Are XML Signatures secure?

N

~~~ .NET Ed ~~~

I was planning to deploy my control using a digitally signed XML signature
but when I come to think of it nothing prevents a savvy user from taking the
XML file, stripping the Digital signature, altering the XML document and
signing it again with his/her own key.

Am I right? or am I missing something?
 
E

Eugene Mayevski

Hello!
You wrote on Sun, 23 Sep 2007 14:26:54 +0200:

NE> I was planning to deploy my control using a digitally signed XML
NE> signature but when I come to think of it nothing prevents a savvy user
NE> from taking the XML file, stripping the Digital signature, altering the
NE> XML document and signing it again with his/her own key.
NE> Am I right? or am I missing something?

The idea of signatures is that they are the evidence of the document origin
and document integrity. In other words, the signature can say that the
document was signed by certain signer and since signing the document has not
beem modified. The signature doesn't prevent altering the data (in generic
case).

So when you are talking about signatures, you need to define, what exactly
you want to do. If you want to ensure that the component / control can't be
cracked, then the signature won't work for you.

If you want to ensure that the component was not modified by the evil
hacker, trying to inject his code into the end-user's system, then the
end-user must check and ensure that the signature is *yours* (and not the
one of the evil hacker).

Validating the signatures is possible when X.509 certificates are employed
and included into the signature. If you use plain RSA or DSA key for
signing, then the end user must have your public key in order to validate
the signature and ensure that it's yours.

With best regards,
Eugene Mayevski
http://www.SecureBlackbox.com - the comprehensive component suite for
network security
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top