SlideShare ist ein Scribd-Unternehmen logo

Tokenauthenticatie en xml signature in detail

Als PPTX, PDF herunterladen
Marc de Graauw
Marc de Graauw
TechnologieNews & Politik
1 von 33
Tokenauthenticatie& XML Signaturein detail
Tokenauthenticatie smartcard met private key Certificaat QURX_ EX990011NL token maken SignedInfo maken RSA / SHA sig maken signedData SignedInfo SignatureValue Bericht maken SOAP bericht
Transformatie XML 2 SignedData Verstrekkings- Lijstquery QURX_IN990111NL_01.xml signedData.xsl signedData QURX_IN990111NL_01_signedData.xml
VerstrekkingsLijstquery
signedData X.509 Strong Authentication message id nonce unieke indentificatie van bericht (if duplicate removal has already taken place) notBefore & notAfter time to live security semantics can expire time to store & check nonce addressedParty replay against other receivers Koppeling met bericht BSN voor patiëntgerelateerde berichten Trigger Event Id versieonafhankelijk, itt. InteractionId
signedData.xml (pretty print)
Token versus bestand
Whitespace eruit signedData QURX_IN990111NL_01_signedData.xml remove- whitespace- between- elements.xsl signedData QURX_IN990111NL_01_signedData.xml
Exclusive Canonicalization signedData QURX_IN990111NL_01_signedData.xml excc14n (Oxygen gebruikt) signedData excc14n signedData_ excc14n.xml
Exclusive Canonicalization
Exclusive Canonicalization Dubbele quotes ipv. enkele Namespace declaraties vóór attributen Namespaces alfabetisch rangschikken Linefeed, geen carriage return of CR/LF Geen Byte Order Mark UTF-8
Signed Info element signedData excc14n signedData_ excc14n.xml bits SignedInfo template SHA1 hash wsu Id 160 bits maken SignedInfo Base64 karakters SignedInfo SignedInfo.xml
SHA: Cryptographic hash Wikipedia: A cryptographic hash function is a deterministic procedure that takes an arbitrary block of data and returns a fixed-size bit string, the (cryptographic) hash value, such that an accidental or intentional change to the data will change the hash value.
SHA SHA1 ... SHA256 1995: SHA-1 NSA 2005: zwaktes in SHA-1 ontdekt 2001: SHA-2 (225, 256, 384, 512) 2008 – 12: SHA-3, open competitie SHA-1 input: message maximum (264 − 1) bits output: 160 bits
Base 64 UTF-8: niet alle octets zijn toegestaan! Ergo: binaire data kunnen niet zomaar in XML / UTF-8 Oplossing: bits -> karakters RFC2045 (MIME) alfabet: [A-Z][a-z][0-9]+/
SHA + Base64 Input (bits) SHA1 (160 bits) 4vBP5K5M5llABaWYzxCrKIdjS2I= Base 64
SignedInfo
RSA with SHA SignedInfo (exc c14n) private key bits SHA1 hash 400 bits RSA 160 bits 408 bits ASN.1 DER formaat Base64 3021300906 052b0e0302 1a05000414 karakters 3031300d06 0960864801 6503040201 05000420 SignatureValue SHA 256 -> 464 bits
Sender Receiver “Hello world” “Hello world” SHA-1 hash: 5llABaWYz xCrKIdjS... Public key: MIICHzCCAY ygAwIBAgI..... OK Private key: shhhh..... RSA sig value: c9fVK7vYAdv s2DRZVtS... RSA sig value: c9fVK7vYAdv s2DRZVtS...
Security Services (X.800) Authentication Authorization Data Confidentiality Data Integrity Non-repudiation
Security services
Key usage
SOAP bericht signedData SignedInfo SignatureValue Certificaat verwijzing QURX_ EX990011NL Header maken Header maken authentication Tokens wss:Security Bericht maken SOAP bericht
SOAP bericht
Transformatie XML 2 SignedData Verstrekkings- Lijstquery QURX_IN990111NL_01.xml signedData.xsl signedData QURX_IN990111NL_01_signedData.xml
Whitespace eruit signedData QURX_IN990111NL_01_signedData.xml remove- whitespace- between- elements.xsl signedData QURX_IN990111NL_01_signedData.xml
Exclusive Canonicalization signedData QURX_IN990111NL_01_signedData.xml excc14n (Oxygen gebruikt) signedData excc14n signedData_ excc14n.xml
Signed Info element signedData excc14n signedData_ excc14n.xml bits SignedInfo template SHA1 hash wsu Id 160 bits maken SignedInfo Base64 karakters SignedInfo SignedInfo.xml
RSA with SHA SignedInfo (exc c14n) private key bits SHA1 hash 400 bits RSA 160 bits 160 bits ASN.1 DER formaat Base64 3021300906 052b0e0302 1a05000414 karakters 3031300d06 0960864801 6503040201 05000420 SignatureValue SHA 256 -> 464 bits
SOAP bericht signedData SignedInfo SignatureValue Certificaat verwijzing QURX_ EX990011NL Header maken Header maken authentication Tokens wss:Security Bericht maken SOAP bericht
Tokenauthenticatie smartcard met private key Certificaat QURX_ EX990011NL token maken SignedInfo maken RSA / SHA sig maken signedData SignedInfo SignatureValue Bericht maken SOAP bericht

Empfohlen

Apple tree
Apple treeApple tree
Apple treeBehta Mirjany
 
Road map to tap global opportunities feb 2015
Road map to tap global opportunities feb 2015Road map to tap global opportunities feb 2015
Road map to tap global opportunities feb 2015CA George Kurian
 
Project mercury
Project mercuryProject mercury
Project mercurymstcmath
 
Lynx
LynxLynx
LynxAimeeJ
 
Branded Facebook Landing Pages
Branded Facebook Landing PagesBranded Facebook Landing Pages
Branded Facebook Landing Pagesmarcogiordano
 
Informe conclusiones think tank aplicaciones móviles y turismo
Informe conclusiones think tank aplicaciones móviles y turismoInforme conclusiones think tank aplicaciones móviles y turismo
Informe conclusiones think tank aplicaciones móviles y turismoTurismo.as
 
Turismo.as, Winning Tourism Strategist
Turismo.as, Winning Tourism StrategistTurismo.as, Winning Tourism Strategist
Turismo.as, Winning Tourism StrategistTurismo.as
 
Apollo- Megan O'Neil
Apollo- Megan O'NeilApollo- Megan O'Neil
Apollo- Megan O'Neilmstcmath
 

Empfohlen

Apple tree
Apple treeApple tree
Apple treeBehta Mirjany
 
Road map to tap global opportunities feb 2015
Road map to tap global opportunities feb 2015Road map to tap global opportunities feb 2015
Road map to tap global opportunities feb 2015CA George Kurian
 
Project mercury
Project mercuryProject mercury
Project mercurymstcmath
 
Lynx
LynxLynx
LynxAimeeJ
 
Branded Facebook Landing Pages
Branded Facebook Landing PagesBranded Facebook Landing Pages
Branded Facebook Landing Pagesmarcogiordano
 
Informe conclusiones think tank aplicaciones móviles y turismo
Informe conclusiones think tank aplicaciones móviles y turismoInforme conclusiones think tank aplicaciones móviles y turismo
Informe conclusiones think tank aplicaciones móviles y turismoTurismo.as
 
Turismo.as, Winning Tourism Strategist
Turismo.as, Winning Tourism StrategistTurismo.as, Winning Tourism Strategist
Turismo.as, Winning Tourism StrategistTurismo.as
 
Apollo- Megan O'Neil
Apollo- Megan O'NeilApollo- Megan O'Neil
Apollo- Megan O'Neilmstcmath
 
Elektronische handtekening in de zorg
Elektronische handtekening in de zorgElektronische handtekening in de zorg
Elektronische handtekening in de zorgMarc de Graauw
 
Authentication and signatures overview
Authentication and signatures overviewAuthentication and signatures overview
Authentication and signatures overviewMarc de Graauw
 
Identiteit in de ict
Identiteit in de ictIdentiteit in de ict
Identiteit in de ictMarc de Graauw
 
Reliable messaging
Reliable messagingReliable messaging
Reliable messagingMarc de Graauw
 
Overzicht aorta
Overzicht aortaOverzicht aorta
Overzicht aortaMarc de Graauw
 
Hl7v3 schema issues
Hl7v3 schema issuesHl7v3 schema issues
Hl7v3 schema issuesMarc de Graauw
 
Hl7v3 and web services
Hl7v3 and web servicesHl7v3 and web services
Hl7v3 and web servicesMarc de Graauw
 
XML tekortkomingen en pluspunten
XML tekortkomingen en pluspuntenXML tekortkomingen en pluspunten
XML tekortkomingen en pluspuntenMarc de Graauw
 
Versioning theory
Versioning theoryVersioning theory
Versioning theoryMarc de Graauw
 
Versiecontrole in de keten
Versiecontrole in de ketenVersiecontrole in de keten
Versiecontrole in de ketenMarc de Graauw
 
Unicode
UnicodeUnicode
UnicodeMarc de Graauw
 
Luister niet naar de gebruiker
Luister niet naar de gebruikerLuister niet naar de gebruiker
Luister niet naar de gebruikerMarc de Graauw
 
Overzicht hl7v3
Overzicht hl7v3Overzicht hl7v3
Overzicht hl7v3Marc de Graauw
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityWSO2
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Bhuvaneswari Subramani
 

Weitere ähnliche Inhalte

Mehr von Marc de Graauw

Elektronische handtekening in de zorg
Elektronische handtekening in de zorgElektronische handtekening in de zorg
Elektronische handtekening in de zorgMarc de Graauw
 
Authentication and signatures overview
Authentication and signatures overviewAuthentication and signatures overview
Authentication and signatures overviewMarc de Graauw
 
Hl7v3 and web services
Hl7v3 and web servicesHl7v3 and web services
Hl7v3 and web servicesMarc de Graauw
 
XML tekortkomingen en pluspunten
XML tekortkomingen en pluspuntenXML tekortkomingen en pluspunten
XML tekortkomingen en pluspuntenMarc de Graauw
 
Versiecontrole in de keten
Versiecontrole in de ketenVersiecontrole in de keten
Versiecontrole in de ketenMarc de Graauw
 
Luister niet naar de gebruiker
Luister niet naar de gebruikerLuister niet naar de gebruiker
Luister niet naar de gebruikerMarc de Graauw
 

Mehr von Marc de Graauw (13)

Elektronische handtekening in de zorg
Elektronische handtekening in de zorgElektronische handtekening in de zorg
Elektronische handtekening in de zorg
 
Authentication and signatures overview
Authentication and signatures overviewAuthentication and signatures overview
Authentication and signatures overview
 
Identiteit in de ict
Identiteit in de ictIdentiteit in de ict
Identiteit in de ict
 
Reliable messaging
Reliable messagingReliable messaging
Reliable messaging
 
Overzicht aorta
Overzicht aortaOverzicht aorta
Overzicht aorta
 
Hl7v3 schema issues
Hl7v3 schema issuesHl7v3 schema issues
Hl7v3 schema issues
 
Hl7v3 and web services
Hl7v3 and web servicesHl7v3 and web services
Hl7v3 and web services
 
XML tekortkomingen en pluspunten
XML tekortkomingen en pluspuntenXML tekortkomingen en pluspunten
XML tekortkomingen en pluspunten
 
Versioning theory
Versioning theoryVersioning theory
Versioning theory
 
Versiecontrole in de keten
Versiecontrole in de ketenVersiecontrole in de keten
Versiecontrole in de keten
 
Unicode
UnicodeUnicode
Unicode
 
Luister niet naar de gebruiker
Luister niet naar de gebruikerLuister niet naar de gebruiker
Luister niet naar de gebruiker
 
Overzicht hl7v3
Overzicht hl7v3Overzicht hl7v3
Overzicht hl7v3
 

Kürzlich hochgeladen

CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityWSO2
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Bhuvaneswari Subramani
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Angeliki Cooney
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Zilliz
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 

Kürzlich hochgeladen (20)

CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 

Tokenauthenticatie en xml signature in detail

  • 2. Tokenauthenticatie smartcard met private key Certificaat QURX_ EX990011NL token maken SignedInfo maken RSA / SHA sig maken signedData SignedInfo SignatureValue Bericht maken SOAP bericht
  • 3. Transformatie XML 2 SignedData Verstrekkings- Lijstquery QURX_IN990111NL_01.xml signedData.xsl signedData QURX_IN990111NL_01_signedData.xml
  • 5. signedData X.509 Strong Authentication message id nonce unieke indentificatie van bericht (if duplicate removal has already taken place) notBefore & notAfter time to live security semantics can expire time to store & check nonce addressedParty replay against other receivers Koppeling met bericht BSN voor patiëntgerelateerde berichten Trigger Event Id versieonafhankelijk, itt. InteractionId
  • 8. Whitespace eruit signedData QURX_IN990111NL_01_signedData.xml remove- whitespace- between- elements.xsl signedData QURX_IN990111NL_01_signedData.xml
  • 9. Exclusive Canonicalization signedData QURX_IN990111NL_01_signedData.xml excc14n (Oxygen gebruikt) signedData excc14n signedData_ excc14n.xml
  • 11. Exclusive Canonicalization Dubbele quotes ipv. enkele Namespace declaraties vóór attributen Namespaces alfabetisch rangschikken Linefeed, geen carriage return of CR/LF Geen Byte Order Mark UTF-8
  • 12. Signed Info element signedData excc14n signedData_ excc14n.xml bits SignedInfo template SHA1 hash wsu Id 160 bits maken SignedInfo Base64 karakters SignedInfo SignedInfo.xml
  • 13. SHA: Cryptographic hash Wikipedia: A cryptographic hash function is a deterministic procedure that takes an arbitrary block of data and returns a fixed-size bit string, the (cryptographic) hash value, such that an accidental or intentional change to the data will change the hash value.
  • 14. SHA SHA1 ... SHA256 1995: SHA-1 NSA 2005: zwaktes in SHA-1 ontdekt 2001: SHA-2 (225, 256, 384, 512) 2008 – 12: SHA-3, open competitie SHA-1 input: message maximum (264 − 1) bits output: 160 bits
  • 15. Base 64 UTF-8: niet alle octets zijn toegestaan! Ergo: binaire data kunnen niet zomaar in XML / UTF-8 Oplossing: bits -> karakters RFC2045 (MIME) alfabet: [A-Z][a-z][0-9]+/
  • 16. SHA + Base64 Input (bits) SHA1 (160 bits) 4vBP5K5M5llABaWYzxCrKIdjS2I= Base 64
  • 18. RSA with SHA SignedInfo (exc c14n) private key bits SHA1 hash 400 bits RSA 160 bits 408 bits ASN.1 DER formaat Base64 3021300906 052b0e0302 1a05000414 karakters 3031300d06 0960864801 6503040201 05000420 SignatureValue SHA 256 -> 464 bits
  • 19. Sender Receiver “Hello world” “Hello world” SHA-1 hash: 5llABaWYz xCrKIdjS... Public key: MIICHzCCAY ygAwIBAgI..... OK Private key: shhhh..... RSA sig value: c9fVK7vYAdv s2DRZVtS... RSA sig value: c9fVK7vYAdv s2DRZVtS...
  • 20.
  • 21. Security Services (X.800) Authentication Authorization Data Confidentiality Data Integrity Non-repudiation
  • 24. SOAP bericht signedData SignedInfo SignatureValue Certificaat verwijzing QURX_ EX990011NL Header maken Header maken authentication Tokens wss:Security Bericht maken SOAP bericht
  • 26.
  • 27. Transformatie XML 2 SignedData Verstrekkings- Lijstquery QURX_IN990111NL_01.xml signedData.xsl signedData QURX_IN990111NL_01_signedData.xml
  • 28. Whitespace eruit signedData QURX_IN990111NL_01_signedData.xml remove- whitespace- between- elements.xsl signedData QURX_IN990111NL_01_signedData.xml
  • 29. Exclusive Canonicalization signedData QURX_IN990111NL_01_signedData.xml excc14n (Oxygen gebruikt) signedData excc14n signedData_ excc14n.xml
  • 30. Signed Info element signedData excc14n signedData_ excc14n.xml bits SignedInfo template SHA1 hash wsu Id 160 bits maken SignedInfo Base64 karakters SignedInfo SignedInfo.xml
  • 31. RSA with SHA SignedInfo (exc c14n) private key bits SHA1 hash 400 bits RSA 160 bits 160 bits ASN.1 DER formaat Base64 3021300906 052b0e0302 1a05000414 karakters 3031300d06 0960864801 6503040201 05000420 SignatureValue SHA 256 -> 464 bits
  • 32. SOAP bericht signedData SignedInfo SignatureValue Certificaat verwijzing QURX_ EX990011NL Header maken Header maken authentication Tokens wss:Security Bericht maken SOAP bericht
  • 33. Tokenauthenticatie smartcard met private key Certificaat QURX_ EX990011NL token maken SignedInfo maken RSA / SHA sig maken signedData SignedInfo SignatureValue Bericht maken SOAP bericht