The XML signature is implemented by the W3C schema xmldsig.
Unfortunally the W3C Schema has the use of DTD inside. DTD can result into security issues because of the XML External Entity (XXE) attack [1]. The DTD isn't needed, because the DCC doesn't use CDATA and xmldsig uses DTD to sign CDATA in a XML document.
This is why the PTB hosted the schema without the part of the DTD itself.
It can be found here: https://ptb.de/dcc/d-sig/xmldsig-core-schema.xsd
The schema is added with the W3C namespace into the DCC:
<?xml version="1.0" encoding="UTF-8"?>
<xs:schema version="3.2.1" xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:dcc="https://ptb.de/dcc"
xmlns:si="https://ptb.de/si"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
targetNamespace="https://ptb.de/dcc"
elementFormDefault="qualified">
<xs:import
namespace="http://www.w3.org/2000/09/xmldsig#"
schemaLocation="https://www.ptb.de/dcc/d-sig/xmldsig-core-schema.xsd"/>
The namespace of xmldsig remains at the url of W3C and only the source of import is changed to the PTB. The xmldsig namespace is assigned to the prefix ds.
Normally, the signatures are generated with the help of an application.
But for a better understanding a minimal example is described here:
<ds:Signature>
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>...</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>...</ds:SignatureValue/>
<ds:KeyInfo>...</ds:KeyInfo>
</ds:Signature>
Algorithm | Value |
---|---|
Canonicalization Method | c14n |
Signature Method | RSA-SHA1 |
Transform | Enveloped Signature |
Digest Method | SHA1 |
Digest Value | Enter the digest here. |
Signature Value | Enter the signature here. |
More informations about w3c XML Signatures can be found in this url:
https://www.w3.org/TR/xmldsig-core1/