Difference between signing a XML message using dsig:Signature and TLS Client Certificate

Question

I realise this question may be a bit vague or I may be using incorrect terminology, that is because I am trying to get to grips with this stuff :).

I have a requirement to implement digital signing of a XML message by using a dsig:Signature section. I think I understand this process; I will use a private key to sign it which will guarantee to the recipient that it was me who sent the message and that no one has tampered with it.

Am I right that this is different from implementing TLS Client Certificates but the goal is the same? (because TLS is transport level, right?) Would implementing Client Certificates be easier? Is one better than the other?

Many thanks for your reply,

Martijn

Update 1:

I think another difference is that using a TLS Client certificate the whole message will be encrypted, whereas with digital signing the message itself will be plain text, containing a signature section.

Answer 1

You're comparing message-level security with transport-level security. Although they have similarities, they have different purposes.

Using TLS protects the communication from being seen and altered by intermediate parties. The X.509 certificate on the server side guarantees that the messages sent to it can only be read by the server with this private key and that what it sends comes from the server with this private key. This could loosely be considered as signing by the server and encrypting for the server with the X.509 certificate, although it really applies only to the TLS handshake messages, not the application data that's exchanged afterwards. (I'm leaving out the fact that you get symmetric encryption of the channel anyway, whether or not any party has presented a certificate; it's important to have at least the server use a certificate so that the client knows what it's communicating with instead of communicating with a potential man-in-the-middle). When you add a client certificate to this, the client also signs the TLS messages it has exchanged during the handshake.

When you use both client and server certificates, you could (carefully) draw an analogy with message-level security, in that the messages that are signed and encrypted are the TLS handshake messages that are used to established the TLS channel.

However, there are big differences with message-level security (e.g. XML-DSig and XML-Enc).

Firstly, one of the features of message signing (XML-DSig) is auditing, so that you can keep records of what's been said. It's not specifically time-limited. That's much harder to do even if you've recorded the TLS packets. With modern cipher suites in SSL/TLS that use DHE (Diffie-Hellman ephemeral mode), even if you have the server's private key, you can't necessarily decipher the channel if you have recorded all its packets (without further knowledge of the DHE mechanism).

Secondly, in terms of implementations, XML-DSig tends to be done at the application level, whereas TLS tends to be done by the server connector. The difference can be blurred depending on the conditions of deployment, but TLS is about communicating with the machine/container rather than the application behind them. Typically, the TLS certificate will be set up on a Java container or at the WCF level, whereas the certificate used for XML-DSig will be used by the webapp/application running behind. There may be different people or procedure in charge there.

(You're also right that if you're using XML-DSig without XML-Enc, you're not encrypting the data.)

Answer 2

So far you are comparing apples to oranges.

XML data can be signed in many ways, for example using XMLDSig standard and X.509 certificate (it's possible to use other key types in XMLDSig as well). Signature certifies the authorship of the document (well, to some extent of course).

TLS stands for Transport Layer Security and is used to encrypt (not sign) the data while in transfer. It has nothing to do with XML specifically. TLS uses X.509 certificates as well, but you can't use the same certificate for XMLSDig and TLS cause the certificates need to have specific purposes (key usage field).

I suggest that you take some book on PKI ( I always recommend Rsa Security's Official Guide to Cryptography for it's simplicity) and read it attentively.