Example Signatures[1] using Encryption[2] key information and
Additional Security URIs[3]

[1] http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/
[2] http://www.w3.org/Encryption/2001/Drafts/xmlenc-core/
[3] http://www.ietf.org/internet-drafts/draft-eastlake-xmldsig-uri-02.txt

***
Some of these signature are WITHOUT cryptographic merit;
for example, key transport of an HMAC key is meaningless.
These are provided solely for testing purposes.
***

Private keys necessary for performing the verification
are provided in the PKCS#12 file pubIDs.p12, encrypted
under the pass phrase "Our Little Secret". I may have
done some of the ASN.1 encoding in this P12 incorrectly;
I hope not.

Secret keys are identified by key name as follows:

 Key Name | Algorithm | Key Value
----------+-----------+-----------
   bob    |   3des    | "abcdefghijklmnopqrstuvwx".getBytes ("ASCII")
   job    |  aes-128  | "abcdefghijklmnop".getBytes ("ASCII")
   jeb    |  aes-192  | "abcdefghijklmnopqrstuvwx".getBytes ("ASCII")
   jed    |  aes-256  | "abcdefghijklmnopqrstuvwxyz012345".getBytes ("ASCII")

All signatures are performed with nontruncated HMAC
algorithms.

For debugging purposes, where chosen, the MAC key is
"abcdefghijklmnopqrstuvwxyz012345".getBytes ("ASCII"). Where
agreed, it has length equal to the HMAC output length; e.g., 256
bits for HMAC/SHA-256.

. encsig-ripemd160-hmac-ripemd160-kw-tripledes.xml
  RIPEMD-160 message digest; HMAC/RIPEMD-160 key is wrapped
  using triple DES. The decryption key is from the above table,
  identified by the key name "bob".

. encsig-sha256-hmac-sha256-kw-aes128.xml
  SHA-256 message digest; HMAC/SHA-256 key is wrapped using
  AES-128. The decryption key is from the above table, identified
  by the key name "job".

. encsig-sha384-hmac-sha384-kw-aes192.xml
  SHA-384 message digest; HMAC/SHA-384 key is wrapped using
  AES-192. The decryption key is from the above table, identified
  by the key name "jeb".

. encsig-sha512-hmac-sha512-kw-aes256.xml
  SHA-512 message digest; HMAC/SHA-512 key is wrapped using
  AES-256. The decryption key is from the above table, identified
  by the key name "jed".

. encsig-hmac-sha256-rsa-1_5.xml
  HMAC/SHA-256 keys is transported using RSA/OAEP. Your private
  key has friendly name "RSA" in the P12.

. encsig-hmac-sha256-rsa-oaep-mgf1p.xml
  HMAC/SHA-256 keys is transported using RSA/PKCS#1. Your private
  key has friendly name "RSA" in the P12.

. encsig-hmac-sha256-dh.xml
  HMAC/SHA-256 key is agreed using Diffie Hellman. Your private
  key has friendly name "DH1" in the P12.

. encsig-hmac-sha256-kw-tripledes-dh.xml
  HMAC/SHA-256 key is wrapped using triple DES. The decryption
  key is agreed using Diffie Hellman. Your private key has
  friendly name "DH1" in the P12.

Merlin Hughes <merlin@baltimore.ie>
Baltimore Technologies, Ltd.

Friday, February 15, 2002
