Abstract
This Note summarizes XML Security algorithm URI identifiers
and the specifications associated with them.
Status of This Document
This section describes the status of this document at the time of its publication. Other
documents may supersede this document. A list of current W3C publications and the latest revision
of this technical report can be found in the W3C technical reports
index at http://www.w3.org/TR/.
Note: On 23 April 2013, the reference to the "Additional
XML Security URIs" RFC was updated. The Director previously
authorized the publication knowing that the reference would be
updated in a near future.
Changes since the previous publication include updates to the
references, including replacing RFC 4051 with
RFC 6931 which updates it
(diff).
This document was published by the XML Security Working Group as a Working Group Note.
If you wish to make comments regarding this document, please send them to
[email protected]
(subscribe,
archives).
All comments are welcome.
Publication as a Working Group Note does not imply endorsement by the W3C Membership.
This is a draft document and may be updated, replaced or obsoleted by other documents at
any time. It is inappropriate to cite this document as other than work in progress.
This document was produced by a group operating under the
5 February 2004 W3C Patent Policy.
W3C maintains a public list of any patent disclosures
made in connection with the deliverables of the group; that page also includes instructions for
disclosing a patent. An individual who has actual knowledge of a patent which the individual believes contains
Essential Claim(s) must disclose the
information in accordance with section
6 of the W3C Patent Policy.
1. Introduction
The various XML Security specifications have defined a number of
algorithms of various types, while allowing and expecting additional
algorithms to be defined later. Over time, these identifiers have been
defined in a number of different specifications, including XML Signature,
XML Encryption, RFCs and elsewhere.
This makes it difficult for users of the XML Security specifications to
know whether and where a URI for an algorithm of interest has
been defined,
and can lead to the use of incorrect URIs. The purpose of this
Note is to
collect the various known URIs at the time of its publication
and indicate
the specifications in which they are defined in order to avoid confusion
and errors.
This note is not intended as an exhaustive list of all known related
identifiers, some of which may have been defined by other standards or
specifications. Furthermore, this note is not to be taken as normative
regarding the information provided; if information here
conflicts with the
referenced specification, the specification takes precedence
in all cases.
The architecture of the XML Security specifications
distinguishes between the (universally
useful) identifiers for algorithms and the roles that these
algorithms can take. Roles are
identified through elements
like ds:SignatureMethod,
ds:DigestMethod, ds:CanonicalizationMethod, or
ds:Transform, whereas the algorithms are
identified through URIs. Explicit
parameters for the respective algorithms are transmitted in
child elements of the role
element.
This note indicates explicitly whether an algorithm is
mandatory or recommended in other
specifications. If nothing is said, then readers should
assume that support for the
algorithms given is OPTIONAL.
This document applies to [XMLDSIG-CORE1] and
[XMLENC-CORE1] unless otherwise noted.
2. Namespaces
This specification uses the following XML namespace prefixes:
dshttp://www.w3.org/2000/09/xmldsig#xenchttp://www.w3.org/2001/04/xmlenc#dsig11http://www.w3.org/2009/xmldsig11#dsigmorehttp://www.w3.org/2001/04/xmldsig-more#
Algorithm URIs have been coined in a variety of namespaces,
and are always given in full.
3. Signature Algorithms
The algorithms listed in this section are typically used in
the signature algorithm role,
identified through
the ds:SignatureMethod
role element (
[XMLDSIG-CORE]
, section 4.3.2). Each signature method takes
an octet-stream as input, and produces a signature value (an
octet-stream that is always
base64 encoded,
see
section
4.2 of
[XMLDSIG-CORE]
).
3.1 DSA
A container for key material, ds:DSAKeyValue, is defined in section
4.4.2.1 of
[XMLDSIG-CORE]
. When used with
ds:RetrievalMethod, this container type is identified through the URI
http://www.w3.org/2000/09/xmldsig#DSAKeyValue.
- DSA-SHA1
-
- URI:
- http://www.w3.org/2000/09/xmldsig#dsa-sha1
- Specified in:
- section 6.4.1 of
[XMLDSIG-CORE]
Implementation of this algorithm is required in
[XMLDSIG-CORE2002] and [XMLDSIG-CORE].
It is mandatory to implement in [XMLDSIG-CORE1] for
signature verification.
[XMLDSIG-CORE1] allows
verification support for 1024 bit key legacy signatures,
but requires that 1024 bit keys must not be used for new
signatures.
- DSA-SHA256
-
- URI:
- http://www.w3.org/2009/xmldsig11#dsa-sha256
- Specified in:
- section
6.4.1 of
[XMLDSIG-CORE1]
Implementation of this algorithm is optional. Permissible lengths of the prime
modulus are 2048 and 3072.
3.2 RSA
This section lists variants of the RSA algorithm. A container for key material,
ds:RSAKeyValue, is defined in section
4.4.2.2 of
[XMLDSIG-CORE2002]
. When used with
ds:RetrievalMethod, this container type is identified through the URI
http://www.w3.org/2000/09/xmldsig#RSAKeyValue.
- RSA-MD5
-
- URI:
- http://www.w3.org/2001/04/xmldsig-more#rsa-md5
- Specified in:
- section 2.3.1 of
[RFC6931]
We only list the algorithm URI for RSA-MD5 for the sake of completeness. The
cryptographic strength of the MD5 algorithm is sufficiently doubtful that its use is
discouraged at this time. It is not listed as an
algorithm in [XMLDSIG-CORE1].
- RSA-SHA1
-
- URI:
- http://www.w3.org/2000/09/xmldsig#rsa-sha1
- Specified in:
- section 6.4.2
of
[XMLDSIG-CORE2002]
Implementation of this algorithm is recommended in
[XMLDSIG-CORE2002]
and
[XMLDSIG-CORE]
. Use of this algorithm for signature generation is
discouraged [XMLDSIG-CORE1].
- RSA-SHA224
-
- URI:
- http://www.w3.org/2001/04/xmldsig-more#rsa-sha224
- Specified in:
- section 6.4.2
of
[XMLDSIG-CORE1].
- RSA-SHA256
-
- URI:
- http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
- Specified in:
- section 2.3.2 of
[RFC6931]
This algorithm is a mandatory to implement algorithm for
[XMLDSIG-CORE1].
- RSA-SHA384
-
- URI:
- http://www.w3.org/2001/04/xmldsig-more#rsa-sha384
- Specified in:
- section 2.3.3 of
[RFC6931]
- RSA-SHA512
-
- URI:
- http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
- Specified in:
- section 2.3.4 of
[RFC6931]
- RSA-RIPEMD160
-
- URI:
- http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160
- Specified in:
- section 2.3.5 of
[RFC6931]
This algorithm is listed for the sake of completeness but
does not have an [XMLDSIG-CORE1] implementation requirement.
3.3 Elliptic Curve DSA
This section lists various variants of the Elliptic Curve
DSA (ECDSA) algorithm. A container
for key material, the ECKeyValue
element, is defined in [XMLDSIG-CORE1] in
section
4.5.2.3.
- ECDSA-SHA1
-
- URI:
- http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1
- Specified in:
- section 2.3.6 of
[RFC6931]
Given recent cryptographic results about the SHA1 hash
algorithm, users of this
algorithm should apply similar caution to other SHA1
based algorithms, and treat it as
an algorithm whose use is discouraged.
- ECDSA-SHA224
-
- URI:
- http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha224
- Specified in:
- section 2.3.6 of
[RFC6931]
- ECDSA-SHA256
-
- URI:
- http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256
- Specified in:
- section 2.3.6 of
[RFC6931]
This algorithm is a mandatory to implement algorithm
for [XMLDSIG-CORE1].
- ECDSA-SHA384
-
- URI:
- http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384
- Specified in:
- section 2.3.6 of
[RFC6931]
- ECDSA-SHA512
-
- URI:
- http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512
- Specified in:
- section 2.3.6 of
[RFC6931]
3.4 HMAC
The following URIs have been defined for various Message Authentication Codes that use the
HMAC construction
[HMAC]
. All of these algorithms take an explicit
truncation length parameter. A container for this parameter, ds:HMACOutputLength,
is defined in section 6.3.1 of
[XMLDSIG-CORE]
. This container occurs as a
child element of the role element.
- HMAC-SHA1
-
- URI:
- http://www.w3.org/2000/09/xmldsig#hmac-sha1
- Specified in:
- section 6.3 of
[XMLDSIG-CORE2002]
This algorithm is used as the default MAC algorithm in
[XKMS2]
. It
is mandatory to implement in XML Signature
[XMLDSIG-CORE2002], [XMLDSIG-CORE], [XMLDSIG-CORE1].
Use of this algorithm for signature generation is
discouraged [XMLDSIG-CORE1] due to the weaknesses of SHA-1.
- HMAC-SHA224
-
- URI:
- http://www.w3.org/2001/04/xmldsig-more#hmac-sha224
- Specified in:
- section 2.2.2 of
[RFC6931]
- HMAC-SHA256
-
- URI:
- http://www.w3.org/2001/04/xmldsig-more#hmac-sha256
- Specified in:
- section 2.2.2 of
[RFC6931]
This algorithm is a mandatory to implement algorithm
for [XMLDSIG-CORE1].
- HMAC-SHA384
-
- URI:
- http://www.w3.org/2001/04/xmldsig-more#hmac-sha384
- Specified in:
- section 2.2.2 of
[RFC6931]
Implementation of this algorithm is recommended in
[XMLDSIG-CORE1].
- HMAC-SHA512
-
- URI:
- http://www.w3.org/2001/04/xmldsig-more#hmac-sha512
- Specified in:
- section 2.2.2 of
[RFC6931]
Implementation of this algorithm is recommended in
[XMLDSIG-CORE1].
- HMAC-RIPEMD160
-
- URI:
- http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160
- Specified in:
- Section 2.2.3 of
[RFC6931]
This algorithm is listed for the sake of completeness but does not
have an [XMLDSIG-CORE1] implementation requirement.
4. Digest Methods
The following URIs have been defined for Digest Methods. They are typically used in the
ds:DigestMethod
role in
[XMLDSIG-CORE2002]
. Note that ds:DigestMethod also occurs as
in the context of xenc:AgreementMethod,
as specified in the Key
Agreement part of
[XMLENC-CORE]
.
4.1 MD5
- MD5
-
- URI:
- http://www.w3.org/2001/04/xmldsig-more#md5
- Specified in:
- section 2.1.1 of
[RFC6931]
We only list the algorithm URI for MD5 for the sake of completeness. The cryptographic
strength of this algorithm is sufficiently doubtful that its use is not recommended at this
time.
4.2 SHA variants
Note that URIs for the various algorithms of the Secure Hash Algorithm family have been
coined in a number of name spaces and specifications, specifically
[XMLDSIG-CORE2002]
(and, in this regard identically,
[XMLDSIG-CORE]
),
[XMLENC-CORE]
, and
[RFC6931]
.
- SHA-1
-
- URI:
- http://www.w3.org/2000/09/xmldsig#sha1
- Specified in:
- section
6.2.1 of
[XMLDSIG-CORE]
SHA-1 is the only digest algorithm defined in
[XMLDSIG-CORE] and is
mandatory to implement in that specification and in
[XMLENC-CORE].
Use of SHA-1 is discouraged in [XMLDSIG-CORE1] and [XMLENC-CORE1]
both of which mandate SHA-256 as mandatory to implement and offer
a number of other optional SHA algorithms.
- SHA-224
-
- URI:
- http://www.w3.org/2001/04/xmldsig-more#sha224
- Specified in:
- section 2.1.2 of
[RFC6931]
- SHA-256
-
- URI:
- http://www.w3.org/2001/04/xmlenc#sha256
- Specified in:
- section 5.7.2 of
[XMLENC-CORE]
This algorithm is a mandatory to implement algorithm
for [XMLDSIG-CORE1].
- SHA-384
-
- URI:
- http://www.w3.org/2001/04/xmldsig-more#sha384
- Specified in:
- section 2.1.3 of
[RFC6931]
- SHA-512
-
- URI:
- http://www.w3.org/2001/04/xmlenc#sha512
- Specified in:
- section 5.7.3 of
[XMLENC-CORE]
5. Symmetric Key Encryption Algorithms
The following URIs have been defined for symmetric key encryption algorithms. They
typically appear in the xenc:EncryptionMethod role.
5.1 Triple DES
- Triple DES (CBC mode)
-
- URI:
- http://www.w3.org/2001/04/xmlenc#tripledes-cbc
- Specified in:
- section
5.2.1 of
[XMLENC-CORE]
This algorithm is mandatory to implement in
[XMLENC-CORE]
.
5.3 Camellia
These algorithms are not in the [XMLDSIG-CORE1] or
[XMLENC-CORE1] implementation requirements but are listed for
completeness.
- Camellia 128 (CBC mode)
-
- URI:
- http://www.w3.org/2001/04/xmldsig-more#camellia128-cbc
- Specified in:
- section 2.6.2 of
[RFC6931]
- Camellia 192 (CBC mode)
-
- URI:
- http://www.w3.org/2001/04/xmldsig-more#camellia192-cbc
- Specified in:
- section 2.6.2 of
[RFC6931]
- Camellia 256 (CBC mode)
-
- URI:
- http://www.w3.org/2001/04/xmldsig-more#camellia256-cbc
- Specified in:
- section 2.6.2 of
[RFC6931]
6. Key Transport Algorithms
The following URIs have been defined for key transport algorithms.
6.1 RSA v1.5
- RSA-v1.5
-
- URI:
- http://www.w3.org/2001/04/xmlenc#rsa-1_5
- Specified in:
- section 5.4.1 of
[XMLENC-CORE]
This algorithm is optional to implement in
[XMLENC-CORE]. Implementation of RSA v1.5 is NOT
RECOMMENDED due to security risks associated with the
algorithm.
6.2 RSA OAEP
- RSA-OAEP (including MGF1 with SHA1 mask generation function)
-
- URI:
- http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p
- Specified in:
- section 5.4.2 of
[XMLENC-CORE]. This version has a fixed mask generation
function of MGF1 with SHA1.
This algorithm is mandatory to implement in
[XMLENC-CORE].
- RSA-OAEP
-
- URI:
- http://www.w3.org/2009/xmlenc11#rsa-oaep
- Specified in:
- section 5.4.2 of
[XMLENC-CORE]. This version allows the mask generation
function to be specified explicitly.
- RSA-OAEP MGF1 with SHA* definitions
-
- URI:
- MGF1 with SHA1: http://www.w3.org/2009/xmlenc11#mgf1sha1
- MGF1 with SHA224:
http://www.w3.org/2009/xmlenc11#mgf1sha224
- MGF1 with SHA256:
http://www.w3.org/2009/xmlenc11#mgf1sha256
- MGF1 with SHA384:
http://www.w3.org/2009/xmlenc11#mgf1sha384
- MGF1 with SHA512:
http://www.w3.org/2009/xmlenc11#mgf1sha512
- Specified in:
- section 5.4.2 of
[XMLENC-CORE]. These URIs are for defining the specific
mask generation
function.
7. Key Derivation Algorithm URIs
The following URIs have been defined for key derivation algorithms.
8. Key Agreement Algorithm URIs
The following URIs have been defined for key agreement algorithms.
- Diffie Hellman with Legacy Key Derivation Function
(Ephemeral-Static mode)
-
- URI:
- http://www.w3.org/2001/04/xmlenc#dh
- Specified in:
-
section 5.5.2 of
[XMLENC-CORE]
While this is the only key agreement algorithm defined in
[XMLENC-CORE], it is optional to implement.
A container for key material for this key agreement algorithm,
xenc:DHKeyValue, is defined in
section 5.5.1 of
[XMLENC-CORE] . When used
with ds:RetrievalMethod, this
container type is identified through the
URI http://www.w3.org/2001/04/xmlenc#dh.
- Diffie-Hellman with explicit Key Derivation Functions
(Ephemeral-Static Mode)
-
- URI:
- http://www.w3.org/2009/xmlenc11#dh-es
- Specified in:
- section 5.6.2.1 of
[XMLENC-CORE1]
- Elliptic Key Diffie-Hellman Key Agreement
(Ephemeral-Static Mode)
-
- URI:
- http://www.w3.org/2009/xmlenc11#ECDH-ES
- Specified in:
- section 5.6.4 of
[XMLENC-CORE1]
This algorithm is a mandatory to implement algorithm for
[XMLENC-CORE1].
9. Symmetric Key Wrap Algorithm URIs
The following URIs have been defined for symmetric key wrap algorithms.
9.1 CMS Triple-DES Key Wrap
- CMS Triple-DES Key Wrap
-
- URI:
- http://www.w3.org/2001/04/xmlenc#kw-tripledes
- Specified in:
- section 5.6.2 of
[XMLENC-CORE]
This algorithm is mandatory to implement in
[XMLENC-CORE]
.
9.2 AES Key Wrap
- AES Key Wrap 128
-
- URI:
- http://www.w3.org/2001/04/xmlenc#kw-aes128
- Specified in:
- section 5.6.3 of
[XMLENC-CORE]
This algorithm is mandatory to implement in
[XMLENC-CORE]
.
- AES Key Wrap 128 with padding
-
- URI:
- http://www.w3.org/2009/xmlenc11#kw-aes-128-pad
- Specified in:
- the informative Appendix A.1 of
[XMLENC-CORE1] (This informative section outlines the definition and reserves identifiers for algorithms that have no requirements for implementation and have not been tested for interoperability.)
- AES Key Wrap 192
-
- URI:
- http://www.w3.org/2001/04/xmlenc#kw-aes192
- Specified in:
- section 5.6.3 of
[XMLENC-CORE]
- AES Key Wrap 192 with padding
-
- URI:
- http://www.w3.org/2009/xmlenc11#kw-aes-192-pad
- Specified in:
- the informative Appendix A.1 of
[XMLENC-CORE1] (This informative section outlines the definition and reserves identifiers for algorithms that have no requirements for implementation and have not been tested for interoperability.)
- AES Key Wrap 256
-
- URI:
- http://www.w3.org/2001/04/xmlenc#kw-aes256
- Specified in:
- section
5.6.3 of
[XMLENC-CORE]
This algorithm is mandatory to implement in
[XMLENC-CORE]
.
- AES Key Wrap 256 with padding
-
- URI:
- http://www.w3.org/2009/xmlenc11#kw-aes-256-pad
- Specified in:
- the informative Appendix A.1 of
[XMLENC-CORE1] (This informative section outlines the definition and reserves identifiers for algorithms that have no requirements for implementation and have not been tested for interoperability.)
9.3 Camellia Key Wrap
These algorithms are not in the [XMLDSIG-CORE1] or
[XMLENC-CORE1] implementation requirements but are listed for
completeness.
- Camellia Key Wrap 128
-
- URI:
- http://www.w3.org/2001/04/xmldsig-more#kw-camellia128
- Specified in:
- section 2.6.3 of
[RFC6931]
- Camellia Key Wrap 192
-
- URI:
- http://www.w3.org/2001/04/xmldsig-more#kw-camellia192
- Specified in:
- section 2.6.3 of
[RFC6931]
- Camellia Key Wrap 256
-
- URI:
- http://www.w3.org/2001/04/xmldsig-more#kw-camellia256
- Specified in:
- section 2.6.3 of
[RFC6931]
10. Generic Hybrid Cipher Algorithm URIs
The following URIs have been defined for generic hybrid
cipher algorithms.
- Generic-Hybrid
-
- URI:
- http://www.w3.org/2010/xmlsec-ghc#generic-hybrid
- Specified in:
- section
4.2.1 of
[XMLSEC-GHCIPHERS]
- RSAES-KEM
-
- URI:
- http://www.w3.org/2010/xmlsec-ghc#rsaes-kem
- Specified in:
- section
4.3.1 of
[XMLSEC-GHCIPHERS]
- ECIES-KEM
-
- URI:
- http://www.w3.org/2010/xmlsec-ghc#ecies-kem
- Specified in:
- section
4.3.2 of
[XMLSEC-GHCIPHERS]
11. Canonicalization Algorithms
Canonicalization algorithms are used in
[XMLDSIG-CORE2002]
; they are typically used
in the ds:CanonicalizationMethod
and ds:Transform roles.
11.1 Inclusive Canonicalization
Canonical XML 1.0
[XML-C14N]
without comments is mandatory to implement in
both XML Signature
[XMLDSIG-CORE2002]
and XML Signature Second Edition
[XMLDSIG-CORE]
. XML Signature Second Edition recommends use of Canonical XML 1.1
[XML-C14N11]
over use of Canonical XML 1.0 when inclusive canonicalization
is desired, to address known issues with Canonical XML 1.0.
The canonicalization methods listed in this section accept a node-set or octet-stream as
input, and produce an octet-stream as output.
- Canonical XML 1.0 (omit comments)
-
- URI:
- http://www.w3.org/TR/2001/REC-xml-c14n-20010315
- Specified in:
- section
6.5.1 of
[XMLDSIG-CORE]
This algorithm is mandatory to implement in
[XMLDSIG-CORE2002]
and
[XMLDSIG-CORE]
.
- Canonical XML 1.0 (with comments)
-
- URI:
- http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments
- Specified in:
- section
6.5.1 of
[XMLDSIG-CORE]
Implementation of this algorithm is recommended in
[XMLDSIG-CORE1].
- Canonical XML 1.1 (omit comments)
-
- URI:
- http://www.w3.org/2006/12/xml-c14n11
- Specified in:
- section 6.5.2 of
[XMLDSIG-CORE]
This algorithm is mandatory to implement in
[XMLDSIG-CORE]
. Its use is
recommended over Canonical XML 1.0.
- Canonical XML 1.1 (with comments)
-
- URI:
- http://www.w3.org/2006/12/xml-c14n11#WithComments
- Specified in:
- section 6.5.2 of
[XMLDSIG-CORE]
Implementation of this algorithm is recommended in
[XMLDSIG-CORE1].
11.2 Exclusive Canonicalization
- Exclusive Canonicalization XML 1.0 (omit comments)
-
- URI:
- http://www.w3.org/2001/10/xml-exc-c14n#
- Specified in:
- section 4 of
[XML-EXC-C14N]
Implementation of this algorithm is required in
[XMLDSIG-CORE1].
- Exclusive Canonicalization XML 1.0 (with comments)
-
- URI:
- http://www.w3.org/2001/10/xml-exc-c14n#WithComments
- Specified in:
- section 4 of
[XML-EXC-C14N]
11.3 Canonicalization 2.0
- Canonical XML 2.0
-
- URI:
- http://www.w3.org/2010/10/xml-c14n2
- Specified in:
- section 3.1 of
[XML-C14N20]
12. Encoding Algorithms
- Base64 encoding
-
- URI:
- http://www.w3.org/2000/09/xmldsig#base64
- Specified in:
- section 6.6.2 of
[XMLDSIG-CORE]
- Input:
- octet-stream, node-set
- Output:
- octet-stream
Implementation is required in
[XMLDSIG-CORE]
and
[XMLENC-CORE]. Note that the same URI is used to
identify base64 both in "encoding" context as well as in
"transform" context.
14. Retrieval method type identifiers
The ds:RetrievalMethod element permits referencing key material that is stored
outside a ds:KeyInfo element. The type of the material that results from
retrieval of the URI reference (and possible transform processing) can be identified using
the Type attribute.
Note: The KeyInfoReference element
introduced in [XMLDSIG-CORE1]
is preferred
over use of
RetrievalMethod as it avoids use of
Transform
child elements that
introduce security risk and implementation challenges.
The following Type values identify an XML element or document with the given
element as its root:
- http://www.w3.org/2000/09/xmldsig#DSAKeyValue
ds:DSAKeyValue, see section
4.4.2.1 of
[XMLDSIG-CORE]
.
- http://www.w3.org/2000/09/xmldsig#RSAKeyValue
ds:RSAKeyValue, see section
4.4.2.2 of
[XMLDSIG-CORE]
.
- http://www.w3.org/2000/09/xmldsig#X509Data
ds:X509Data, see section
4.4.4 of
[XMLDSIG-CORE]
.
- http://www.w3.org/2000/09/xmldsig#PGPData
ds:PGPData, see section
4.4.5 of
[XMLDSIG-CORE]
.
- http://www.w3.org/2000/09/xmldsig#SPKIData
ds:SPKIData, see section
4.4.6 of
[XMLDSIG-CORE]
.
- http://www.w3.org/2000/09/xmldsig#MgmtData
ds:MgmtData, see section
4.4.7 of
[XMLDSIG-CORE]
.
- http://www.w3.org/2001/04/xmldsig-more#KeyValue
ds:KeyValue, see section
4.4.2 of
[XMLDSIG-CORE]
.
- http://www.w3.org/2001/04/xmldsig-more#RetrievalMethod
ds:RetrievalMethod, see section
4.4.3 of
[XMLDSIG-CORE]
.
- http://www.w3.org/2001/04/xmldsig-more#KeyName
ds:KeyName, see section
4.4.1 of
[XMLDSIG-CORE]
.
- http://www.w3.org/2001/04/xmldsig-more#PKCS7signedData
dsigmore:PKCS7signedData, see section 3.1 of
[RFC6931]
.
- http://www.w3.org/2009/xmldsig11#ECKeyValue
dsig11:ECKeyValue, see
section
4.5.2.3 of
[XMLDSIG-CORE1]
.
- http://www.w3.org/2009/xmldsig11#DEREncodedKeyValue
dsig11:DEREncodedKeyValue, see
section 4.5.9
of
[XMLDSIG-CORE1]
.
The following Type values identify the type of raw binary data:
- http://www.w3.org/2001/04/xmldsig-more#rawX509CRL
- http://www.w3.org/2001/04/xmldsig-more#rawPGPKeyPacket
- http://www.w3.org/2001/04/xmldsig-more#rawSPKISexp
- http://www.w3.org/2001/04/xmldsig-more#rawPKCS7signedData
- http://www.w3.org/2000/09/xmldsig#rawX509Certificate
A. References
Dated references below are to the latest known or appropriate edition of the referenced work. The referenced works may be subject to revision, and conformant implementations may follow, and are encouraged to investigate the appropriateness of following, some or all more recent editions or replacements of the works cited. It is in each case implementation-defined which editions are supported.