RE: Signature question

[Chris Nappin]

Sounds like you require transport integrity, which is a different thing to a digital signature.   This could be achieved by combining SSL or encryption with the message signing.   “Normal” SSL (in which the server has a certificate but the client doesn’t) wouldn’t require you to know your clients in advance, and would be easiest to set up.   From: Juan Cervera [mailto:[EMAIL PROTECTED] Sent: 15 September 2005 15:31 To: Granqvist, Hans; wss4j-dev@ws.apache.org Subject: RE: Signature question   Thanks Hans,   My problem is, how does the server know that the message comes from B and not from A? If I want to process differently the messages from A than those from B I would need to know which message is from who. I don't see anything in WSS4J that allows me to do that check, the only thing that seems to let me do is to ensure that the certificate is actually trusted and that the DigestValue corresponds to it, as far as that is right it will accept the message, so a message could be either from A or B but I won't know ...   Best Regards,   ---------------------------------------------------   Juan Cervera Technical Architect Nomad Software Limited 186 Regent Street London W1B 5TN UK   Direct Tel: +44 (0) 20 7292 2490 Fax:        +44 (0) 20 7292 2401   ---------------------------------------------------   This e-mail (including attachments) is confidential and is intended solely for the addressee.  Unless authorised you may not read, copy, use or store this e-mail in any way, or permit others to do so.  If you have received it in error, please contact Nomad Software on +44 (0) 20 7292 2400.     From: Granqvist, Hans [mailto:[EMAIL PROTECTED] Sent: 15 September 2005 15:26 To: Juan Cervera; wss4j-dev@ws.apache.org Subject: RE: Signature question Hi Juan,   Anyone can replace any signature unless it is covered by another signature, but that just creates a new message.   In your example, the message the server receives says "B signed this" instead of the original "A signed this". B did in fact (re-)sign it, even if B changed the content before signing.   This is equal to just replacing the message with a new one. The server receives a message from B instead of A, and has to treat it accordingly. If the server must process messages from B differently than messages from A, there is no way around checking the DN of the cert used for signing.   Hans     From: Juan Cervera [mailto:[EMAIL PROTECTED] Sent: Thursday, September 15, 2005 2:40 AM To: wss4j-dev@ws.apache.org Subject: Signature question Hi,   I have a question about signature with WSS4J, it is more a conceptual question than a technical one, hopefully someone can clarify this to me as I'm a bit confused about it right now.   When a client signs a message, the header gets the DigestValue with the signature and the KeyInfo with the certificate used to sign the body (or any other tokens). The server receives the message, validates the certificate in its keystore and verifies the DigestValue.   My problem is the following, how does the server know, assuming that the DigestValue is fine for that certificate, that this certificate is in fact the one that the message had when was generated and that nobody has changed both certificate and DigestValue at some point?   Lets say that there are two clients that access that server, both have a certificate created from the same root CA key. If the server just checks if the certificate is in the keystore how can it ensure that the signature and the certificate are really the ones sent by client A? the message may have been intercepted by client B (which has as well a valid certificate) who has just dropped the certificate and the DigestValue and replaced them with his own certificate and generate a new valid DigestValue after changing the body in whatever way they wanted! How can I detect this kind of tampering? I know that the certificates carry information about their owners, but I don't see any place in WSS4J where I can ask for that kind of verification, which would sort this issue.   I know I could deal with this by having different keystores with different root CA keys for every client, that would require a different server per client though, in my case that is not an issue but I cannot believe that the specification cannot deal with this, so probably some of my assumptions are not right or I have missed some functionality in some place.   Any help?   Thanks,   Juan CONFIDENTIALITY & PRIVILEGE NOTICE This e-mail is confidential to its intended recipient. It may also be privileged. Neither the confidentiality nor any privilege attaching to this e-mail is waived lost or destroyed by reason that it has been mistakenly transmitted to a person or entity other than its intended recipient. If you are not the intended recipient please notify us immediately by telephone or fax at the numbers provided above or e-mail by Reply To Author and return the printed e-mail to us by post at our expense. We believe, but do not warrant, that this e-mail and any attachments are virus-free, but you should check. We may monitor traffic data of both business and personal e-mails. We are not liable for any opinions expressed by the sender where this is a non-business e-mail. If you do not receive all the message, or if you have difficulty with the transmission, please telephone us immediately.