144 Chapter 5 • XML Digital Signatures Introduction Digital signatures are widely used as security tokens, not just in XML. In this chapter, we look at how to create a digital signature and the way that digital sig- natures are constructed.We examine the current W3C XML digital signature and consider the effects of the structure of this XML-specific tool.The chapter con- cludes by finding where this construct fits into overall XML security and its potential uses. Understanding How a Digital Signature Works The XML digital signature specification (www.w3.org/TR/2002/REC-xmldsig- core-20020212) is a final draft. Its scope includes how to describe a digital signa- ture using XML and the XML-signature namespace.The signature is generated from a hash over the canonical form of the manifest, which can reference mul- tiple XML documents.To canonicalize something is to put it in a standard format that everyone generally uses. Because the signature is dependent on the content it is signing, a signature produced from a noncanonicalized document could pos- sibly be different from that produced from a canonicalized document. Remember that this specification is about defining digital signatures in general, not just those involving XML documents.The manifest may also contain references to any dig- ital content that can be addressed or even to part of an XML document. Basic Digital Signature and Authentication Concepts To better understand the specification, knowing how digital signatures work is helpful.The goal of a digital signature is to provide three things for the data.To ensure integrity, a digital signature must provide a way to verify that the data has not been modified or replaced. For authentication, the signature must provide a way to establish the identity of the data’s originator. For nonrepudiation, the signa- ture must provide the ability for the data’s integrity and authentication to be provable to a third party. www.syngress.com