XML Digital Signatures are indirected signatures. To construct a signature, the content to be signed is canonicalized, digested, and metadata about the content (its location, the digest and canonicalization method) is saved as XML. This XML metadata is then itself canonicalized, digested, and the digest of the metadata is signed to produce the final signature. Key information may optionally be packaged with the signature.The order of operations for signature validation, while unimportant from a cryptographic standpoint, can have a significant impact on whether many of the attacks detailed here are available to anonymous adversaries, or if the attack surface can be authenticated.The first operation of signature validation should be key resolution. Optimally, any KeyInfo attached to the signature can be discarded, and the proper key inferred from context and provided directly by the caller. If the KeyInfo must be resolved from the signature, this resolution must be a distinct step so a trust decision in the key can be made before proceeding
Attacks against XML Digital Signatures & Encryption | Heykuki News