Scott Cantor wrote:
>>So out of curiosity, how does one verify the Signature/KeyInfo match
up in the JDK 1.6 code?
I don't think that's how I would approach the question. In all cases, I
think the application needs to supply the verification key. The application
MAY choose to examine KeyInfo as part of determining what key to try, but
that's up to it.
In that light, KeyInfo is simply one of many inputs into the process of
determining the key. The critical difference is that in my mind, you start
by identifying the signer, usually based on the message itself, not based on
KeyInfo. From there, you get keying material, or policy to control
certificates that might be in KeyInfo.
+1.
I cannot think of any case where I would "trust" a message purely
because *the message* told me it was OK. That's effectively what you do
if you base a "trust" decision on a key info element.
The KeyInfo is like the keyid for a PGP/GPG signed message. It's a
pointer into your own keyring (or key management approach - whatever)
that lets *you* make a decision based on something outside the message
as to whether the message is signed by someone you know.
And FWIW - the match between key info and signature is trivial. If the
key that you determine from the keyinfo validates the signature then it
matches. Otherwise it doesn't. Incorporating the keyinfo into the
signed information tells you precisely nothing - if someone has inserted
their own key into KeyInfo, then they can obviously re-sign the message
and send it to you in its new form. So putting the KeyInfo inside the
signature tells you nothing about the validity of the key.
Given that fact - it would actually be dangerous for the spec to do it
by default as it would give a false sense of security to end users.
"The key info is included in the signature and the signature verified,
therefore the key is correct". Badness.
Cheers,
Berin
