1. Field
The disclosure relates generally to network security, and more specifically to optimizing Extensible Markup Language (XML) digital signature processing for providing message integrity.
2. Description of the Related Art
Today, most computers are connected to some type of network. A network allows a computer to share information with other computer systems. Communication networks today must support exchange of sensitive information, electronic commerce, and a variety of other tasks. As networks are expected to ensure integrity and authenticity of exchanged data, there is a need for cryptographic tools that offer high security as well as high efficiency.
When a message is sent from one party to another, the receiving party may desire to determine whether the message has been altered in transit, as well as to be confident of the origin of the message. As a handwritten signature appended to a physical document may be used to authenticate the document, a digital signature may be used to authenticate electronic communications. A digital signature is generated by the document signer based on a hash value of the body of the message being signed. The sending party appends the digital signature to the electronic document, and the receiving party may use the digital signature to establish the sender's identity and the integrity of the transmitted document.
Digital signatures are based on an asymmetric cryptography method in which each user is assigned a pair of keys—a private key and a public key. The public key is generally accessible. The digital signature is generated by the sending party using the private key. The recipient of a document signed with the digital signature can extract the signature from the incoming document using the sending party's public key. The recipient may verify the integrity of the incoming document by comparing the sender's calculated hash value with the hash value calculated by the recipient from the incoming document.
Digital signatures may be generated using various known cryptographic methods, including the RSA (Rivest-Shamia-Adleman cryptographic algorithm) public key method. With RSA, a document extract value (hash) generated by a hashing method such as MD5 (Message Digest #5) or SHA-1 (Secure Hashing Algorithm) is signed with the private key of the sending party (encrypted) and appended to the document as a digital signature prior to transmitting the message.