#rsa-sha1
   http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1