Internet Engineering Task Force (IETF)                   D. Eastlake 3rd
Request for Comments: 6931                                        Huawei
Obsoletes: 4051                                               April 2013
Category: Standards Track
ISSN: 2070-1721
        
Internet Engineering Task Force (IETF)                   D. Eastlake 3rd
Request for Comments: 6931                                        Huawei
Obsoletes: 4051                                               April 2013
Category: Standards Track
ISSN: 2070-1721
        

Additional XML Security Uniform Resource Identifiers (URIs)

其他XML安全统一资源标识符(URI)

Abstract

摘要

This document expands, updates, and establishes an IANA registry for the list of URIs intended for use with XML digital signatures, encryption, canonicalization, and key management. These URIs identify algorithms and types of information. This document obsoletes RFC 4051.

本文档扩展、更新并建立了用于XML数字签名、加密、规范化和密钥管理的URI列表的IANA注册表。这些URI识别算法和信息类型。本文件淘汰了RFC 4051。

Status of This Memo

关于下段备忘

This is an Internet Standards Track document.

这是一份互联网标准跟踪文件。

This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 5741.

本文件是互联网工程任务组(IETF)的产品。它代表了IETF社区的共识。它已经接受了公众审查,并已被互联网工程指导小组(IESG)批准出版。有关互联网标准的更多信息,请参见RFC 5741第2节。

Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc6931.

有关本文件当前状态、任何勘误表以及如何提供反馈的信息,请访问http://www.rfc-editor.org/info/rfc6931.

Copyright Notice

版权公告

Copyright (c) 2013 IETF Trust and the persons identified as the document authors. All rights reserved.

版权所有(c)2013 IETF信托基金和确定为文件作者的人员。版权所有。

This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.

本文件受BCP 78和IETF信托有关IETF文件的法律规定的约束(http://trustee.ietf.org/license-info)自本文件出版之日起生效。请仔细阅读这些文件,因为它们描述了您对本文件的权利和限制。从本文件中提取的代码组件必须包括信托法律条款第4.e节中所述的简化BSD许可证文本,并提供简化BSD许可证中所述的无担保。

Table of Contents

目录

   1. Introduction ....................................................3
      1.1. Terminology ................................................4
      1.2. Acronyms ...................................................4
   2. Algorithms ......................................................5
      2.1. DigestMethod (Hash) Algorithms .............................5
           2.1.1. MD5 .................................................5
           2.1.2. SHA-224 .............................................6
           2.1.3. SHA-384 .............................................6
           2.1.4. Whirlpool ...........................................6
           2.1.5. New SHA Functions ...................................7
      2.2. SignatureMethod MAC Algorithms .............................7
           2.2.1. HMAC-MD5 ............................................7
           2.2.2. HMAC SHA Variations .................................8
           2.2.3. HMAC-RIPEMD160 ......................................8
      2.3. SignatureMethod Public-Key Signature Algorithms ............9
           2.3.1. RSA-MD5 .............................................9
           2.3.2. RSA-SHA256 .........................................10
           2.3.3. RSA-SHA384 .........................................10
           2.3.4. RSA-SHA512 .........................................10
           2.3.5. RSA-RIPEMD160 ......................................11
           2.3.6. ECDSA-SHA*, ECDSA-RIPEMD160, ECDSA-Whirlpool .......11
           2.3.7. ESIGN-SHA* .........................................12
           2.3.8. RSA-Whirlpool ......................................12
           2.3.9. RSASSA-PSS with Parameters .........................13
           2.3.10. RSASSA-PSS without Parameters .....................14
           2.3.11. RSA-SHA224 ........................................15
      2.4. Minimal Canonicalization ..................................15
      2.5. Transform Algorithms ......................................16
           2.5.1. XPointer ...........................................16
      2.6. EncryptionMethod Algorithms ...............................17
           2.6.1. ARCFOUR Encryption Algorithm .......................17
           2.6.2. Camellia Block Encryption ..........................17
           2.6.3. Camellia Key Wrap ..................................17
           2.6.4. PSEC-KEM ...........................................18
           2.6.5. SEED Block Encryption ..............................19
           2.6.6. SEED Key Wrap ......................................19
   3. KeyInfo ........................................................19
      3.1. PKCS #7 Bag of Certificates and CRLs ......................20
      3.2. Additional RetrievalMethod Type Values ....................20
   4. Indexes ........................................................20
      4.1. Fragment Index ............................................21
      4.2. URI Index .................................................24
   5. Allocation Considerations ......................................27
      5.1. W3C Allocation Considerations .............................27
      5.2. IANA Considerations .......................................28
   6. Security Considerations ........................................28
        
   1. Introduction ....................................................3
      1.1. Terminology ................................................4
      1.2. Acronyms ...................................................4
   2. Algorithms ......................................................5
      2.1. DigestMethod (Hash) Algorithms .............................5
           2.1.1. MD5 .................................................5
           2.1.2. SHA-224 .............................................6
           2.1.3. SHA-384 .............................................6
           2.1.4. Whirlpool ...........................................6
           2.1.5. New SHA Functions ...................................7
      2.2. SignatureMethod MAC Algorithms .............................7
           2.2.1. HMAC-MD5 ............................................7
           2.2.2. HMAC SHA Variations .................................8
           2.2.3. HMAC-RIPEMD160 ......................................8
      2.3. SignatureMethod Public-Key Signature Algorithms ............9
           2.3.1. RSA-MD5 .............................................9
           2.3.2. RSA-SHA256 .........................................10
           2.3.3. RSA-SHA384 .........................................10
           2.3.4. RSA-SHA512 .........................................10
           2.3.5. RSA-RIPEMD160 ......................................11
           2.3.6. ECDSA-SHA*, ECDSA-RIPEMD160, ECDSA-Whirlpool .......11
           2.3.7. ESIGN-SHA* .........................................12
           2.3.8. RSA-Whirlpool ......................................12
           2.3.9. RSASSA-PSS with Parameters .........................13
           2.3.10. RSASSA-PSS without Parameters .....................14
           2.3.11. RSA-SHA224 ........................................15
      2.4. Minimal Canonicalization ..................................15
      2.5. Transform Algorithms ......................................16
           2.5.1. XPointer ...........................................16
      2.6. EncryptionMethod Algorithms ...............................17
           2.6.1. ARCFOUR Encryption Algorithm .......................17
           2.6.2. Camellia Block Encryption ..........................17
           2.6.3. Camellia Key Wrap ..................................17
           2.6.4. PSEC-KEM ...........................................18
           2.6.5. SEED Block Encryption ..............................19
           2.6.6. SEED Key Wrap ......................................19
   3. KeyInfo ........................................................19
      3.1. PKCS #7 Bag of Certificates and CRLs ......................20
      3.2. Additional RetrievalMethod Type Values ....................20
   4. Indexes ........................................................20
      4.1. Fragment Index ............................................21
      4.2. URI Index .................................................24
   5. Allocation Considerations ......................................27
      5.1. W3C Allocation Considerations .............................27
      5.2. IANA Considerations .......................................28
   6. Security Considerations ........................................28
        
   7. Acknowledgements ...............................................29
   Appendix A. Changes from RFC 4051 .................................30
   Normative References ..............................................31
   Informative References ............................................33
        
   7. Acknowledgements ...............................................29
   Appendix A. Changes from RFC 4051 .................................30
   Normative References ..............................................31
   Informative References ............................................33
        
1. Introduction
1. 介绍

XML digital signatures, canonicalization, and encryption have been standardized by the W3C and by the joint IETF/W3C XMLDSIG working group [W3C]. All of these are now W3C Recommendations and some are also RFCs. They are available as follows:

XML数字签名、规范化和加密已由W3C和IETF/W3C XMLDSIG联合工作组[W3C]标准化。所有这些现在都是W3C建议,有些也是RFC建议。可供索取的资料如下:

   RFC
   Status            W3C REC      Topic
   -----------       -------      -----
        
   RFC
   Status            W3C REC      Topic
   -----------       -------      -----
        

[RFC3275] [XMLDSIG10] XML Digital Signatures Draft Standard

[RFC3275][XMLDSIG10]XML数字签名标准草案

[RFC3076] [CANON10] Canonical XML Informational

[RFC3076][CANON10]规范XML信息

   - - - - - -       [XMLENC10]   XML Encryption 1.0
        
   - - - - - -       [XMLENC10]   XML Encryption 1.0
        

[RFC3741] [XCANON] Exclusive XML Canonicalization 1.0 Informational

[RFC3741][XCANON]独家XML规范化1.0

All of these documents and recommendations use URIs [RFC3986] to identify algorithms and keying information types. The W3C has subsequently produced updated XML Signature 1.1 [XMLDSIG11], Canonical XML 1.1 [CANON11], and XML Encryption 1.1 [XMLENC11] versions, as well as a new XML Signature Properties specification [XMLDSIG-PROP].

所有这些文档和建议都使用URI[RFC3986]来识别算法和键控信息类型。W3C随后发布了更新的XML签名1.1[XMLDSIG11]、规范XML 1.1[CANON11]和XML加密1.1[XMLENC11]版本,以及新的XML签名属性规范[XMLDSIG-PROP]。

All camel-case element names herein, such as DigestValue, are from these documents.

本文中所有camel case元素名称(如DigestValue)都来自这些文档。

This document is an updated convenient reference list of URIs and corresponding algorithms in which there is expressed interest. Since the previous list [RFC4051] was issued in 2005, significant new cryptographic algorithms of interest to XML security, for some of which the URI is only specified in this document, have been added. This document obsoletes [RFC4051]. All of the URIs appear in the indexes in Section 4. Only the URIs that were added by [RFC4051] or this document have a subsection in Section 2 or 3, with the exception of Minimal Canonicalization (Section 2.4), for example, use of

本文档是一个更新的方便参考列表,其中列出了感兴趣的URI和相应算法。自2005年发布之前的列表[RFC4051]以来,已经添加了对XML安全感兴趣的重要新加密算法,其中一些算法的URI仅在本文档中指定。本文件废除了[RFC4051]。所有URI都出现在第4节的索引中。只有[RFC4051]或本文件添加的URI在第2节或第3节中有小节,但最小规范化(第2.4节)除外,例如,使用

SHA-256 is defined in [XMLENC11] and hence there is no subsection on that algorithm here, but its URI is included in the indexes in Section 4.

SHA-256在[XMLENC11]中定义,因此这里没有关于该算法的小节,但其URI包含在第4节的索引中。

Specification in this document of the URI representing an algorithm does not imply endorsement of the algorithm for any particular purpose. A protocol specification, which this is not, generally gives algorithm and implementation requirements for the protocol. Security considerations for algorithms are constantly evolving, as documented elsewhere. This specification simply provides some URIs and relevant formatting for when those URIs are used.

本文档中表示算法的URI规范并不意味着为任何特定目的认可该算法。协议规范(并非如此)通常给出协议的算法和实现要求。正如其他地方所记录的那样,算法的安全考虑因素在不断演变。本规范仅提供了一些URI和相关的格式,以便于在使用这些URI时使用。

Note that progressing XML Digital Signature [RFC3275] along the Standards Track required removal of any algorithms from the original version [RFC3075] for which there was not demonstrated interoperability. This required removal of the Minimal Canonicalization algorithm, in which there appears to be continued interest. The URI for Minimal Canonicalization was included in [RFC4051] and is included here.

请注意,沿着标准轨道推进XML数字签名[RFC3275]需要从原始版本[RFC3075]中删除任何算法,因为没有证明其互操作性。这需要删除最小规范化算法,其中似乎有持续的兴趣。最小规范化的URI包含在[RFC4051]中,并包含在这里。

1.1. Terminology
1.1. 术语

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].

本文件中的关键词“必须”、“不得”、“必需”、“应”、“不应”、“建议”、“不建议”、“可”和“可选”应按照[RFC2119]中的说明进行解释。

This document is not intended to change the algorithm implementation requirements of any IETF or W3C document. Use of [RFC2119] terminology is intended to be only such as is already stated or implied by other authoritative documents.

本文档无意更改任何IETF或W3C文档的算法实现要求。[RFC2119]术语的使用仅限于其他权威文件中已经说明或暗示的术语。

1.2. Acronyms
1.2. 缩略词

The following acronyms are used in this document:

本文件中使用了以下首字母缩略词:

HMAC - Keyed-Hashing MAC [RFC2104]

HMAC键控哈希MAC[RFC2104]

   IETF - Internet Engineering Task Force <www.ietf.org>
        
   IETF - Internet Engineering Task Force <www.ietf.org>
        

MAC - Message Authentication Code

MAC消息认证码

MD - Message Digest

MD-讯息摘要

NIST - United States National Institute of Standards and Technology <www.nist.gov>

NIST-美国国家标准与技术研究所<www.NIST.gov>

RC - Rivest Cipher

RC-Rivest密码

RSA - Rivest, Shamir, and Adleman

RSA-Rivest、Shamir和Adleman

SHA - Secure Hash Algorithm

SHA-安全散列算法

URI - Uniform Resource Identifier [RFC3986]

URI-统一资源标识符[RFC3986]

   W3C - World Wide Web Consortium <www.w3.org>
        
   W3C - World Wide Web Consortium <www.w3.org>
        

XML - eXtensible Markup Language

可扩展标记语言

2. Algorithms
2. 算法

The URI [RFC3986] that was dropped from the XML Digital Signature standard due to the transition from Proposed Standard to Draft Standard [RFC3275] is included in Section 2.4 below with its original

由于从拟议标准过渡到标准草案[RFC3275]而从XML数字签名标准中删除的URI[RFC3986]及其原始版本包含在下面的第2.4节中

      http://www.w3.org/2000/09/xmldsig#
        
      http://www.w3.org/2000/09/xmldsig#
        

prefix so as to avoid changing the XMLDSIG standard's namespace.

前缀,以避免更改XMLDSIG标准的命名空间。

Additional algorithms in [RFC4051] were given URIs that start with

[RFC4051]中的其他算法提供了以

      http://www.w3.org/2001/04/xmldsig-more#
        
      http://www.w3.org/2001/04/xmldsig-more#
        

while further algorithms added in this document are given URIs that start with

而本文档中添加的其他算法则提供了以

      http://www.w3.org/2007/05/xmldsig-more#
        
      http://www.w3.org/2007/05/xmldsig-more#
        

In addition, for ease of reference, this document includes in the indexes in Section 4 many cryptographic algorithm URIs from several XML security documents using the namespaces with which they are defined in those documents. For example, 2000/09/xmldsig# for some URIs specified in [RFC3275] and 2001/04/xmlenc# for some URIs specified in [XMLENC10].

此外,为了便于参考,本文档在第4节的索引中包括来自多个XML安全文档的许多加密算法URI,这些文档使用这些文档中定义的名称空间。例如,对于[RFC3275]中指定的某些URI,2000/09/xmldsig;对于[XMLENC10]中指定的某些URI,2001/04/xmlenc。

See also [XMLSECXREF].

另请参见[XMLSECXREF]。

2.1. DigestMethod (Hash) Algorithms
2.1. DigestMethod(哈希)算法

These algorithms are usable wherever a DigestMethod element occurs.

无论DigestMethod元素出现在哪里,这些算法都是可用的。

2.1.1. MD5
2.1.1. MD5
   Identifier:
      http://www.w3.org/2001/04/xmldsig-more#md5
        
   Identifier:
      http://www.w3.org/2001/04/xmldsig-more#md5
        

The MD5 algorithm [RFC1321] takes no explicit parameters. An example of an MD5 DigestAlgorithm element is:

MD5算法[RFC1321]不接受显式参数。MD5 DigestAlgorithm元素的一个示例是:

   <DigestAlgorithm
      Algorithm="http://www.w3.org/2001/04/xmldsig-more#md5"/>
        
   <DigestAlgorithm
      Algorithm="http://www.w3.org/2001/04/xmldsig-more#md5"/>
        

An MD5 digest is a 128-bit string. The content of the DigestValue element SHALL be the base64 [RFC2045] encoding of this bit string viewed as a 16-octet stream. See [RFC6151] for MD5 security considerations.

MD5摘要是128位字符串。DigestValue元素的内容应为该位字符串的base64[RFC2045]编码,该位字符串被视为16个八位字节流。有关MD5安全注意事项,请参见[RFC6151]。

2.1.2. SHA-224
2.1.2. SHA-224
   Identifier:
      http://www.w3.org/2001/04/xmldsig-more#sha224
        
   Identifier:
      http://www.w3.org/2001/04/xmldsig-more#sha224
        

The SHA-224 algorithm [FIPS180-4] [RFC6234] takes no explicit parameters. An example of a SHA-224 DigestAlgorithm element is:

SHA-224算法[FIPS180-4][RFC6234]不采用显式参数。SHA-224算法元素的一个示例是:

   <DigestAlgorithm
      Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha224" />
        
   <DigestAlgorithm
      Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha224" />
        

A SHA-224 digest is a 224-bit string. The content of the DigestValue element SHALL be the base64 [RFC2045] encoding of this string viewed as a 28-octet stream.

SHA-224摘要是一个224位的字符串。DigestValue元素的内容应为该字符串的base64[RFC2045]编码,被视为28个八位字节的流。

2.1.3. SHA-384
2.1.3. SHA-384
   Identifier:
      http://www.w3.org/2001/04/xmldsig-more#sha384
        
   Identifier:
      http://www.w3.org/2001/04/xmldsig-more#sha384
        

The SHA-384 algorithm [FIPS180-4] takes no explicit parameters. An example of a SHA-384 DigestAlgorithm element is:

SHA-384算法[FIPS180-4]没有明确的参数。SHA-384算法元素的一个示例是:

   <DigestAlgorithm
      Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha384" />
        
   <DigestAlgorithm
      Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha384" />
        

A SHA-384 digest is a 384-bit string. The content of the DigestValue element SHALL be the base64 [RFC2045] encoding of this string viewed as a 48-octet stream.

SHA-384摘要是384位字符串。DigestValue元素的内容应为该字符串的base64[RFC2045]编码,被视为48个八位字节流。

2.1.4. Whirlpool
2.1.4. 漩涡
   Identifier:
      http://www.w3.org/2007/05/xmldsig-more#whirlpool
        
   Identifier:
      http://www.w3.org/2007/05/xmldsig-more#whirlpool
        

The Whirlpool algorithm [10118-3] takes no explicit parameters. A Whirlpool digest is a 512-bit string. The content of the DigestValue element SHALL be the base64 [RFC2045] encoding of this string viewed as a 64-octet stream.

Whirlpool算法[10118-3]没有明确的参数。Whirlpool摘要是512位字符串。DigestValue元素的内容应为该字符串的base64[RFC2045]编码,该编码被视为64个八位字节流。

2.1.5. New SHA Functions
2.1.5. 新的SHA功能
   Identifiers:
      http://www.w3.org/2007/05/xmldsig-more#sha3-224
      http://www.w3.org/2007/05/xmldsig-more#sha3-256
      http://www.w3.org/2007/05/xmldsig-more#sha3-384
      http://www.w3.org/2007/05/xmldsig-more#sha3-512
        
   Identifiers:
      http://www.w3.org/2007/05/xmldsig-more#sha3-224
      http://www.w3.org/2007/05/xmldsig-more#sha3-256
      http://www.w3.org/2007/05/xmldsig-more#sha3-384
      http://www.w3.org/2007/05/xmldsig-more#sha3-512
        

NIST has recently completed a hash function competition for an alternative to the SHA family. The Keccak-f[1600] algorithm was selected [Keccak] [SHA-3]. This hash function is commonly referred to as "SHA-3", and this section is a space holder and reservation of URIs for future information on Keccak use in XML security.

NIST最近完成了SHA系列替代品的哈希函数竞赛。选择了Keccak-f[1600]算法[Keccak][SHA-3]。这个散列函数通常被称为“SHA-3”,本节是URI的空间持有者和保留区,用于将来关于XML安全中Keccak使用的信息。

A SHA-3 224, 256, 384, and 512 digest is a 224-, 256-, 384-, and 512-bit string, respectively. The content of the DigestValue element SHALL be the base64 [RFC2045] encoding of this string viewed as a 28-, 32-, 48-, and 64-octet stream, respectively.

SHA-3 224、256、384和512摘要分别是224、256、384和512位的字符串。DigestValue元素的内容应为该字符串的base64[RFC2045]编码,分别视为28、32、48和64个八位组流。

2.2. SignatureMethod MAC Algorithms
2.2. 符号方法MAC算法

This section covers SignatureMethod MAC (Message Authentication Code) Algorithms.

本节介绍SignatureMethod MAC(消息认证码)算法。

Note: Some text in this section is duplicated from [RFC3275] for the convenience of the reader. RFC 3275 is normative in case of conflict.

注:为方便读者阅读,本节中的一些文本从[RFC3275]中复制。RFC 3275是冲突情况下的规范。

2.2.1. HMAC-MD5
2.2.1. HMAC-MD5
   Identifier:
      http://www.w3.org/2001/04/xmldsig-more#hmac-md5
        
   Identifier:
      http://www.w3.org/2001/04/xmldsig-more#hmac-md5
        

The HMAC algorithm [RFC2104] takes the truncation length in bits as a parameter; if the parameter is not specified, then all the bits of the hash are output. An example of an HMAC-MD5 SignatureMethod element is as follows:

HMAC算法[RFC2104]以位为单位的截断长度作为参数;如果未指定参数,则输出散列的所有位。HMAC-MD5 SignatureMethod元素的示例如下:

   <SignatureMethod
      Algorithm="http://www.w3.org/2001/04/xmldsig-more#hmac-md5">
      <HMACOutputLength>112</HMACOutputLength>
   </SignatureMethod>
        
   <SignatureMethod
      Algorithm="http://www.w3.org/2001/04/xmldsig-more#hmac-md5">
      <HMACOutputLength>112</HMACOutputLength>
   </SignatureMethod>
        

The output of the HMAC algorithm is ultimately the output (possibly truncated) of the chosen digest algorithm. This value SHALL be base64 [RFC2045] encoded in the same straightforward fashion as the output of the digest algorithms. Example: the SignatureValue element for the HMAC-MD5 digest

HMAC算法的输出最终是所选摘要算法的输出(可能被截断)。该值应以与摘要算法输出相同的简单方式进行base64[RFC2045]编码。示例:HMAC-MD5摘要的SignatureValue元素

9294727A 3638BB1C 13F48EF8 158BFC9D

9294727A 3638BB1C 13F48EF8 158BFC9D

from the test vectors in [RFC2104] would be

根据[RFC2104]中的测试向量

kpRyejY4uxwT9I74FYv8nQ==

kpRyejY4uxwT9I74FYv8nQ==

Schema Definition:

架构定义:

      <simpleType name="HMACOutputLength">
         <restriction base="integer"/>
      </simpleType>
        
      <simpleType name="HMACOutputLength">
         <restriction base="integer"/>
      </simpleType>
        

DTD:

DTD:

      <!ELEMENT HMACOutputLength (#PCDATA) >
        
      <!ELEMENT HMACOutputLength (#PCDATA) >
        

The Schema Definition and DTD immediately above are copied from [RFC3275].

紧接着上面的模式定义和DTD是从[RFC3275]复制的。

See [RFC6151] for HMAC-MD5 security considerations.

有关HMAC-MD5安全注意事项,请参见[RFC6151]。

2.2.2. HMAC SHA Variations
2.2.2. HMAC SHA变体
   Identifiers:
      http://www.w3.org/2001/04/xmldsig-more#hmac-sha224
      http://www.w3.org/2001/04/xmldsig-more#hmac-sha256
      http://www.w3.org/2001/04/xmldsig-more#hmac-sha384
      http://www.w3.org/2001/04/xmldsig-more#hmac-sha512
        
   Identifiers:
      http://www.w3.org/2001/04/xmldsig-more#hmac-sha224
      http://www.w3.org/2001/04/xmldsig-more#hmac-sha256
      http://www.w3.org/2001/04/xmldsig-more#hmac-sha384
      http://www.w3.org/2001/04/xmldsig-more#hmac-sha512
        

SHA-224, SHA-256, SHA-384, and SHA-512 [FIPS180-4] [RFC6234] can also be used in HMAC as described in Section 2.2.1 above for HMAC-MD5.

SHA-224、SHA-256、SHA-384和SHA-512[FIPS180-4][RFC6234]也可用于HMAC,如上文第2.2.1节所述,用于HMAC-MD5。

2.2.3. HMAC-RIPEMD160
2.2.3. HMAC-RIPEMD160
   Identifier:
      http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160
        
   Identifier:
      http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160
        

RIPEMD-160 [10118-3] can also be used in HMAC as described in Section 2.2.1 above for HMAC-MD5.

RIPEMD-160[10118-3]也可在HMAC中使用,如上文第2.2.1节HMAC-MD5所述。

2.3. SignatureMethod Public-Key Signature Algorithms
2.3. 签名方法公钥签名算法

These algorithms are distinguished from those in Section 2.2 above in that they use public-key methods. That is to say, the verification key is different from and not feasibly derivable from the signing key.

这些算法与上面第2.2节中的算法不同,因为它们使用公钥方法。也就是说,验证密钥不同于签名密钥,并且不可能从签名密钥派生。

2.3.1. RSA-MD5
2.3.1. RSA-MD5
   Identifier:
      http://www.w3.org/2001/04/xmldsig-more#rsa-md5
        
   Identifier:
      http://www.w3.org/2001/04/xmldsig-more#rsa-md5
        

This implies the PKCS#1 v1.5 padding algorithm described in [RFC3447]. An example of use is

这意味着[RFC3447]中描述的PKCS#1 v1.5填充算法。使用的一个例子是

   <SignatureMethod
      Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-md5" />
        
   <SignatureMethod
      Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-md5" />
        

The SignatureValue content for an RSA-MD5 signature is the base64 [RFC2045] encoding of the octet string computed as per [RFC3447], Section 8.2.1, signature generation for the RSASSA-PKCS1-v1_5 signature scheme. As specified in the EMSA-PKCS1-V1_5-ENCODE function in [RFC3447], Section 9.2, the value input to the signature function MUST contain a pre-pended algorithm object identifier for the hash function, but the availability of an ASN.1 parser and recognition of OIDs is not required of a signature verifier. The PKCS#1 v1.5 representation appears as:

RSA-MD5签名的SignatureValue内容是根据[RFC3447]第8.2.1节“RSASSA-PKCS1-v1_5签名方案的签名生成”计算的八位字节字符串的base64[RFC2045]编码。如[RFC3447]第9.2节中EMSA-PKCS1-V1_5-ENCODE函数所述,输入到签名函数的值必须包含哈希函数的预挂算法对象标识符,但签名验证器不需要ASN.1解析器的可用性和OID的识别。PKCS#1 v1.5表示形式如下所示:

CRYPT (PAD (ASN.1 (OID, DIGEST (data))))

密码(PAD(ASN.1(OID,摘要(数据)))

Note that the padded ASN.1 will be of the following form:

请注意,填充ASN.1将采用以下形式:

01 | FF* | 00 | prefix | hash

01 | FF*| 00 |前缀|散列

Vertical bar ("|") represents concatenation. "01", "FF", and "00" are fixed octets of the corresponding hexadecimal value, and the asterisk ("*") after "FF" indicates repetition. "hash" is the MD5 digest of the data. "prefix" is the ASN.1 BER MD5 algorithm designator prefix required in PKCS #1 [RFC3447], that is,

垂直条(“|”)表示连接。“01”、“FF”和“00”是对应十六进制值的固定八位字节,“FF”后的星号(“*”)表示重复。“hash”是数据的MD5摘要。“前缀”是PKCS#1[RFC3447]中要求的ASN.1 BER MD5算法指示符前缀,即,

hex 30 20 30 0c 06 08 2a 86 48 86 f7 0d 02 05 05 00 04 10

六角30 20 30 0c 06 08 2a 86 48 86 f7 0d 02 05 00 04 10

This prefix is included to make it easier to use standard cryptographic libraries. The FF octet MUST be repeated enough times that the value of the quantity being CRYPTed is exactly one octet shorter than the RSA modulus.

包含此前缀是为了更容易使用标准加密库。FF八位组必须重复足够的次数,以使加密的数量值正好比RSA模短一个八位组。

See [RFC6151] for MD5 security considerations.

有关MD5安全注意事项,请参见[RFC6151]。

2.3.2. RSA-SHA256
2.3.2. RSA-SHA256
   Identifier:
      http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
        
   Identifier:
      http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
        

This implies the PKCS#1 v1.5 padding algorithm [RFC3447] as described in Section 2.3.1, but with the ASN.1 BER SHA-256 algorithm designator prefix. An example of use is

这意味着PKCS#1 v1.5填充算法[RFC3447]如第2.3.1节所述,但带有ASN.1 BER SHA-256算法标识符前缀。使用的一个例子是

   <SignatureMethod
      Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"
   />
        
   <SignatureMethod
      Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"
   />
        
2.3.3. RSA-SHA384
2.3.3. RSA-SHA384
   Identifier:
      http://www.w3.org/2001/04/xmldsig-more#rsa-sha384
        
   Identifier:
      http://www.w3.org/2001/04/xmldsig-more#rsa-sha384
        

This implies the PKCS#1 v1.5 padding algorithm [RFC3447] as described in Section 2.3.1, but with the ASN.1 BER SHA-384 algorithm designator prefix. An example of use is

这意味着PKCS#1 v1.5填充算法[RFC3447]如第2.3.1节所述,但带有ASN.1 BER SHA-384算法标识符前缀。使用的一个例子是

   <SignatureMethod
      Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha384" />
        
   <SignatureMethod
      Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha384" />
        

Because it takes about the same effort to calculate a SHA-384 message digest as it does a SHA-512 message digest, it is suggested that RSA-SHA512 be used in preference to RSA-SHA384 where possible.

由于计算SHA-384消息摘要与计算SHA-512消息摘要所需的工作量大致相同,因此建议尽可能优先使用RSA-SHA512而不是RSA-SHA384。

2.3.4. RSA-SHA512
2.3.4. RSA-SHA512
   Identifier:
      http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
        
   Identifier:
      http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
        

This implies the PKCS#1 v1.5 padding algorithm [RFC3447] as described in Section 2.3.1, but with the ASN.1 BER SHA-512 algorithm designator prefix. An example of use is

这意味着PKCS#1 v1.5填充算法[RFC3447]如第2.3.1节所述,但带有ASN.1 BER SHA-512算法标识符前缀。使用的一个例子是

   <SignatureMethod
      Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512" />
        
   <SignatureMethod
      Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512" />
        
2.3.5. RSA-RIPEMD160
2.3.5. RSA-RIPEMD160
   Identifier:
      http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160
        
   Identifier:
      http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160
        

This implies the PKCS#1 v1.5 padding algorithm [RFC3447] as described in Section 2.3.1, but with the ASN.1 BER RIPEMD160 algorithm designator prefix. An example of use is

这意味着PKCS#1 v1.5填充算法[RFC3447]如第2.3.1节所述,但带有ASN.1 BER RIPEMD160算法标识符前缀。使用的一个例子是

   <SignatureMethod
      Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160"
   />
        
   <SignatureMethod
      Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160"
   />
        
2.3.6. ECDSA-SHA*, ECDSA-RIPEMD160, ECDSA-Whirlpool
2.3.6. ECDSA-SHA*、ECDSA-RIPEMD160、ECDSA惠而浦
   Identifiers:
      http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1
      http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha224
      http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256
      http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384
      http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512
      http://www.w3.org/2007/05/xmldsig-more#ecdsa-ripemd160
      http://www.w3.org/2007/05/xmldsig-more#ecdsa-whirlpool
        
   Identifiers:
      http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1
      http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha224
      http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256
      http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384
      http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512
      http://www.w3.org/2007/05/xmldsig-more#ecdsa-ripemd160
      http://www.w3.org/2007/05/xmldsig-more#ecdsa-whirlpool
        

The Elliptic Curve Digital Signature Algorithm (ECDSA) [FIPS180-4] is the elliptic curve analogue of the Digital Signature Algorithm (DSA) signature method, i.e., the Digital Signature Standard (DSS). It takes no explicit parameters. For detailed specifications of how to use it with SHA hash functions and XML Digital Signature, please see [X9.62] and [RFC4050]. The #ecdsa-ripemd160 and #ecdsa-whirlpool fragments in the new namespace identifies a signature method processed in the same way as specified by the #ecdsa-sha1 fragment of this namespace, with the exception that RIPEMD160 or Whirlpool is used instead of SHA-1.

椭圆曲线数字签名算法(ECDSA)[FIPS180-4]是数字签名算法(DSA)签名方法的椭圆曲线模拟,即数字签名标准(DSS)。它不需要显式参数。有关如何将其与SHA哈希函数和XML数字签名一起使用的详细规范,请参阅[X9.62]和[RFC4050]。新名称空间中的#ecdsa-ripemd160和#ecdsa whirlpool片段标识签名方法,处理方式与此名称空间的#ecdsa-sha1片段指定的方式相同,但使用ripemd160或whirlpool代替SHA-1除外。

The output of the ECDSA algorithm consists of a pair of integers usually referred by the pair (r, s). The signature value consists of the base64 encoding of the concatenation of two octet streams that respectively result from the octet-encoding of the values r and s in that order. Conversion from integer to octet stream must be done according to the I2OSP operation defined in the [RFC3447] specification with the l parameter equal to the size of the base point order of the curve in bytes (e.g., 32 for the P-256 curve and 66 for the P-521 curve [FIPS186-3]).

ECDSA算法的输出由一对整数组成,通常由该对(r,s)引用。签名值由两个八位字节流的串联的base64编码组成,这两个八位字节流分别由值r和s按该顺序的八位字节编码产生。必须根据[RFC3447]规范中定义的I2OSP操作完成从整数到八位字节流的转换,l参数等于以字节为单位的曲线基点顺序的大小(例如,P-256曲线为32,P-521曲线为66[FIPS186-3])。

For an introduction to elliptic curve cryptographic algorithms, see [RFC6090] and note the errata (Errata ID 2773-2777).

有关椭圆曲线密码算法的介绍,请参见[RFC6090]并注意勘误表(勘误表ID 2773-2777)。

2.3.7. ESIGN-SHA*
2.3.7. ESIGN-SHA*
   Identifiers:
      http://www.w3.org/2001/04/xmldsig-more#esign-sha1
      http://www.w3.org/2001/04/xmldsig-more#esign-sha224
      http://www.w3.org/2001/04/xmldsig-more#esign-sha256
      http://www.w3.org/2001/04/xmldsig-more#esign-sha384
      http://www.w3.org/2001/04/xmldsig-more#esign-sha512
        
   Identifiers:
      http://www.w3.org/2001/04/xmldsig-more#esign-sha1
      http://www.w3.org/2001/04/xmldsig-more#esign-sha224
      http://www.w3.org/2001/04/xmldsig-more#esign-sha256
      http://www.w3.org/2001/04/xmldsig-more#esign-sha384
      http://www.w3.org/2001/04/xmldsig-more#esign-sha512
        

The ESIGN algorithm specified in [IEEEP1363a] is a signature scheme based on the integer factorization problem. It is much faster than previous digital signature schemes, so ESIGN can be implemented on smart cards without special co-processors.

[IEEEP1363a]中指定的ESIGN算法是基于整数分解问题的签名方案。它比以前的数字签名方案快得多,因此无需特殊的协处理器即可在智能卡上实现ESIGN。

An example of use is

使用的一个例子是

   <SignatureMethod
      Algorithm="http://www.w3.org/2001/04/xmldsig-more#esign-sha1"
   />
        
   <SignatureMethod
      Algorithm="http://www.w3.org/2001/04/xmldsig-more#esign-sha1"
   />
        
2.3.8. RSA-Whirlpool
2.3.8. RSA漩涡
   Identifier:
      http://www.w3.org/2007/05/xmldsig-more#rsa-whirlpool
        
   Identifier:
      http://www.w3.org/2007/05/xmldsig-more#rsa-whirlpool
        

As in the definition of the RSA-SHA1 algorithm in [XMLDSIG11], the designator "RSA" means the RSASSA-PKCS1-v1_5 algorithm as defined in [RFC3447]. When identified through the #rsa-whirlpool fragment identifier, Whirlpool is used as the hash algorithm instead. Use of the ASN.1 BER Whirlpool algorithm designator is implied. That designator is hex 30 4e 30 0a 06 06 28 cf 06 03 00 37 05 00 04 40 as an explicit octet sequence. This corresponds to OID 1.0.10118.3.0.55 defined in [10118-3].

正如[XMLDSIG11]中对RSA-SHA1算法的定义一样,指示符“RSA”是指[RFC3447]中定义的RSASSA-PKCS1-v1_5算法。当通过#rsa whirlpool片段标识符识别时,whirlpool被用作哈希算法。暗示使用ASN.1 BER Whirlpool算法指示符。该指示符为十六进制304E300A00628 cf 0603 00 37 05 00 04 40,作为一个明确的八位字节序列。这对应于[10118-3]中定义的OID 1.0.10118.3.0.55。

An example of use is

使用的一个例子是

   <SignatureMethod
      Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-whirlpool"
   />
        
   <SignatureMethod
      Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-whirlpool"
   />
        
2.3.9. RSASSA-PSS with Parameters
2.3.9. 带参数的RSASSA-PSS
   Identifiers:
      http://www.w3.org/2007/05/xmldsig-more#rsa-pss
      http://www.w3.org/2007/05/xmldsig-more#MGF1
        
   Identifiers:
      http://www.w3.org/2007/05/xmldsig-more#rsa-pss
      http://www.w3.org/2007/05/xmldsig-more#MGF1
        

These identifiers imply the PKCS#1 EMSA-PSS encoding algorithm [RFC3447]. The RSASSA-PSS algorithm takes the digest method (hash function), a mask generation function, the salt length in bytes (SaltLength), and the trailer field as explicit parameters.

这些标识符意味着PKCS#1 EMSA-PSS编码算法[RFC3447]。RSASSA-PSS算法将摘要方法(哈希函数)、掩码生成函数、以字节为单位的salt长度(salt长度)和拖车字段作为显式参数。

Algorithm identifiers for hash functions specified in XML encryption [XMLENC11] [XMLDSIG11] and in Section 2.1 are considered to be valid algorithm identifiers for hash functions. According to [RFC3447], the default value for the digest function is SHA-1, but due to the discovered weakness of SHA-1 [RFC6194], it is recommended that SHA-256 or a stronger hash function be used. Notwithstanding [RFC3447], SHA-256 is the default to be used with these SignatureMethod identifiers if no hash function has been specified.

XML加密[XMLENC11][XMLDSIG11]和第2.1节中指定的哈希函数的算法标识符被视为哈希函数的有效算法标识符。根据[RFC3447],摘要函数的默认值为SHA-1,但由于发现SHA-1[RFC6194]的弱点,建议使用SHA-256或更强的哈希函数。尽管有[RFC3447]的规定,但如果未指定哈希函数,则SHA-256是与这些SignatureMethod标识符一起使用的默认值。

The default salt length for these SignatureMethod identifiers if the SaltLength is not specified SHALL be the number of octets in the hash value of the digest method, as recommended in [RFC4055]. In a parameterized RSASSA-PSS signature the ds:DigestMethod and the SaltLength parameters usually appear. If they do not, the defaults make this equivalent to http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1 (see Section 2.3.10). The TrailerField defaults to 1 (0xBC) when omitted.

如果未指定salt长度,则这些SignatureMethod标识符的默认salt长度应为[RFC4055]中建议的摘要方法哈希值中的八位字节数。在参数化RSASSA-PSS签名中,ds:DigestMethod和SaltLength参数通常出现。如果没有,默认值将使其等效于http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1(见第2.3.10节)。省略时,TrailerField默认为1(0xBC)。

Schema Definition (target namespace http://www.w3.org/2007/05/xmldsig-more#):

架构定义(目标命名空间)http://www.w3.org/2007/05/xmldsig-more#):

   <xs:element name="RSAPSSParams" type="pss:RSAPSSParamsType">
       <xs:annotation>
           <xs:documentation>
   Top level element that can be used in xs:any namespace="#other"
   wildcard of ds:SignatureMethod content.
           </xs:documentation>
       </xs:annotation>
   </xs:element>
   <xs:complexType name="RSAPSSParamsType">
       <xs:sequence>
           <xs:element ref="ds:DigestMethod" minOccurs="0"/>
           <xs:element name="MaskGenerationFunction"
              type="pss:MaskGenerationFunctionType" minOccurs="0"/>
           <xs:element name="SaltLength" type="xs:int"
              minOccurs="0"/>
           <xs:element name="TrailerField" type="xs:int"
              minOccurs="0"/>
       </xs:sequence>
   </xs:complexType>
   <xs:complexType name="MaskGenerationFunctionType">
       <xs:sequence>
           <xs:element ref="ds:DigestMethod" minOccurs="0"/>
       </xs:sequence>
       <xs:attribute name="Algorithm" type="xs:anyURI"
          default="http://www.w3.org/2007/05/xmldsig-more#MGF1"/>
   </xs:complexType>
        
   <xs:element name="RSAPSSParams" type="pss:RSAPSSParamsType">
       <xs:annotation>
           <xs:documentation>
   Top level element that can be used in xs:any namespace="#other"
   wildcard of ds:SignatureMethod content.
           </xs:documentation>
       </xs:annotation>
   </xs:element>
   <xs:complexType name="RSAPSSParamsType">
       <xs:sequence>
           <xs:element ref="ds:DigestMethod" minOccurs="0"/>
           <xs:element name="MaskGenerationFunction"
              type="pss:MaskGenerationFunctionType" minOccurs="0"/>
           <xs:element name="SaltLength" type="xs:int"
              minOccurs="0"/>
           <xs:element name="TrailerField" type="xs:int"
              minOccurs="0"/>
       </xs:sequence>
   </xs:complexType>
   <xs:complexType name="MaskGenerationFunctionType">
       <xs:sequence>
           <xs:element ref="ds:DigestMethod" minOccurs="0"/>
       </xs:sequence>
       <xs:attribute name="Algorithm" type="xs:anyURI"
          default="http://www.w3.org/2007/05/xmldsig-more#MGF1"/>
   </xs:complexType>
        
2.3.10. RSASSA-PSS without Parameters
2.3.10. 无参数RSASSA-PSS

[RFC3447] currently specifies only one mask generation function MGF1 based on a hash function. Although [RFC3447] allows for parameterization, the default is to use the same hash function as the digest method function. Only this default approach is supported by this section; therefore, the definition of a mask generation function type is not needed yet. The same applies to the trailer field. There is only one value (0xBC) specified in [RFC3447]. Hence, this default parameter must be used for signature generation. The default salt length is the length of the hash function.

[RFC3447]当前仅基于哈希函数指定一个掩码生成函数MGF1。尽管[RFC3447]允许参数化,默认情况下使用与摘要方法函数相同的哈希函数。本节仅支持此默认方法;因此,还不需要定义掩码生成函数类型。这同样适用于拖车字段。[RFC3447]中只指定了一个值(0xBC)。因此,此默认参数必须用于签名生成。默认的salt长度是散列函数的长度。

   Identifiers:
      http://www.w3.org/2007/05/xmldsig-more#sha3-224-rsa-MGF1
      http://www.w3.org/2007/05/xmldsig-more#sha3-256-rsa-MGF1
      http://www.w3.org/2007/05/xmldsig-more#sha3-384-rsa-MGF1
      http://www.w3.org/2007/05/xmldsig-more#sha3-512-rsa-MGF1
        
   Identifiers:
      http://www.w3.org/2007/05/xmldsig-more#sha3-224-rsa-MGF1
      http://www.w3.org/2007/05/xmldsig-more#sha3-256-rsa-MGF1
      http://www.w3.org/2007/05/xmldsig-more#sha3-384-rsa-MGF1
      http://www.w3.org/2007/05/xmldsig-more#sha3-512-rsa-MGF1
        
      http://www.w3.org/2007/05/xmldsig-more#md2-rsa-MGF1
      http://www.w3.org/2007/05/xmldsig-more#md5-rsa-MGF1
      http://www.w3.org/2007/05/xmldsig-more#sha1-rsa-MGF1
      http://www.w3.org/2007/05/xmldsig-more#sha224-rsa-MGF1
      http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1
      http://www.w3.org/2007/05/xmldsig-more#sha384-rsa-MGF1
      http://www.w3.org/2007/05/xmldsig-more#sha512-rsa-MGF1
      http://www.w3.org/2007/05/xmldsig-more#ripemd128-rsa-MGF1
      http://www.w3.org/2007/05/xmldsig-more#ripemd160-rsa-MGF1
      http://www.w3.org/2007/05/xmldsig-more#whirlpool-rsa-MGF1
        
      http://www.w3.org/2007/05/xmldsig-more#md2-rsa-MGF1
      http://www.w3.org/2007/05/xmldsig-more#md5-rsa-MGF1
      http://www.w3.org/2007/05/xmldsig-more#sha1-rsa-MGF1
      http://www.w3.org/2007/05/xmldsig-more#sha224-rsa-MGF1
      http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1
      http://www.w3.org/2007/05/xmldsig-more#sha384-rsa-MGF1
      http://www.w3.org/2007/05/xmldsig-more#sha512-rsa-MGF1
      http://www.w3.org/2007/05/xmldsig-more#ripemd128-rsa-MGF1
      http://www.w3.org/2007/05/xmldsig-more#ripemd160-rsa-MGF1
      http://www.w3.org/2007/05/xmldsig-more#whirlpool-rsa-MGF1
        

An example of use is

使用的一个例子是

   <SignatureMethod
     Algorithm=
     "http://www.w3.org/2007/05/xmldsig-more#SHA3-256-rsa-MGF1"
   />
        
   <SignatureMethod
     Algorithm=
     "http://www.w3.org/2007/05/xmldsig-more#SHA3-256-rsa-MGF1"
   />
        
2.3.11. RSA-SHA224
2.3.11. RSA-SHA224
   Identifier:
      http://www.w3.org/2007/05/xmldsig-more#rsa-sha224
        
   Identifier:
      http://www.w3.org/2007/05/xmldsig-more#rsa-sha224
        

This implies the PKCS#1 v1.5 padding algorithm [RFC3447] as described in Section 2.3.1, but with the ASN.1 BER SHA-224 algorithm designator prefix. An example of use is

这意味着PKCS#1 v1.5填充算法[RFC3447]如第2.3.1节所述,但带有ASN.1 BER SHA-224算法标识符前缀。使用的一个例子是

   <SignatureMethod
      Algorithm="http://www.w3.org/2007/05/xmldsig-more#rsa-sha224" />
        
   <SignatureMethod
      Algorithm="http://www.w3.org/2007/05/xmldsig-more#rsa-sha224" />
        

Because it takes about the same effort to calculate a SHA-224 message digest as it does a SHA-256 message digest, it is suggested that RSA-SHA256 be used in preference to RSA-SHA224 where possible.

由于计算SHA-224消息摘要与计算SHA-256消息摘要所需的工作量大致相同,因此建议尽可能优先使用RSA-SHA256而不是RSA-SHA224。

2.4. Minimal Canonicalization
2.4. 最小规范化

Thus far, two independent interoperable implementations of Minimal Canonicalization have not been announced. Therefore, when XML Digital Signature was advanced along the Standards Track from [RFC3075] to [RFC3275], Minimal Canonicalization was dropped. However, there is still interest. For its definition, see Section 6.5.1 of [RFC3075].

到目前为止,还没有宣布两个独立的可互操作的最小规范化实现。因此,当XML数字签名沿着标准轨道从[RFC3075]前进到[RFC3275]时,最小的规范化被放弃。然而,仍然有人感兴趣。其定义见[RFC3075]第6.5.1节。

   For reference, its identifier remains:
      http://www.w3.org/2000/09/xmldsig#minimal
        
   For reference, its identifier remains:
      http://www.w3.org/2000/09/xmldsig#minimal
        
2.5. Transform Algorithms
2.5. 变换算法

Note that all CanonicalizationMethod algorithms can also be used as transform algorithms.

请注意,所有规范化方法算法也可以用作变换算法。

2.5.1. XPointer
2.5.1. XPointer
   Identifier:
      http://www.w3.org/2001/04/xmldsig-more#xptr
        
   Identifier:
      http://www.w3.org/2001/04/xmldsig-more#xptr
        

This transform algorithm takes an [XPointer] as an explicit parameter. An example of use is:

此转换算法将[XPointer]作为显式参数。一个使用示例是:

   <Transform
      Algorithm="http://www.w3.org/2001/04/xmldsig-more/xptr">
      <XPointer
         xmlns="http://www.w3.org/2001/04/xmldsig-more/xptr">
            xpointer(id("foo")) xmlns(bar=http://foobar.example)
            xpointer(//bar:Zab[@Id="foo"])
      </XPointer>
   </Transform>
        
   <Transform
      Algorithm="http://www.w3.org/2001/04/xmldsig-more/xptr">
      <XPointer
         xmlns="http://www.w3.org/2001/04/xmldsig-more/xptr">
            xpointer(id("foo")) xmlns(bar=http://foobar.example)
            xpointer(//bar:Zab[@Id="foo"])
      </XPointer>
   </Transform>
        

Schema Definition:

架构定义:

      <element name="XPointer" type="string"/>
        
      <element name="XPointer" type="string"/>
        

DTD:

DTD:

      <!ELEMENT XPointer (#PCDATA) >
        
      <!ELEMENT XPointer (#PCDATA) >
        

Input to this transform is an octet stream (which is then parsed into XML).

此转换的输入是一个八位字节流(然后将其解析为XML)。

Output from this transform is a node set; the results of the XPointer are processed as defined in the XMLDSIG specification [RFC3275] for a same-document XPointer.

此转换的输出是一个节点集;XPointer的结果按照XMLDSIG规范[RFC3275]中对同一文档XPointer的定义进行处理。

2.6. EncryptionMethod Algorithms
2.6. 加密算法

This subsection gives identifiers and information for several EncryptionMethod Algorithms.

本小节给出了几种EncryptionMethod算法的标识符和信息。

2.6.1. ARCFOUR Encryption Algorithm
2.6.1. ARCFOUR加密算法
   Identifier:
      http://www.w3.org/2001/04/xmldsig-more#arcfour
        
   Identifier:
      http://www.w3.org/2001/04/xmldsig-more#arcfour
        

ARCFOUR is a fast, simple stream encryption algorithm that is compatible with RSA Security's RC4 algorithm [RC4]. An example EncryptionMethod element using ARCFOUR is

ARCFOUR是一种快速、简单的流加密算法,与RSA Security的RC4算法[RC4]兼容。使用ARCFOUR的EncryptionMethod元素示例如下

   <EncryptionMethod
      Algorithm="http://www.w3.org/2001/04/xmldsig-more#arcfour">
      <KeySize>40</KeySize>
   </EncryptionMethod>
        
   <EncryptionMethod
      Algorithm="http://www.w3.org/2001/04/xmldsig-more#arcfour">
      <KeySize>40</KeySize>
   </EncryptionMethod>
        

Note that Arcfour makes use of the generic KeySize parameter specified and defined in [XMLENC11].

请注意,Arcfour使用了[XMLENC11]中指定和定义的通用KeySize参数。

2.6.2. Camellia Block Encryption
2.6.2. Camellia块加密
   Identifiers:
      http://www.w3.org/2001/04/xmldsig-more#camellia128-cbc
      http://www.w3.org/2001/04/xmldsig-more#camellia192-cbc
      http://www.w3.org/2001/04/xmldsig-more#camellia256-cbc
        
   Identifiers:
      http://www.w3.org/2001/04/xmldsig-more#camellia128-cbc
      http://www.w3.org/2001/04/xmldsig-more#camellia192-cbc
      http://www.w3.org/2001/04/xmldsig-more#camellia256-cbc
        

Camellia is a block cipher with the same interface as the AES [Camellia] [RFC3713]; it has a 128-bit block size and 128-, 192-, and 256-bit key sizes. In XML encryption, Camellia is used in the same way as the AES: it is used in the Cipher Block Chaining (CBC) mode with a 128-bit initialization vector (IV). The resulting cipher text is prefixed by the IV. If included in XML output, it is then base64 encoded. An example Camellia EncryptionMethod is as follows:

Camellia是一种分组密码,与AES[Camellia][RFC3713]具有相同的接口;它具有128位块大小和128、192和256位密钥大小。在XML加密中,Camellia的使用方式与AES相同:它在具有128位初始化向量(IV)的密码块链接(CBC)模式中使用。生成的密码文本以IV作为前缀。如果包含在XML输出中,则对其进行base64编码。Camellia EncryptionMethod示例如下:

   <EncryptionMethod
      Algorithm=
      "http://www.w3.org/2001/04/xmldsig-more#camellia128-cbc"
   />
        
   <EncryptionMethod
      Algorithm=
      "http://www.w3.org/2001/04/xmldsig-more#camellia128-cbc"
   />
        
2.6.3. Camellia Key Wrap
2.6.3. 茶花钥匙套
   Identifiers:
      http://www.w3.org/2001/04/xmldsig-more#kw-camellia128
      http://www.w3.org/2001/04/xmldsig-more#kw-camellia192
      http://www.w3.org/2001/04/xmldsig-more#kw-camellia256
        
   Identifiers:
      http://www.w3.org/2001/04/xmldsig-more#kw-camellia128
      http://www.w3.org/2001/04/xmldsig-more#kw-camellia192
      http://www.w3.org/2001/04/xmldsig-more#kw-camellia256
        

Camellia [Camellia] [RFC3713] key wrap is identical to the AES key wrap algorithm [RFC3394] specified in the XML Encryption standard with "AES" replaced by "Camellia". As with AES key wrap, the check value is 0xA6A6A6A6A6A6A6A6.

Camellia[Camellia][RFC3713]密钥封装与XML加密标准中指定的AES密钥封装算法[RFC3394]相同,其中“AES”替换为“Camellia”。与AES密钥包裹一样,检查值为0xA6。

The algorithm is the same whatever the size of the Camellia key used in wrapping, called the "key encrypting key" or "KEK". If Camellia is supported, it is particularly suggested that wrapping 128-bit keys with a 128-bit KEK and wrapping 256-bit keys with a 256-bit KEK be supported.

无论包装中使用的茶花密钥大小如何,该算法都是相同的,称为“密钥加密密钥”或“KEK”。如果支持Camellia,则特别建议支持使用128位KEK包装128位密钥和使用256位KEK包装256位密钥。

An example of use is:

一个使用示例是:

   <EncryptionMethod
      Algorithm=
      "http://www.w3.org/2001/04/xmldsig-more#kw-camellia128"
   />
        
   <EncryptionMethod
      Algorithm=
      "http://www.w3.org/2001/04/xmldsig-more#kw-camellia128"
   />
        
2.6.4. PSEC-KEM
2.6.4. PSEC-KEM
   Identifier:
      http://www.w3.org/2001/04/xmldsig-more#psec-kem
        
   Identifier:
      http://www.w3.org/2001/04/xmldsig-more#psec-kem
        

The PSEC-KEM algorithm, specified in [18033-2], is a key encapsulation mechanism using elliptic curve encryption.

[18033-2]中规定的PSEC-KEM算法是一种使用椭圆曲线加密的密钥封装机制。

An example of use is:

一个使用示例是:

   <EncryptionMethod
      Algorithm="http://www.w3.org/2001/04/xmlenc#psec-kem">
      <ECParameters>
         <Version>version</Version>
         <FieldID>id</FieldID>
         <Curve>curve</Curve>
         <Base>base</Base>
         <Order>order</Order>
         <Cofactor>cofactor</Cofactor>
      </ECParameters>
   </EncryptionMethod>
        
   <EncryptionMethod
      Algorithm="http://www.w3.org/2001/04/xmlenc#psec-kem">
      <ECParameters>
         <Version>version</Version>
         <FieldID>id</FieldID>
         <Curve>curve</Curve>
         <Base>base</Base>
         <Order>order</Order>
         <Cofactor>cofactor</Cofactor>
      </ECParameters>
   </EncryptionMethod>
        

See [18033-2] for information on the parameters above.

有关上述参数的信息,请参见[18033-2]。

2.6.5. SEED Block Encryption
2.6.5. 种子块加密
   Identifier:
      http://www.w3.org/2007/05/xmldsig-more#seed128-cbc
        
   Identifier:
      http://www.w3.org/2007/05/xmldsig-more#seed128-cbc
        

SEED [RFC4269] is a 128-bit block size with 128-bit key sizes. In XML Encryption, SEED can be used in the Cipher Block Chaining (CBC) mode with a 128-bit initialization vector (IV). The resulting cipher text is prefixed by the IV. If included in XML output, it is then base64 encoded.

种子[RFC4269]是128位块大小和128位密钥大小。在XML加密中,SEED可以在具有128位初始化向量(IV)的密码块链接(CBC)模式中使用。生成的密码文本以IV作为前缀。如果包含在XML输出中,则对其进行base64编码。

An example SEED EncryptionMethod is as follows:

种子加密方法示例如下所示:

   <EncryptionMethod
      Algorithm="http://www.w3.org/2007/05/xmldsig-more#seed128-cbc" />
        
   <EncryptionMethod
      Algorithm="http://www.w3.org/2007/05/xmldsig-more#seed128-cbc" />
        
2.6.6. SEED Key Wrap
2.6.6. 种子钥匙套
   Identifier:
      http://www.w3.org/2007/05/xmldsig-more#kw-seed128
        
   Identifier:
      http://www.w3.org/2007/05/xmldsig-more#kw-seed128
        

Key wrapping with SEED is identical to Section 2.2.1 of [RFC3394] with "AES" replaced by "SEED". The algorithm is specified in [RFC4010]. The implementation of SEED is optional. The default initial value is 0xA6A6A6A6A6A6A6A6.

带种子的键包装与[RFC3394]第2.2.1节相同,将“AES”替换为“种子”。[RFC4010]中规定了算法。SEED的实现是可选的。默认初始值为0xA6。

An example of use is:

一个使用示例是:

   <EncryptionMethod
      Algorithm=
      "http://www.w3.org/2007/05/xmldsig-more#kw-seed128"
   />
        
   <EncryptionMethod
      Algorithm=
      "http://www.w3.org/2007/05/xmldsig-more#kw-seed128"
   />
        
3. KeyInfo
3. 密钥信息

In Section 3.1 below a new KeyInfo element child is specified, while in Section 3.2 additional KeyInfo Type values for use in RetrievalMethod are specified.

在下面的第3.1节中,指定了一个新的KeyInfo元素子元素,而在第3.2节中,指定了在RetrievalMethod中使用的其他KeyInfo类型值。

3.1. PKCS #7 Bag of Certificates and CRLs
3.1. PKCS#7袋证书和CRL

A PKCS #7 [RFC2315] "signedData" can also be used as a bag of certificates and/or certificate revocation lists (CRLs). The PKCS7signedData element is defined to accommodate such structures within KeyInfo. The binary PKCS #7 structure is base64 [RFC2045] encoded. Any signer information present is ignored. The following is an example [RFC3092], eliding the base64 data:

PKCS#7[RFC2315]“signedData”也可用作一包证书和/或证书撤销列表(CRL)。PKCS7signedData元素定义为在KeyInfo中容纳此类结构。二进制PKCS#7结构是base64[RFC2045]编码的。将忽略存在的任何签名者信息。以下是一个示例[RFC3092],省略了base64数据:

   <foo:PKCS7signedData
      xmlns:foo="http://www.w3.org/2001/04/xmldsig-more">
      ...
   </foo:PKCS7signedData>
        
   <foo:PKCS7signedData
      xmlns:foo="http://www.w3.org/2001/04/xmldsig-more">
      ...
   </foo:PKCS7signedData>
        
3.2. Additional RetrievalMethod Type Values
3.2. 其他RetrievalMethod类型值

The Type attribute of RetrievalMethod is an optional identifier for the type of data to be retrieved. The result of dereferencing a RetrievalMethod reference for all KeyInfo types with an XML structure is an XML element or document with that element as the root. The various "raw" key information types return a binary value. Thus, they require a Type attribute because they are not unambiguously parsable.

RetrievalMethod的Type属性是要检索的数据类型的可选标识符。对所有具有XML结构的KeyInfo类型取消引用RetrievalMethod引用的结果是一个XML元素或以该元素为根的文档。各种“原始”键信息类型返回二进制值。因此,它们需要类型属性,因为它们不是明确可解析的。

   Identifiers:
      http://www.w3.org/2001/04/xmldsig-more#KeyName
      http://www.w3.org/2001/04/xmldsig-more#KeyValue
      http://www.w3.org/2001/04/xmldsig-more#PKCS7signedData
      http://www.w3.org/2001/04/xmldsig-more#rawPGPKeyPacket
      http://www.w3.org/2001/04/xmldsig-more#rawPKCS7signedData
      http://www.w3.org/2001/04/xmldsig-more#rawSPKISexp
      http://www.w3.org/2001/04/xmldsig-more#rawX509CRL
      http://www.w3.org/2001/04/xmldsig-more#RetrievalMethod
        
   Identifiers:
      http://www.w3.org/2001/04/xmldsig-more#KeyName
      http://www.w3.org/2001/04/xmldsig-more#KeyValue
      http://www.w3.org/2001/04/xmldsig-more#PKCS7signedData
      http://www.w3.org/2001/04/xmldsig-more#rawPGPKeyPacket
      http://www.w3.org/2001/04/xmldsig-more#rawPKCS7signedData
      http://www.w3.org/2001/04/xmldsig-more#rawSPKISexp
      http://www.w3.org/2001/04/xmldsig-more#rawX509CRL
      http://www.w3.org/2001/04/xmldsig-more#RetrievalMethod
        
4. Indexes
4. 索引

The following subsections provide an index by URI and by fragment identifier (the portion of the URI after "#") of the algorithm and KeyInfo URIs defined in this document and in the standards (plus the one KeyInfo child element name defined in this document). The "Sec/Doc" column has the section of this document or, if not specified in this document, the document where the item is specified. See also [XMLSECXREF].

以下小节按URI和片段标识符(本文档和标准中定义的算法和KeyInfo URI的“#”)提供索引(加上本文档中定义的一个KeyInfo子元素名称)。“Sec/Doc”列包含本文档的部分,如果本文档未指定,则包含指定项目的文档。另请参见[XMLSECXREF]。

4.1. Fragment Index
4.1. 片段索引

The initial "http://www.w3.org/" part of the URI is not included below. The first six entries have a null fragment identifier or no fragment identifier.

首字母“http://www.w3.org/“下面不包括部分URI。前六个条目具有空片段标识符或没有片段标识符。

   Fragment            URI                                   Sec/Doc
   ---------           ----                                 --------
        
   Fragment            URI                                   Sec/Doc
   ---------           ----                                 --------
        
                       2002/06/xmldsig-filter2                [XPATH]
                       2006/12/xmlc12n11#                   [CANON11]
                       TR/1999/REC-xslt-19991116               [XSLT]
                       TR/1999/REC-xpath-19991116             [XPATH]
                       TR/2001/06/xml-exc-c14n#              [XCANON]
                       TR/2001/REC-xml-c14n-20010315        [CANON10]
                       TR/2001/REC-xmlschema-1-20010502      [Schema]
        
                       2002/06/xmldsig-filter2                [XPATH]
                       2006/12/xmlc12n11#                   [CANON11]
                       TR/1999/REC-xslt-19991116               [XSLT]
                       TR/1999/REC-xpath-19991116             [XPATH]
                       TR/2001/06/xml-exc-c14n#              [XCANON]
                       TR/2001/REC-xml-c14n-20010315        [CANON10]
                       TR/2001/REC-xmlschema-1-20010502      [Schema]
        
   aes128-cbc          2001/04/xmlenc#aes128-cbc           [XMLENC11]
   aes128-gcm          2009/xmlenc11#aes128-gcm            [XMLENC11]
   aes192-cbc          2001/04/xmlenc#aes192-cbc           [XMLENC11]
   aes192-gcm          2009/xmlenc11#aes192-gcm            [XMLENC11]
   aes256-cbc          2001/04/xmlenc#aes256-cbc           [XMLENC11]
   aes256-gcm          2009/xmlenc11#aes256-gcm            [XMLENC11]
   arcfour             2001/04/xmldsig-more#arcfour            2.6.1
        
   aes128-cbc          2001/04/xmlenc#aes128-cbc           [XMLENC11]
   aes128-gcm          2009/xmlenc11#aes128-gcm            [XMLENC11]
   aes192-cbc          2001/04/xmlenc#aes192-cbc           [XMLENC11]
   aes192-gcm          2009/xmlenc11#aes192-gcm            [XMLENC11]
   aes256-cbc          2001/04/xmlenc#aes256-cbc           [XMLENC11]
   aes256-gcm          2009/xmlenc11#aes256-gcm            [XMLENC11]
   arcfour             2001/04/xmldsig-more#arcfour            2.6.1
        
   base64              2000/09/xmldsig#base64               [RFC3275]
        
   base64              2000/09/xmldsig#base64               [RFC3275]
        
   camellia128-cbc     2001/04/xmldsig-more#camellia128-cbc    2.6.2
   camellia192-cbc     2001/04/xmldsig-more#camellia192-cbc    2.6.2
   camellia256-cbc     2001/04/xmldsig-more#camellia256-cbc    2.6.2
   ConcatKDF           2009/xmlenc11#ConcatKDF             [XMLENC11]
        
   camellia128-cbc     2001/04/xmldsig-more#camellia128-cbc    2.6.2
   camellia192-cbc     2001/04/xmldsig-more#camellia192-cbc    2.6.2
   camellia256-cbc     2001/04/xmldsig-more#camellia256-cbc    2.6.2
   ConcatKDF           2009/xmlenc11#ConcatKDF             [XMLENC11]
        
   decrypt#XML         2002/07/decrypt#XML                  [DECRYPT]
   decrypt#Binary      2002/07/decrypt#Binary               [DECRYPT]
   DEREncodedKeyValue  2009/xmldsig11#DEREncodedKeyValue  [XMLDSIG11]
   dh                  2001/04/xmlenc#dh                   [XMLENC11]
   dh-es               2009/xmlenc11#dh-es                 [XMLENC11]
   dsa-sha1            2000/09/xmldsig#dsa-sha1             [RFC3275]
   dsa-sha256          2009/xmldsig11#dsa-sha256          [XMLDSIG11]
   DSAKeyValue         2000/09/xmldsig#DSAKeyValue        [XMLDSIG11]
        
   decrypt#XML         2002/07/decrypt#XML                  [DECRYPT]
   decrypt#Binary      2002/07/decrypt#Binary               [DECRYPT]
   DEREncodedKeyValue  2009/xmldsig11#DEREncodedKeyValue  [XMLDSIG11]
   dh                  2001/04/xmlenc#dh                   [XMLENC11]
   dh-es               2009/xmlenc11#dh-es                 [XMLENC11]
   dsa-sha1            2000/09/xmldsig#dsa-sha1             [RFC3275]
   dsa-sha256          2009/xmldsig11#dsa-sha256          [XMLDSIG11]
   DSAKeyValue         2000/09/xmldsig#DSAKeyValue        [XMLDSIG11]
        
   ECDH-ES             2009/xmlenc11#ECDH-ES               [XMLENC11]
   ecdsa-ripemd160     2007/05/xmldsig-more#ecdsa-ripemd160    2.3.6
   ecdsa-sha1          2001/04/xmldsig-more#ecdsa-sha1         2.3.6
   ecdsa-sha224        2001/04/xmldsig-more#ecdsa-sha224       2.3.6
   ecdsa-sha256        2001/04/xmldsig-more#ecdsa-sha256       2.3.6
   ecdsa-sha384        2001/04/xmldsig-more#ecdsa-sha384       2.3.6
   ecdsa-sha512        2001/04/xmldsig-more#ecdsa-sha512       2.3.6
        
   ECDH-ES             2009/xmlenc11#ECDH-ES               [XMLENC11]
   ecdsa-ripemd160     2007/05/xmldsig-more#ecdsa-ripemd160    2.3.6
   ecdsa-sha1          2001/04/xmldsig-more#ecdsa-sha1         2.3.6
   ecdsa-sha224        2001/04/xmldsig-more#ecdsa-sha224       2.3.6
   ecdsa-sha256        2001/04/xmldsig-more#ecdsa-sha256       2.3.6
   ecdsa-sha384        2001/04/xmldsig-more#ecdsa-sha384       2.3.6
   ecdsa-sha512        2001/04/xmldsig-more#ecdsa-sha512       2.3.6
        
   ecdsa-whirlpool     2007/05/xmldsig-more#ecdsa-whirlpool    2.3.5
   ecies-kem           2010/xmlsec-ghc#ecies-kem            [GENERIC]
   ECKeyValue          2009/xmldsig11#ECKeyValue          [XMLDSIG11]
   enveloped-signature 2000/09/xmldsig#enveloped-signature  [RFC3275]
   esign-sha1          2001/04/xmldsig-more#esign-sha1         2.3.7
   esign-sha224        2001/04/xmldsig-more#esign-sha224       2.3.7
   esign-sha256        2001/04/xmldsig-more#esign-sha256       2.3.7
   esign-sha384        2001/04/xmldsig-more#esign-sha384       2.3.7
   esign-sha512        2001/04/xmldsig-more#esign-sha512       2.3.7
        
   ecdsa-whirlpool     2007/05/xmldsig-more#ecdsa-whirlpool    2.3.5
   ecies-kem           2010/xmlsec-ghc#ecies-kem            [GENERIC]
   ECKeyValue          2009/xmldsig11#ECKeyValue          [XMLDSIG11]
   enveloped-signature 2000/09/xmldsig#enveloped-signature  [RFC3275]
   esign-sha1          2001/04/xmldsig-more#esign-sha1         2.3.7
   esign-sha224        2001/04/xmldsig-more#esign-sha224       2.3.7
   esign-sha256        2001/04/xmldsig-more#esign-sha256       2.3.7
   esign-sha384        2001/04/xmldsig-more#esign-sha384       2.3.7
   esign-sha512        2001/04/xmldsig-more#esign-sha512       2.3.7
        

generic-hybrid 2010/xmlsec-ghc#generic-hybrid [GENERIC]

通用混合动力2010/xmlsec ghc#通用混合动力[通用]

   hmac-md5            2001/04/xmldsig-more#hmac-md5           2.2.1
   hmac-ripemd160      2001/04/xmldsig-more#hmac-ripemd160     2.2.3
   hmac-sha1           2000/09/xmldsig#hmac-sha1            [RFC3275]
   hmac-sha224         2001/04/xmldsig-more#hmac-sha224        2.2.2
   hmac-sha256         2001/04/xmldsig-more#hmac-sha256        2.2.2
   hmac-sha384         2001/04/xmldsig-more#hmac-sha384        2.2.2
   hmac-sha512         2001/04/xmldsig-more#hmac-sha512        2.2.2
        
   hmac-md5            2001/04/xmldsig-more#hmac-md5           2.2.1
   hmac-ripemd160      2001/04/xmldsig-more#hmac-ripemd160     2.2.3
   hmac-sha1           2000/09/xmldsig#hmac-sha1            [RFC3275]
   hmac-sha224         2001/04/xmldsig-more#hmac-sha224        2.2.2
   hmac-sha256         2001/04/xmldsig-more#hmac-sha256        2.2.2
   hmac-sha384         2001/04/xmldsig-more#hmac-sha384        2.2.2
   hmac-sha512         2001/04/xmldsig-more#hmac-sha512        2.2.2
        
   KeyName             2001/04/xmldsig-more#KeyName            3.2
   KeyValue            2001/04/xmldsig-more#KeyValue           3.2
   kw-aes128           2001/04/xmlenc#kw-aes128            [XMLENC11]
   kw-aes128-pad       2009/xmlenc11#kw-aes-128-pad        [XMLENC11]
   kw-aes192           2001/04/xmlenc#kw-aes192            [XMLENC11]
   kw-aes192-pad       2009/xmlenc11#kw-aes-192-pad        [XMLENC11]
   kw-aes256           2001/04/xmlenc#kw-aes256            [XMLENC11]
   kw-aes256-pad       2009/xmlenc11#kw-aes-256-pad        [XMLENC11]
   kw-camellia128      2001/04/xmldsig-more#kw-camellia128     2.6.3
   kw-camellia192      2001/04/xmldsig-more#kw-camellia192     2.6.3
   kw-camellia256      2001/04/xmldsig-more#kw-camellia256     2.6.3
   kw-seed128          2007/05/xmldsig-more#kw-seed128         2.6.6
        
   KeyName             2001/04/xmldsig-more#KeyName            3.2
   KeyValue            2001/04/xmldsig-more#KeyValue           3.2
   kw-aes128           2001/04/xmlenc#kw-aes128            [XMLENC11]
   kw-aes128-pad       2009/xmlenc11#kw-aes-128-pad        [XMLENC11]
   kw-aes192           2001/04/xmlenc#kw-aes192            [XMLENC11]
   kw-aes192-pad       2009/xmlenc11#kw-aes-192-pad        [XMLENC11]
   kw-aes256           2001/04/xmlenc#kw-aes256            [XMLENC11]
   kw-aes256-pad       2009/xmlenc11#kw-aes-256-pad        [XMLENC11]
   kw-camellia128      2001/04/xmldsig-more#kw-camellia128     2.6.3
   kw-camellia192      2001/04/xmldsig-more#kw-camellia192     2.6.3
   kw-camellia256      2001/04/xmldsig-more#kw-camellia256     2.6.3
   kw-seed128          2007/05/xmldsig-more#kw-seed128         2.6.6
        
   md2-rsa-MGF1        2007/05/xmldsig-more#md2-rsa-MGF1       2.3.10
   md5                 2001/04/xmldsig-more#md5                2.1.1
   md5-rsa-MGF1        2007/05/xmldsig-more#md5-rsa-MGF1       2.3.10
   MGF1                2007/05/xmldsig-more#MGF1               2.3.9
   mgf1sha1            2009/xmlenc11#mgf1sha1              [XMLENC11]
   mgf1sha224          2009/xmlenc11#mgf1sha224            [XMLENC11]
   mgf1sha256          2009/xmlenc11#mgf1sha256            [XMLENC11]
   mgf1sha384          2009/xmlenc11#mgf1sha384            [XMLENC11]
   mgf1sha512          2009/xmlenc11#mgf1sha512            [XMLENC11]
   MgmtData            2000/09/xmldsig#MgmtData           [XMLDSIG11]
   minimal             2000/09/xmldsig#minimal                 2.4
        
   md2-rsa-MGF1        2007/05/xmldsig-more#md2-rsa-MGF1       2.3.10
   md5                 2001/04/xmldsig-more#md5                2.1.1
   md5-rsa-MGF1        2007/05/xmldsig-more#md5-rsa-MGF1       2.3.10
   MGF1                2007/05/xmldsig-more#MGF1               2.3.9
   mgf1sha1            2009/xmlenc11#mgf1sha1              [XMLENC11]
   mgf1sha224          2009/xmlenc11#mgf1sha224            [XMLENC11]
   mgf1sha256          2009/xmlenc11#mgf1sha256            [XMLENC11]
   mgf1sha384          2009/xmlenc11#mgf1sha384            [XMLENC11]
   mgf1sha512          2009/xmlenc11#mgf1sha512            [XMLENC11]
   MgmtData            2000/09/xmldsig#MgmtData           [XMLDSIG11]
   minimal             2000/09/xmldsig#minimal                 2.4
        
   pbkdf2              2009/xmlenc11#pbkdf2                [XMLENC11]
   PGPData             2000/09/xmldsig#PGPData            [XMLDSIG11]
   PKCS7signedData     2001/04/xmldsig-more#PKCS7signedData    3.1
        
   pbkdf2              2009/xmlenc11#pbkdf2                [XMLENC11]
   PGPData             2000/09/xmldsig#PGPData            [XMLDSIG11]
   PKCS7signedData     2001/04/xmldsig-more#PKCS7signedData    3.1
        
   PKCS7signedData     2001/04/xmldsig-more#PKCS7signedData    3.2
   psec-kem            2001/04/xmldsig-more#psec-kem           2.6.4
        
   PKCS7signedData     2001/04/xmldsig-more#PKCS7signedData    3.2
   psec-kem            2001/04/xmldsig-more#psec-kem           2.6.4
        
   rawPGPKeyPacket     2001/04/xmldsig-more#rawPGPKeyPacket    3.2
   rawPKCS7signedData  2001/04/xmldsig-more#rawPKCS7signedData 3.2
   rawSPKISexp         2001/04/xmldsig-more#rawSPKISexp        3.2
   rawX509Certificate  2000/09/xmldsig#rawX509Certificate   [RFC3275]
   rawX509CRL          2001/04/xmldsig-more#rawX509CRL         3.2
   RetrievalMethod     2001/04/xmldsig-more#RetrievalMethod    3.2
   ripemd128-rsa-MGF1  2007/05/xmldsig-more#ripemd128-rsa-MGF1 2.3.10
   ripemd160           2001/04/xmlenc#ripemd160            [XMLENC11]
   ripemd160-rsa-MGF1  2007/05/xmldsig-more#ripemd160-rsa-MGF1 2.3.10
   rsa-1_5             2001/04/xmlenc#rsa-1_5              [XMLENC11]
   rsa-md5             2001/04/xmldsig-more#rsa-md5            2.3.1
   rsa-oaep            2009/xmlenc11#rsa-oaep              [XMLENC11]
   rsa-oaep-mgf1p      2001/04/xmlenc#rsa-oaep-mgf1p       [XMLENC11]
   rsa-pss             2007/05/xmldsig-more#rsa-pss            2.3.9
   rsa-ripemd160       2001/04/xmldsig-more#rsa-ripemd160      2.3.5
   rsa-sha1            2000/09/xmldsig#rsa-sha1             [RFC3275]
   rsa-sha224          2007/05/xmldsig-more#rsa-sha224         2.3.11
   rsa-sha256          2001/04/xmldsig-more#rsa-sha256         2.3.2
   rsa-sha384          2001/04/xmldsig-more#rsa-sha384         2.3.3
   rsa-sha512          2001/04/xmldsig-more#rsa-sha512         2.3.4
   rsa-whirlpool       2007/05/xmldsig-more#rsa-whirlpool      2.3.5
   rsaes-kem           2010/xmlsec-ghc#rsaes-kem            [GENERIC]
   RSAKeyValue         2000/09/xmldsig#RSAKeyValue        [XMLDSIG11]
        
   rawPGPKeyPacket     2001/04/xmldsig-more#rawPGPKeyPacket    3.2
   rawPKCS7signedData  2001/04/xmldsig-more#rawPKCS7signedData 3.2
   rawSPKISexp         2001/04/xmldsig-more#rawSPKISexp        3.2
   rawX509Certificate  2000/09/xmldsig#rawX509Certificate   [RFC3275]
   rawX509CRL          2001/04/xmldsig-more#rawX509CRL         3.2
   RetrievalMethod     2001/04/xmldsig-more#RetrievalMethod    3.2
   ripemd128-rsa-MGF1  2007/05/xmldsig-more#ripemd128-rsa-MGF1 2.3.10
   ripemd160           2001/04/xmlenc#ripemd160            [XMLENC11]
   ripemd160-rsa-MGF1  2007/05/xmldsig-more#ripemd160-rsa-MGF1 2.3.10
   rsa-1_5             2001/04/xmlenc#rsa-1_5              [XMLENC11]
   rsa-md5             2001/04/xmldsig-more#rsa-md5            2.3.1
   rsa-oaep            2009/xmlenc11#rsa-oaep              [XMLENC11]
   rsa-oaep-mgf1p      2001/04/xmlenc#rsa-oaep-mgf1p       [XMLENC11]
   rsa-pss             2007/05/xmldsig-more#rsa-pss            2.3.9
   rsa-ripemd160       2001/04/xmldsig-more#rsa-ripemd160      2.3.5
   rsa-sha1            2000/09/xmldsig#rsa-sha1             [RFC3275]
   rsa-sha224          2007/05/xmldsig-more#rsa-sha224         2.3.11
   rsa-sha256          2001/04/xmldsig-more#rsa-sha256         2.3.2
   rsa-sha384          2001/04/xmldsig-more#rsa-sha384         2.3.3
   rsa-sha512          2001/04/xmldsig-more#rsa-sha512         2.3.4
   rsa-whirlpool       2007/05/xmldsig-more#rsa-whirlpool      2.3.5
   rsaes-kem           2010/xmlsec-ghc#rsaes-kem            [GENERIC]
   RSAKeyValue         2000/09/xmldsig#RSAKeyValue        [XMLDSIG11]
        
   seed128-cbc         2007/05/xmldsig-more#seed128-cbc        2.6.5
   sha1                2000/09/xmldsig#sha1                 [RFC3275]
   sha1-rsa-MGF1       2007/05/xmldsig-more#sha1-rsa-MGF1      2.3.10
   sha224              2001/04/xmldsig-more#sha224             2.1.2
   sha224-rsa-MGF1     2007/05/xmldsig-more#sha224-rsa-MGF1    2.3.10
   sha256              2001/04/xmlenc#sha256               [XMLENC11]
   sha256-rsa-MGF1     2007/05/xmldsig-more#sha256-rsa-MGF1    2.3.10
   sha3-224            2007/05/xmldsig-more#sha3-224           2.1.5
   sha3-224-rsa-MGF1   2007/05/xmldsig-more#sha3-224-rsa-MGF1  2.3.10
   sha3-256            2007/05/xmldsig-more#sha3-256           2.1.5
   sha3-256-rsa-MGF1   2007/05/xmldsig-more#sha3-256-rsa-MGF1  2.3.10
   sha3-384            2007/05/xmldsig-more#sha3-384           2.1.5
   sha3-384-rsa-MGF1   2007/05/xmldsig-more#sha3-384-rsa-MGF1  2.3.10
   sha3-512            2007/05/xmldsig-more#sha3-512           2.1.5
   sha3-512-rsa-MGF1   2007/05/xmldsig-more#sha3-512-rsa-MGF1  2.3.10
   sha384              2001/04/xmldsig-more#sha384             2.1.3
   sha384-rsa-MGF1     2007/05/xmldsig-more#sha384-rsa-MGF1    2.3.10
   sha512              2001/04/xmlenc#sha512               [XMLENC11]
   sha512-rsa-MGF1     2007/05/xmldsig-more#sha512-rsa-MGF1    2.3.10
   SPKIData            2000/09/xmldsig#SPKIData           [XMLDSIG11]
        
   seed128-cbc         2007/05/xmldsig-more#seed128-cbc        2.6.5
   sha1                2000/09/xmldsig#sha1                 [RFC3275]
   sha1-rsa-MGF1       2007/05/xmldsig-more#sha1-rsa-MGF1      2.3.10
   sha224              2001/04/xmldsig-more#sha224             2.1.2
   sha224-rsa-MGF1     2007/05/xmldsig-more#sha224-rsa-MGF1    2.3.10
   sha256              2001/04/xmlenc#sha256               [XMLENC11]
   sha256-rsa-MGF1     2007/05/xmldsig-more#sha256-rsa-MGF1    2.3.10
   sha3-224            2007/05/xmldsig-more#sha3-224           2.1.5
   sha3-224-rsa-MGF1   2007/05/xmldsig-more#sha3-224-rsa-MGF1  2.3.10
   sha3-256            2007/05/xmldsig-more#sha3-256           2.1.5
   sha3-256-rsa-MGF1   2007/05/xmldsig-more#sha3-256-rsa-MGF1  2.3.10
   sha3-384            2007/05/xmldsig-more#sha3-384           2.1.5
   sha3-384-rsa-MGF1   2007/05/xmldsig-more#sha3-384-rsa-MGF1  2.3.10
   sha3-512            2007/05/xmldsig-more#sha3-512           2.1.5
   sha3-512-rsa-MGF1   2007/05/xmldsig-more#sha3-512-rsa-MGF1  2.3.10
   sha384              2001/04/xmldsig-more#sha384             2.1.3
   sha384-rsa-MGF1     2007/05/xmldsig-more#sha384-rsa-MGF1    2.3.10
   sha512              2001/04/xmlenc#sha512               [XMLENC11]
   sha512-rsa-MGF1     2007/05/xmldsig-more#sha512-rsa-MGF1    2.3.10
   SPKIData            2000/09/xmldsig#SPKIData           [XMLDSIG11]
        
   tripledes-cbc       2001/04/xmlenc#tripledes-cbc        [XMLENC11]
        
   tripledes-cbc       2001/04/xmlenc#tripledes-cbc        [XMLENC11]
        
   whirlpool           2007/05/xmldsig-more#whirlpool          2.1.4
   whirlpool-rsa-MGF1  2007/05/xmldsig-more#whirlpool-rsa-MGF1 2.3.10
   WithComments        2006/12/xmlc14n11#WithComments       [CANON11]
   WithComments        TR/2001/06/xml-exc-c14n#WithComments  [XCANON]
   WithComments        TR/2001/REC-xml-c14n-20010315#WithComments
                                                            [CANON10]
        
   whirlpool           2007/05/xmldsig-more#whirlpool          2.1.4
   whirlpool-rsa-MGF1  2007/05/xmldsig-more#whirlpool-rsa-MGF1 2.3.10
   WithComments        2006/12/xmlc14n11#WithComments       [CANON11]
   WithComments        TR/2001/06/xml-exc-c14n#WithComments  [XCANON]
   WithComments        TR/2001/REC-xml-c14n-20010315#WithComments
                                                            [CANON10]
        
   X509Data            2000/09/xmldsig#X509Data           [XMLDSIG11]
   xptr                2001/04/xmldsig-more#xptr               2.5.1
        
   X509Data            2000/09/xmldsig#X509Data           [XMLDSIG11]
   xptr                2001/04/xmldsig-more#xptr               2.5.1
        

The initial "http://www.w3.org/" part of the URI is not included above.

首字母“http://www.w3.org/“上面没有包含部分URI。

4.2. URI Index
4.2. URI索引

The initial "http://www.w3.org/" part of the URI is not included below.

首字母“http://www.w3.org/“下面不包括部分URI。

   URI                                 Sec/Doc   Type
   ----                                --------  -----
        
   URI                                 Sec/Doc   Type
   ----                                --------  -----
        
   2000/09/xmldsig#base64              [RFC3275]  Transform
   2000/09/xmldsig#DSAKeyValue         [RFC3275]  Retrieval type
   2000/09/xmldsig#dsa-sha1            [RFC3275]  SignatureMethod
   2000/09/xmldsig#enveloped-signature [RFC3275]  Transform
   2000/09/xmldsig#hmac-sha1           [RFC3275]  SignatureMethod
   2000/09/xmldsig#MgmtData            [RFC3275]  Retrieval type
   2000/09/xmldsig#minimal                2.4     Canonicalization
   2000/09/xmldsig#PGPData             [RFC3275]  Retrieval type
   2000/09/xmldsig#rawX509Certificate  [RFC3275]  Retrieval type
   2000/09/xmldsig#rsa-sha1            [RFC3275]  SignatureMethod
   2000/09/xmldsig#RSAKeyValue         [RFC3275]  Retrieval type
   2000/09/xmldsig#sha1                [RFC3275]  DigestAlgorithm
   2000/09/xmldsig#SPKIData            [RFC3275]  Retrieval type
   2000/09/xmldsig#X509Data            [RFC3275]  Retrieval type
        
   2000/09/xmldsig#base64              [RFC3275]  Transform
   2000/09/xmldsig#DSAKeyValue         [RFC3275]  Retrieval type
   2000/09/xmldsig#dsa-sha1            [RFC3275]  SignatureMethod
   2000/09/xmldsig#enveloped-signature [RFC3275]  Transform
   2000/09/xmldsig#hmac-sha1           [RFC3275]  SignatureMethod
   2000/09/xmldsig#MgmtData            [RFC3275]  Retrieval type
   2000/09/xmldsig#minimal                2.4     Canonicalization
   2000/09/xmldsig#PGPData             [RFC3275]  Retrieval type
   2000/09/xmldsig#rawX509Certificate  [RFC3275]  Retrieval type
   2000/09/xmldsig#rsa-sha1            [RFC3275]  SignatureMethod
   2000/09/xmldsig#RSAKeyValue         [RFC3275]  Retrieval type
   2000/09/xmldsig#sha1                [RFC3275]  DigestAlgorithm
   2000/09/xmldsig#SPKIData            [RFC3275]  Retrieval type
   2000/09/xmldsig#X509Data            [RFC3275]  Retrieval type
        
   2001/04/xmldsig-more#arcfour           2.6.1   EncryptionMethod
   2001/04/xmldsig-more#camellia128-cbc   2.6.2   EncryptionMethod
   2001/04/xmldsig-more#camellia192-cbc   2.6.2   EncryptionMethod
   2001/04/xmldsig-more#camellia256-cbc   2.6.2   EncryptionMethod
   2001/04/xmldsig-more#ecdsa-sha1        2.3.6   SignatureMethod
   2001/04/xmldsig-more#ecdsa-sha224      2.3.6   SignatureMethod
   2001/04/xmldsig-more#ecdsa-sha256      2.3.6   SignatureMethod
   2001/04/xmldsig-more#ecdsa-sha384      2.3.6   SignatureMethod
   2001/04/xmldsig-more#ecdsa-sha512      2.3.6   SignatureMethod
   2001/04/xmldsig-more#esign-sha1        2.3.7   SignatureMethod
        
   2001/04/xmldsig-more#arcfour           2.6.1   EncryptionMethod
   2001/04/xmldsig-more#camellia128-cbc   2.6.2   EncryptionMethod
   2001/04/xmldsig-more#camellia192-cbc   2.6.2   EncryptionMethod
   2001/04/xmldsig-more#camellia256-cbc   2.6.2   EncryptionMethod
   2001/04/xmldsig-more#ecdsa-sha1        2.3.6   SignatureMethod
   2001/04/xmldsig-more#ecdsa-sha224      2.3.6   SignatureMethod
   2001/04/xmldsig-more#ecdsa-sha256      2.3.6   SignatureMethod
   2001/04/xmldsig-more#ecdsa-sha384      2.3.6   SignatureMethod
   2001/04/xmldsig-more#ecdsa-sha512      2.3.6   SignatureMethod
   2001/04/xmldsig-more#esign-sha1        2.3.7   SignatureMethod
        
   2001/04/xmldsig-more#esign-sha224      2.3.7   SignatureMethod
   2001/04/xmldsig-more#esign-sha256      2.3.7   SignatureMethod
   2001/04/xmldsig-more#esign-sha384      2.3.7   SignatureMethod
   2001/04/xmldsig-more#esign-sha512      2.3.7   SignatureMethod
   2001/04/xmldsig-more#hmac-md5          2.2.1   SignatureMethod
   2001/04/xmldsig-more#hmac-ripemd160    2.2.3   SignatureMethod
   2001/04/xmldsig-more#hmac-sha224       2.2.2   SignatureMethod
   2001/04/xmldsig-more#hmac-sha256       2.2.2   SignatureMethod
   2001/04/xmldsig-more#hmac-sha384       2.2.2   SignatureMethod
   2001/04/xmldsig-more#hmac-sha512       2.2.2   SignatureMethod
   2001/04/xmldsig-more#KeyName           3.2     Retrieval type
   2001/04/xmldsig-more#KeyValue          3.2     Retrieval type
   2001/04/xmldsig-more#kw-camellia128    2.6.3   EncryptionMethod
   2001/04/xmldsig-more#kw-camellia192    2.6.3   EncryptionMethod
   2001/04/xmldsig-more#kw-camellia256    2.6.3   EncryptionMethod
   2001/04/xmldsig-more#md5               2.1.1   DigestAlgorithm
   2001/04/xmldsig-more#PKCS7signedData   3.2     Retrieval type
   2001/04/xmldsig-more#psec-kem          2.6.4   EncryptionMethod
   2001/04/xmldsig-more#rawPGPKeyPacket   3.2     Retrieval type
   2001/04/xmldsig-more#rawPKCS7signedData 3.2    Retrieval type
   2001/04/xmldsig-more#rawSPKISexp       3.2     Retrieval type
   2001/04/xmldsig-more#rawX509CRL        3.2     Retrieval type
   2001/04/xmldsig-more#RetrievalMethod   3.2     Retrieval type
   2001/04/xmldsig-more#rsa-md5           2.3.1   SignatureMethod
   2001/04/xmldsig-more#rsa-sha256        2.3.2   SignatureMethod
   2001/04/xmldsig-more#rsa-sha384        2.3.3   SignatureMethod
   2001/04/xmldsig-more#rsa-sha512        2.3.4   SignatureMethod
   2001/04/xmldsig-more#rsa-ripemd160     2.3.5   SignatureMethod
   2001/04/xmldsig-more#sha224            2.1.2   DigestAlgorithm
   2001/04/xmldsig-more#sha384            2.1.3   DigestAlgorithm
   2001/04/xmldsig-more#xptr              2.5.1   Transform
   2001/04/xmldsig-more#PKCS7signedData   3.1     KeyInfo child
        
   2001/04/xmldsig-more#esign-sha224      2.3.7   SignatureMethod
   2001/04/xmldsig-more#esign-sha256      2.3.7   SignatureMethod
   2001/04/xmldsig-more#esign-sha384      2.3.7   SignatureMethod
   2001/04/xmldsig-more#esign-sha512      2.3.7   SignatureMethod
   2001/04/xmldsig-more#hmac-md5          2.2.1   SignatureMethod
   2001/04/xmldsig-more#hmac-ripemd160    2.2.3   SignatureMethod
   2001/04/xmldsig-more#hmac-sha224       2.2.2   SignatureMethod
   2001/04/xmldsig-more#hmac-sha256       2.2.2   SignatureMethod
   2001/04/xmldsig-more#hmac-sha384       2.2.2   SignatureMethod
   2001/04/xmldsig-more#hmac-sha512       2.2.2   SignatureMethod
   2001/04/xmldsig-more#KeyName           3.2     Retrieval type
   2001/04/xmldsig-more#KeyValue          3.2     Retrieval type
   2001/04/xmldsig-more#kw-camellia128    2.6.3   EncryptionMethod
   2001/04/xmldsig-more#kw-camellia192    2.6.3   EncryptionMethod
   2001/04/xmldsig-more#kw-camellia256    2.6.3   EncryptionMethod
   2001/04/xmldsig-more#md5               2.1.1   DigestAlgorithm
   2001/04/xmldsig-more#PKCS7signedData   3.2     Retrieval type
   2001/04/xmldsig-more#psec-kem          2.6.4   EncryptionMethod
   2001/04/xmldsig-more#rawPGPKeyPacket   3.2     Retrieval type
   2001/04/xmldsig-more#rawPKCS7signedData 3.2    Retrieval type
   2001/04/xmldsig-more#rawSPKISexp       3.2     Retrieval type
   2001/04/xmldsig-more#rawX509CRL        3.2     Retrieval type
   2001/04/xmldsig-more#RetrievalMethod   3.2     Retrieval type
   2001/04/xmldsig-more#rsa-md5           2.3.1   SignatureMethod
   2001/04/xmldsig-more#rsa-sha256        2.3.2   SignatureMethod
   2001/04/xmldsig-more#rsa-sha384        2.3.3   SignatureMethod
   2001/04/xmldsig-more#rsa-sha512        2.3.4   SignatureMethod
   2001/04/xmldsig-more#rsa-ripemd160     2.3.5   SignatureMethod
   2001/04/xmldsig-more#sha224            2.1.2   DigestAlgorithm
   2001/04/xmldsig-more#sha384            2.1.3   DigestAlgorithm
   2001/04/xmldsig-more#xptr              2.5.1   Transform
   2001/04/xmldsig-more#PKCS7signedData   3.1     KeyInfo child
        
   2001/04/xmlenc#aes128-cbc          [XMLENC11]  EncryptionMethod
   2001/04/xmlenc#aes192-cbc          [XMLENC11]  EncryptionMethod
   2001/04/xmlenc#aes256-cbc          [XMLENC11]  EncryptionMethod
   2001/04/xmlenc#dh                  [XMLENC11]  AgreementMethod
   2001/04/xmlenc#kw-aes128           [XMLENC11]  EncryptionMethod
   2001/04/xmlenc#kw-aes192           [XMLENC11]  EncryptionMethod
   2001/04/xmlenc#kw-aes256           [XMLENC11]  EncryptionMethod
   2001/04/xmlenc#ripemd160           [XMLENC11]  DigestAlgorithm
   2001/04/xmlenc#rsa-1_5             [XMLENC11]  EncryptionMethod
   2001/04/xmlenc#rsa-oaep-mgf1p      [XMLENC11]  EncryptionMethod
   2001/04/xmlenc#sha256              [XMLENC11]  DigestAlgorithm
   2001/04/xmlenc#sha512              [XMLENC11]  DigestAlgorithm
   2001/04/xmlenc#tripledes-cbc       [XMLENC11]  EncryptionMethod
        
   2001/04/xmlenc#aes128-cbc          [XMLENC11]  EncryptionMethod
   2001/04/xmlenc#aes192-cbc          [XMLENC11]  EncryptionMethod
   2001/04/xmlenc#aes256-cbc          [XMLENC11]  EncryptionMethod
   2001/04/xmlenc#dh                  [XMLENC11]  AgreementMethod
   2001/04/xmlenc#kw-aes128           [XMLENC11]  EncryptionMethod
   2001/04/xmlenc#kw-aes192           [XMLENC11]  EncryptionMethod
   2001/04/xmlenc#kw-aes256           [XMLENC11]  EncryptionMethod
   2001/04/xmlenc#ripemd160           [XMLENC11]  DigestAlgorithm
   2001/04/xmlenc#rsa-1_5             [XMLENC11]  EncryptionMethod
   2001/04/xmlenc#rsa-oaep-mgf1p      [XMLENC11]  EncryptionMethod
   2001/04/xmlenc#sha256              [XMLENC11]  DigestAlgorithm
   2001/04/xmlenc#sha512              [XMLENC11]  DigestAlgorithm
   2001/04/xmlenc#tripledes-cbc       [XMLENC11]  EncryptionMethod
        

2002/06/xmldsig-filter2 [XPATH] Transform

2002/06/xmldsig-filter2[XPATH]转换

   2002/07/decrypt#XML                 [DECRYPT]  Transform
   2002/07/decrypt#Binary              [DECRYPT]  Transform
        
   2002/07/decrypt#XML                 [DECRYPT]  Transform
   2002/07/decrypt#Binary              [DECRYPT]  Transform
        
   2006/12/xmlc12n11#                  [CANON11]  Canonicalization
   2006/12/xmlc14n11#WithComments      [CANON11]  Canonicalization
        
   2006/12/xmlc12n11#                  [CANON11]  Canonicalization
   2006/12/xmlc14n11#WithComments      [CANON11]  Canonicalization
        
   2007/05/xmldsig-more#ecdsa-ripemd160   2.3.6   SignatureMethod
   2007/05/xmldsig-more#ecdsa-whirlpool   2.3.5   SignatureMethod
   2007/05/xmldsig-more#kw-seed128        2.6.6   EncryptionMethod
   2007/05/xmldsig-more#md2-rsa-MGF1      2.3.10  SignatureMethod
   2007/05/xmldsig-more#md5-rsa-MGF1      2.3.10  SignatureMethod
   2007/05/xmldsig-more#MGF1              2.3.9   SignatureMethod
   2007/05/xmldsig-more#ripemd128-rsa-MGF1 2.3.10 SignatureMethod
   2007/05/xmldsig-more#ripemd160-rsa-MGF1 2.3.10 SignatureMethod
   2007/05/xmldsig-more#rsa-pss           2.3.9   SignatureMethod
   2007/05/xmldsig-more#rsa-sha224        2.3.11  SignatureMethod
   2007/05/xmldsig-more#rsa-whirlpool     2.3.5   SignatureMethod
   2007/05/xmldsig-more#seed128-cbc       2.6.5   EncryptionMethod
   2007/05/xmldsig-more#sha1-rsa-MGF1     2.3.10  SignatureMethod
   2007/05/xmldsig-more#sha224-rsa-MGF1   2.3.10  SignatureMethod
   2007/05/xmldsig-more#sha256-rsa-MGF1   2.3.10  SignatureMethod
   2007/05/xmldsig-more#sha3-224          2.1.5   DigestAlgorithm
   2007/05/xmldsig-more#sha3-224-rsa-MGF1 2.3.10  SignatureMethod
   2007/05/xmldsig-more#sha3-256          2.1.5   DigestAlgorithm
   2007/05/xmldsig-more#sha3-256-rsa-MGF1 2.3.10  SignatureMethod
   2007/05/xmldsig-more#sha3-384          2.1.5   DigestAlgorithm
   2007/05/xmldsig-more#sha3-384-rsa-MGF1 2.3.10  SignatureMethod
   2007/05/xmldsig-more#sha3-512          2.1.5   DigestAlgorithm
   2007/05/xmldsig-more#sha3-512-rsa-MGF1 2.3.10  SignatureMethod
   2007/05/xmldsig-more#sha384-rsa-MGF1   2.3.10  SignatureMethod
   2007/05/xmldsig-more#sha512-rsa-MGF1   2.3.10  SignatureMethod
   2007/05/xmldsig-more#whirlpool         2.1.4   DigestAlgorithm
   2007/05/xmldsig-more#whirlpool-rsa-MGF1 2.3.10 SignatureMethod
   2009/xmlenc11#kw-aes-128-pad       [XMLENC11]  EncryptionMethod
   2009/xmlenc11#kw-aes-192-pad       [XMLENC11]  EncryptionMethod
   2009/xmlenc11#kw-aes-256-pad       [XMLENC11]  EncryptionMethod
        
   2007/05/xmldsig-more#ecdsa-ripemd160   2.3.6   SignatureMethod
   2007/05/xmldsig-more#ecdsa-whirlpool   2.3.5   SignatureMethod
   2007/05/xmldsig-more#kw-seed128        2.6.6   EncryptionMethod
   2007/05/xmldsig-more#md2-rsa-MGF1      2.3.10  SignatureMethod
   2007/05/xmldsig-more#md5-rsa-MGF1      2.3.10  SignatureMethod
   2007/05/xmldsig-more#MGF1              2.3.9   SignatureMethod
   2007/05/xmldsig-more#ripemd128-rsa-MGF1 2.3.10 SignatureMethod
   2007/05/xmldsig-more#ripemd160-rsa-MGF1 2.3.10 SignatureMethod
   2007/05/xmldsig-more#rsa-pss           2.3.9   SignatureMethod
   2007/05/xmldsig-more#rsa-sha224        2.3.11  SignatureMethod
   2007/05/xmldsig-more#rsa-whirlpool     2.3.5   SignatureMethod
   2007/05/xmldsig-more#seed128-cbc       2.6.5   EncryptionMethod
   2007/05/xmldsig-more#sha1-rsa-MGF1     2.3.10  SignatureMethod
   2007/05/xmldsig-more#sha224-rsa-MGF1   2.3.10  SignatureMethod
   2007/05/xmldsig-more#sha256-rsa-MGF1   2.3.10  SignatureMethod
   2007/05/xmldsig-more#sha3-224          2.1.5   DigestAlgorithm
   2007/05/xmldsig-more#sha3-224-rsa-MGF1 2.3.10  SignatureMethod
   2007/05/xmldsig-more#sha3-256          2.1.5   DigestAlgorithm
   2007/05/xmldsig-more#sha3-256-rsa-MGF1 2.3.10  SignatureMethod
   2007/05/xmldsig-more#sha3-384          2.1.5   DigestAlgorithm
   2007/05/xmldsig-more#sha3-384-rsa-MGF1 2.3.10  SignatureMethod
   2007/05/xmldsig-more#sha3-512          2.1.5   DigestAlgorithm
   2007/05/xmldsig-more#sha3-512-rsa-MGF1 2.3.10  SignatureMethod
   2007/05/xmldsig-more#sha384-rsa-MGF1   2.3.10  SignatureMethod
   2007/05/xmldsig-more#sha512-rsa-MGF1   2.3.10  SignatureMethod
   2007/05/xmldsig-more#whirlpool         2.1.4   DigestAlgorithm
   2007/05/xmldsig-more#whirlpool-rsa-MGF1 2.3.10 SignatureMethod
   2009/xmlenc11#kw-aes-128-pad       [XMLENC11]  EncryptionMethod
   2009/xmlenc11#kw-aes-192-pad       [XMLENC11]  EncryptionMethod
   2009/xmlenc11#kw-aes-256-pad       [XMLENC11]  EncryptionMethod
        
   2009/xmldsig11#dsa-sha256         [XMLDSIG11]  SignatureMethod
   2009/xmldsig11#ECKeyValue         [XMLDSIG11]  Retrieval type
   2009/xmldsig11#DEREncodedKeyValue [XMLDSIG11]  Retrieval type
        
   2009/xmldsig11#dsa-sha256         [XMLDSIG11]  SignatureMethod
   2009/xmldsig11#ECKeyValue         [XMLDSIG11]  Retrieval type
   2009/xmldsig11#DEREncodedKeyValue [XMLDSIG11]  Retrieval type
        
   2009/xmlenc11#aes128-gcm           [XMLENC11]  EncryptionMethod
   2009/xmlenc11#aes192-gcm           [XMLENC11]  EncryptionMethod
   2009/xmlenc11#aes256-gcm           [XMLENC11]  EncryptionMethod
   2009/xmlenc11#ConcatKDF            [XMLENC11]  EncryptionMethod
   2009/xmlenc11#mgf1sha1             [XMLENC11]  SignatureMethod
   2009/xmlenc11#mgf1sha224           [XMLENC11]  SignatureMethod
   2009/xmlenc11#mgf1sha256           [XMLENC11]  SignatureMethod
        
   2009/xmlenc11#aes128-gcm           [XMLENC11]  EncryptionMethod
   2009/xmlenc11#aes192-gcm           [XMLENC11]  EncryptionMethod
   2009/xmlenc11#aes256-gcm           [XMLENC11]  EncryptionMethod
   2009/xmlenc11#ConcatKDF            [XMLENC11]  EncryptionMethod
   2009/xmlenc11#mgf1sha1             [XMLENC11]  SignatureMethod
   2009/xmlenc11#mgf1sha224           [XMLENC11]  SignatureMethod
   2009/xmlenc11#mgf1sha256           [XMLENC11]  SignatureMethod
        
   2009/xmlenc11#mgf1sha384           [XMLENC11]  SignatureMethod
   2009/xmlenc11#mgf1sha512           [XMLENC11]  SignatureMethod
   2009/xmlenc11#pbkdf2               [XMLENC11]  EncryptionMethod
   2009/xmlenc11#rsa-oaep             [XMLENC11]  EncryptionMethod
   2009/xmlenc11#ECDH-ES              [XMLENC11]  EncryptionMethod
   2009/xmlenc11#dh-es                [XMLENC11]  EncryptionMethod
        
   2009/xmlenc11#mgf1sha384           [XMLENC11]  SignatureMethod
   2009/xmlenc11#mgf1sha512           [XMLENC11]  SignatureMethod
   2009/xmlenc11#pbkdf2               [XMLENC11]  EncryptionMethod
   2009/xmlenc11#rsa-oaep             [XMLENC11]  EncryptionMethod
   2009/xmlenc11#ECDH-ES              [XMLENC11]  EncryptionMethod
   2009/xmlenc11#dh-es                [XMLENC11]  EncryptionMethod
        
   2010/xmlsec-ghc#generic-hybrid      [GENERIC]  Generic Hybrid
   2010/xmlsec-ghc#rsaes-kem           [GENERIC]  Generic Hybrid
   2010/xmlsec-ghc#ecies-kem           [GENERIC]  Generic Hybrid
        
   2010/xmlsec-ghc#generic-hybrid      [GENERIC]  Generic Hybrid
   2010/xmlsec-ghc#rsaes-kem           [GENERIC]  Generic Hybrid
   2010/xmlsec-ghc#ecies-kem           [GENERIC]  Generic Hybrid
        
   TR/1999/REC-xpath-19991116            [XPATH]  Transform
   TR/1999/REC-xslt-19991116              [XSLT]  Transform
   TR/2001/06/xml-exc-c14n#             [XCANON]  Canonicalization
   TR/2001/06/xml-exc-c14n#WithComments [XCANON]  Canonicalization
   TR/2001/REC-xml-c14n-20010315       [CANON10]  Canonicalization
   TR/2001/REC-xml-c14n-20010315#WithComments
                                       [CANON10]  Canonicalization
   TR/2001/REC-xmlschema-1-20010502     [Schema]  Transform
        
   TR/1999/REC-xpath-19991116            [XPATH]  Transform
   TR/1999/REC-xslt-19991116              [XSLT]  Transform
   TR/2001/06/xml-exc-c14n#             [XCANON]  Canonicalization
   TR/2001/06/xml-exc-c14n#WithComments [XCANON]  Canonicalization
   TR/2001/REC-xml-c14n-20010315       [CANON10]  Canonicalization
   TR/2001/REC-xml-c14n-20010315#WithComments
                                       [CANON10]  Canonicalization
   TR/2001/REC-xmlschema-1-20010502     [Schema]  Transform
        

The initial "http://www.w3.org/" part of the URI is not included above.

首字母“http://www.w3.org/“上面没有包含部分URI。

5. Allocation Considerations
5. 分配考虑

W3C and IANA allocation considerations are given below.

W3C和IANA分配注意事项如下所示。

5.1. W3C Allocation Considerations
5.1. W3C分配注意事项

As it is easy for people to construct their own unique URIs [RFC3986] and, if appropriate, to obtain a URI from the W3C, it is not intended that any additional "http://www.w3.org/2007/05/xmldsig-more#" URIs be created beyond those enumerated in this RFC. (W3C Namespace stability rules prohibit the creation of new URIs under "http://www.w3.org/2000/09/xmldsig#" and URIs under "http://www.w3.org/2001/04/xmldsig-more#" were frozen with the publication of [RFC4051].)

由于人们很容易构建自己独特的URI[RFC3986],如果合适的话,还可以从W3C获取URI,因此不需要任何额外的http://www.w3.org/2007/05/xmldsig-more#“创建的URI不能超出此RFC中列举的URI。(W3C命名空间稳定性规则禁止在“”下创建新URIhttp://www.w3.org/2000/09/xmldsig#“和下的URI”http://www.w3.org/2001/04/xmldsig-more#“随着[RFC4051]的发布而冻结。)

An "xmldsig-more" URI does not imply any official W3C or IETF status for these algorithms or identifiers nor does it imply that they are only useful in digital signatures. Currently, dereferencing such URIs may or may not produce a temporary placeholder document. Permission to use these URI prefixes has been given by the W3C.

“xmldsig more”URI并不意味着这些算法或标识符的任何官方W3C或IETF状态,也不意味着它们仅在数字签名中有用。目前,取消引用此类URI可能会也可能不会生成临时占位符文档。W3C已授予使用这些URI前缀的权限。

5.2. IANA Considerations
5.2. IANA考虑

IANA has established a registry entitled "XML Security URIs". The initial contents correspond to Section 4.2 of this document with each section number in the "Sec/Doc" column augmented with a reference to this RFC (for example, "2.6.4" means "[RFC6931], Section 2.6.4").

IANA建立了一个名为“XML安全URI”的注册表。初始内容与本文件第4.2节相对应,“Sec/Doc”列中的每一节编号都增加了对本RFC的引用(例如,“2.6.4”表示“[RFC6931],第2.6.4节”)。

New entries, including new Types, will be added based on Expert Review [RFC5226]. Criterion for inclusion are (1) documentation sufficient for interoperability of the algorithm or data type and the XML syntax for its representation and use and (2) sufficient importance as normally indicated by inclusion in (2a) an approved W3C Note, Proposed Recommendation, or Recommendation or (2b) an approved IETF Standards Track document. Typically, the registry will reference a W3C or IETF document specifying such XML syntax; that document will either contain a more abstract description of the algorithm or data type or reference another document with a more abstract description.

将根据专家评审[RFC5226]添加新条目,包括新类型。纳入标准为:(1)足以实现算法或数据类型互操作性的文件,以及用于表示和使用的XML语法;(2)通常通过纳入(2a)经批准的W3C说明、建议或建议或(2b)经批准的IETF标准跟踪文件而表明的足够重要性。通常,注册表将引用指定此类XML语法的W3C或IETF文档;该文档要么包含算法或数据类型的更抽象的描述,要么引用另一个具有更抽象描述的文档。

6. Security Considerations
6. 安全考虑

This RFC is concerned with documenting the URIs that designate algorithms and some data types used in connection with XML security. The security considerations vary widely with the particular algorithms, and the general security considerations for XML security are outside of the scope of this document but appear in [XMLDSIG11], [XMLENC11], [CANON10], [CANON11], and [GENERIC].

此RFC涉及记录指定算法的URI和与XML安全性相关的某些数据类型。安全注意事项因特定算法而异,XML安全的一般安全注意事项不在本文档范围内,但出现在[XMLDSIG11]、[XMLENC11]、[canno10]、[canno11]和[GENERIC]中。

[RFC6151] should be consulted before considering the use of MD5 as a DigestMethod or RSA-MD5 as a SignatureMethod.

在考虑使用MD5作为摘要方法或RSA-MD5作为签名方法之前,应咨询[RFC6151]。

See [RFC6194] for SHA-1 security considerations and [RFC6151] for MD5 security considerations.

SHA-1安全注意事项见[RFC6194],MD5安全注意事项见[RFC6151]。

Additional security considerations are given in connection with the description of some algorithms in the body of this document.

本文件正文中对一些算法的描述给出了额外的安全注意事项。

Implementers should be aware that cryptographic algorithms become weaker with time. As new cryptoanalysis techniques are developed and computing performance improves, the work factor to break a particular cryptographic algorithm will reduce. Therefore, cryptographic implementations should be modular, allowing new algorithms to be readily inserted. That is, implementers should be prepared for the set of mandatory-to-implement algorithms to change over time.

实现者应该意识到加密算法会随着时间的推移变得越来越弱。随着新密码分析技术的发展和计算性能的提高,破坏特定密码算法的工作因素将减少。因此,加密实现应该是模块化的,允许随时插入新算法。也就是说,实现者应该准备好一组强制算法,以实现随时间变化的算法。

7. Acknowledgements
7. 致谢

The contributions to this document by the following people, listed in alphabetic order, are gratefully acknowledged: Benoit Claise, Adrian Farrel, Stephen Farrell, Ernst Giessmann, Frederick Hirsch, Bjoern Hoehrmann, Russ Housley, Satoru Kanno, Charlie Kaufman, Konrad Lanz, HwanJin Lee, Barry Leiba, Peter Lipp, Subramanian Moonesamy, Thomas Roessler, Hanseong Ryu, Peter Saint-Andre, and Sean Turner.

以下人士对本文件的贡献,按字母顺序排列,谨致谢意:贝努伊特·克莱斯、阿德里安·法雷尔、斯蒂芬·法雷尔、恩斯特·吉斯曼、弗雷德里克·赫希、比约恩·霍尔曼、罗斯·霍斯利、萨托鲁·卡诺、查理·考夫曼、康拉德·兰兹、万金·李、巴里·莱巴、彼得·利普、苏布拉曼尼安·穆内萨米、,托马斯·罗斯勒、汉生·柳、彼得·圣安德烈和肖恩·特纳。

The following contributors to [RFC4051], on which this document is based, are gratefully acknowledged: Glenn Adams, Merlin Hughs, Gregor Karlinger, Brian LaMachia, Shiho Moriai, Joseph Reagle, Russ Housley, and Joel Halpern.

本文件所依据的[RFC4051]的以下贡献者:格伦·亚当斯、梅林·休斯、格雷戈·卡林格、布赖恩·拉马基亚、施霍·莫里埃、约瑟夫·雷格尔、罗斯·霍斯利和乔尔·哈尔佩恩。

Appendix A. Changes from RFC 4051
附录A.RFC 4051的变更

The following changes have been made in RFC 4051 to produce this document.

为编制本文件,RFC 4051中进行了以下更改。

1. Updated and added numerous RFC, W3C, and Internet-Draft references.

1. 更新并添加了大量RFC、W3C和Internet草案参考。

2. Added #ecdsa-ripemd160, #whirlpool, #ecdsa-whirlpool, #rsa-whirlpool, #seed128-cbc, and #kw-seed128.

2. 增加了ecdsa-ripemd160、惠而浦、ecdsa惠而浦、rsa惠而浦、seed128 cbc和kw-seed128。

3. Incorporated RFC 4051 errata [Errata191].

3. 合并RFC 4051勘误表[勘误表191]。

4. Added URI and fragment index sections.

4. 添加了URI和片段索引部分。

5. For MD5 and SHA-1, added references to [RFC6151] and [RFC6194].

5. 对于MD5和SHA-1,增加了对[RFC6151]和[RFC6194]的参考。

5. Added SHA-3 / Keccak placeholder section including #sha3-224, #sha3-256, #sha3-384, and #sha3-512.

5. 增加了SHA-3/Keccak占位符部分,包括#sha3-224、#sha3-256、#sha3-384和#sha3-512。

6. Added RSASSA-PSS sections including #sha3-224-MGF1, #sha3-256-MGF1, #sha3-384-MGF1, #sha3-512-MGF1, #md2-rsa-MGF1, #md5-rsa-MGF1, #sha1-rsa-MGF1, #sha224-rsa-MGF1, #sha256-rsa-MGF1, #sha384-rsa-MGF1, #sha512-rsa-MGF1, #ripemd128-rsa-MGF1, #ripemd160-rsa-MGF1, and #whirlpool-rsa-MGF1.

6. 增加了RSASA-PSS部分,包括:沙3-224-sha3-224-MGF1、沙3-256-MGF1、沙3-384-MGF1、沙3-384-384-MGF1、沙3-512-MGF1、沙3-512-MGF1、沙3-512-MGF1、沙3-512-512-MGF1、沙3-512-512-MGF1、沙3-512-512-MGF1-MGF1、沙3-512-512-MGF1、沙3-512-512-MGF1、沙3-512-512-MGF1、md2-512-MGF1、md2-rsa-rsa-rsa-rsa-rsa-rsa-rsa-rsa-rsa-MGF1、md2-rsa-rsa-rsa-rsa-rsa-MGF1、md2-rsa-rsa-rsa-rsa-rsa-rsa-MGF1、md2-rsa-rsa-rsa-rsa-GF1、md2-rsa-rsa-rsa-rsa-rsa-rsa-rsa--#惠而浦-rsa-MGF1。

7. Added new URIs from Canonical XML 1.1 and XML Encryption 1.1 including: #aes128-gcm, #aes192-gcm, #aes256-gc, #ConcatKDF, #pbkdf, #rsa-oaep, #ECDH-ES, and #dh-es.

7. 从规范XML 1.1和XML加密1.1中添加了新的URI,包括:#aes128 gcm、#aes192 gcm、#aes256 gc、#ConcatKDF、#pbkdf、#rsa oaep、#ECDH-ES和#dh ES。

8. Added acronym subsection.

8. 增加首字母缩略词小节。

9. Added numerous URIs that are specified in W3C XML Security documents to the Indexes. These do not have sections in the body of this document -- for example, those for dsa-sha256, mgf1sha*, decrypt#XML, and xmldsig-filter2.

9. 将W3C XML安全文档中指定的大量URI添加到索引中。本文档正文中没有这些部分——例如,用于dsa-sha256、mgf1sha*、decrypt#XML和xmldsig-filter2的部分。

10. Requested establishment of an IANA registry.

10. 要求建立IANA登记册。

11. Made various editorial changes.

11. 进行了各种编辑上的修改。

Normative References

规范性引用文件

[10118-3] ISO, "Information technology -- Security techniques -- Hash-functions -- Part 3: Dedicated hash-functions", ISO/IEC 10118-3:2004, 2004.

[10118-3]ISO,“信息技术——安全技术——哈希函数——第3部分:专用哈希函数”,ISO/IEC 10118-3:2004,2004。

[18033-2] ISO, "Information technology -- Security techniques -- Encryption algorithms -- Part 3: Asymmetric ciphers", ISO/IEC 18033-2:2010, 2010.

[18033-2]ISO,“信息技术——安全技术——加密算法——第3部分:非对称密码”,ISO/IEC 18033-2:20102010。

[Camellia] Aoki, K., Ichikawa, T., Matsui, M., Moriai, S., Nakajima, J., and T. Tokita, "Camellia: A 128-bit Block Cipher Suitable for Multiple Platforms - Design and Analysis", in Selected Areas in Cryptography, 7th Annual International Workshop, SAC 2000, August 2000, Proceedings, Lecture Notes in Computer Science 2012, pp. 39-56, Springer-Verlag, 2001.

[Camellia]Aoki,K.,Ichikawa,T.,Matsui,M.,Morai,S.,Nakajima,J.,和T.Tokita,“Camellia:一种适用于多平台的128位分组密码-设计和分析”,在密码学的选定领域,第七届年度国际研讨会,SAC 2000,2000年8月,会议记录,2012年计算机科学讲稿,第39-56页,斯普林格·维拉格,2001年。

[FIPS180-4] US National Institute of Science and Technology, "Secure Hash Standard (SHS)", FIPS 180-4, March 2012, <http://csrc.nist.gov/publications/fips/fips180-4/ fips-180-4.pdf>.

[FIPS180-4]美国国家科学技术研究所,“安全哈希标准(SHS)”,FIPS180-42012年3月<http://csrc.nist.gov/publications/fips/fips180-4/ fips-180-4.pdf>。

[FIPS186-3] US National Institute of Science and Technology, "Digital Signature Standard (DSS)", FIPS 186-3, June 2009, <http://csrc.nist.gov/publications/fips/ fips186-3/fips_186-3.pdf>.

[FIPS186-3]美国国家科学技术研究所,“数字签名标准(DSS)”,FIPS186-3,2009年6月<http://csrc.nist.gov/publications/fips/ fips186-3/fips_186-3.pdf>。

[IEEEP1363a] IEEE, "Standard Specifications for Public Key Cryptography- Amendment 1: Additional Techniques", IEEE 1363a-2004, 2004.

[IEEEP1363a]IEEE,“公钥加密的标准规范-修改件1:附加技术”,IEEE 1363a-2004,2004年。

[RC4] Schneier, B., "Applied Cryptography: Protocols, Algorithms, and Source Code in C", Second Edition, John Wiley and Sons, New York, NY, 1996.

[RC4]Schneier,B.,“应用密码学:C语言中的协议、算法和源代码”,第二版,John Wiley and Sons,纽约,纽约,1996年。

[RFC1321] Rivest, R., "The MD5 Message-Digest Algorithm", RFC 1321, April 1992.

[RFC1321]Rivest,R.,“MD5消息摘要算法”,RFC13211992年4月。

[RFC2045] Freed, N. and N. Borenstein, "Multipurpose Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies", RFC 2045, November 1996.

[RFC2045]Freed,N.和N.Borenstein,“多用途Internet邮件扩展(MIME)第一部分:Internet邮件正文格式”,RFC 20451996年11月。

[RFC2104] Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed-Hashing for Message Authentication", RFC 2104, February 1997.

[RFC2104]Krawczyk,H.,Bellare,M.,和R.Canetti,“HMAC:用于消息认证的键控哈希”,RFC 2104,1997年2月。

[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.

[RFC2119]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。

[RFC2315] Kaliski, B., "PKCS #7: Cryptographic Message Syntax Version 1.5", RFC 2315, March 1998.

[RFC2315]Kaliski,B.,“PKCS#7:加密消息语法版本1.5”,RFC 2315,1998年3月。

[RFC3275] Eastlake 3rd, D., Reagle, J., and D. Solo, "(Extensible Markup Language) XML-Signature Syntax and Processing", RFC 3275, March 2002.

[RFC3275]Eastlake 3rd,D.,Reagle,J.,和D.Solo,“(可扩展标记语言)XML签名语法和处理”,RFC 32752002年3月。

[RFC3394] Schaad, J. and R. Housley, "Advanced Encryption Standard (AES) Key Wrap Algorithm", RFC 3394, September 2002.

[RFC3394]Schaad,J.和R.Housley,“高级加密标准(AES)密钥包裹算法”,RFC 3394,2002年9月。

[RFC3447] Jonsson, J. and B. Kaliski, "Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1", RFC 3447, February 2003.

[RFC3447]Jonsson,J.和B.Kaliski,“公钥密码标准(PKCS)#1:RSA密码规范版本2.1”,RFC 3447,2003年2月。

[RFC3713] Matsui, M., Nakajima, J., and S. Moriai, "A Description of the Camellia Encryption Algorithm", RFC 3713, April 2004.

[RFC3713]Matsui,M.,Nakajima,J.,和S.Moraii,“茶花加密算法的描述”,RFC 37132004年4月。

[RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform Resource Identifier (URI): Generic Syntax", STD 66, RFC 3986, January 2005.

[RFC3986]Berners Lee,T.,Fielding,R.,和L.Masinter,“统一资源标识符(URI):通用语法”,STD 66,RFC 3986,2005年1月。

[RFC4050] Blake-Wilson, S., Karlinger, G., Kobayashi, T., and Y. Wang, "Using the Elliptic Curve Signature Algorithm (ECDSA) for XML Digital Signatures", RFC 4050, April 2005.

[RFC4050]Blake Wilson,S.,Karlinger,G.,Kobayashi,T.,和Y.Wang,“将椭圆曲线签名算法(ECDSA)用于XML数字签名”,RFC 4050,2005年4月。

[RFC4055] Schaad, J., Kaliski, B., and R. Housley, "Additional Algorithms and Identifiers for RSA Cryptography for use in the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile", RFC 4055, June 2005.

[RFC4055]Schaad,J.,Kaliski,B.,和R.Housley,“Internet X.509公钥基础设施证书和证书撤销列表(CRL)配置文件中使用的RSA加密的其他算法和标识符”,RFC 4055,2005年6月。

[RFC4269] Lee, H., Lee, S., Yoon, J., Cheon, D., and J. Lee, "The SEED Encryption Algorithm", RFC 4269, December 2005.

[RFC4269]Lee,H.,Lee,S.,Yoon,J.,Cheon,D.,和J.Lee,“种子加密算法”,RFC 4269,2005年12月。

[RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA Considerations Section in RFCs", BCP 26, RFC 5226, May 2008.

[RFC5226]Narten,T.和H.Alvestrand,“在RFCs中编写IANA注意事项部分的指南”,BCP 26,RFC 5226,2008年5月。

[RFC6234] Eastlake 3rd, D. and T. Hansen, "US Secure Hash Algorithms (SHA and SHA-based HMAC and HKDF)", RFC 6234, May 2011.

[RFC6234]Eastlake 3rd,D.和T.Hansen,“美国安全哈希算法(基于SHA和SHA的HMAC和HKDF)”,RFC 6234,2011年5月。

[X9.62] American National Standards Institute, Accredited Standards Committee X9, "Public Key Cryptography for the Financial Services Industry: The Elliptic Curve Digital Signature Algorithm (ECDSA)", ANSI X9.62:2005, 2005.

[X9.62]美国国家标准协会,认可标准委员会X9,“金融服务业的公钥加密:椭圆曲线数字签名算法(ECDSA)”,ANSI X9.62:2005,2005。

[XMLENC10] Reagle, J. and D. Eastlake, "XML Encryption Syntax and Processing", W3C Recommendation, 10 December 2002, <http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/>.

[XMLENC10]Reagle,J.和D.Eastlake,“XML加密语法和处理”,W3C建议,2002年12月10日<http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/>.

[XMLENC11] Eastlake, D., Reagle, J., Hirsch, F., and T. Roessler, "XML Encryption Syntax and Processing Version 1.1", W3C Proposed Recommendation, 24 January 2013, <http://www.w3.org/TR/2013/PR-xmlenc-core1-20130124/>.

[XMLENC11]伊斯特莱克,D.,雷格尔,J.,赫希,F.,和T.罗斯勒,“XML加密语法和处理版本1.1”,W3C建议,2013年1月24日<http://www.w3.org/TR/2013/PR-xmlenc-core1-20130124/>.

[XPointer] Grosso, P., Maler, E., Marsh, J., and N. Walsh, "XPointer Framework", W3C Recommendation, 25 March 2003, <http://www.w3.org/TR/2003/ REC-xptr-framework-20030325/>.

[XPointer]Grosso,P.,Maler,E.,Marsh,J.,和N.Walsh,“XPointer框架”,W3C建议,2003年3月25日<http://www.w3.org/TR/2003/ REC-xptr-framework-20030325/>。

Informative References

资料性引用

[CANON10] Boyer, J., "Canonical XML Version 1.0", W3C Recommendation, 15 March 2001, <http://www.w3.org/TR/2001/REC-xml-c14n-20010315>.

[CANON10]Boyer,J.,“规范XML版本1.0”,W3C建议,2001年3月15日<http://www.w3.org/TR/2001/REC-xml-c14n-20010315>.

[CANON11] Boyer, J., and G. Marcy, "Canonical XML Version 1.1", W3C Recommendation, 2 May 2008, <http://www.w3.org/TR/2008/REC-xml-c14n11-20080502/>.

[CANON11]Boyer,J.和G.Marcy,“规范XML版本1.1”,W3C建议,2008年5月2日<http://www.w3.org/TR/2008/REC-xml-c14n11-20080502/>.

[DECRYPT] Hughes, M., Imamura, T., and H. Maruyama, "Decryption Transform for XML Signature", W3C Recommendation, 10 December 2002, <http://www.w3.org/TR/2002/ REC-xmlenc-decrypt-20021210>.

[解密]Hughes,M.,Imamura,T.,和H.Maruyama,“XML签名的解密转换”,W3C建议,2002年12月10日<http://www.w3.org/TR/2002/ REC-xmlenc-decrypt-20021210>。

[Errata191] RFC Errata, Errata ID 191, RFC 4051, <http://www.rfc-editor.org>.

[勘误表191]RFC勘误表,勘误表ID 191,RFC 4051<http://www.rfc-editor.org>.

[GENERIC] Nystrom, M. and F. Hirsch, "XML Security Generic Hybrid Ciphers", W3C Working Group Note, 24 January 2013, <http://www.w3.org/TR/2013/ NOTE-xmlsec-generic-hybrid-20130124/>.

[通用]Nystrom,M.和F.Hirsch,“XML安全通用混合密码”,W3C工作组说明,2013年1月24日<http://www.w3.org/TR/2013/ 注-xmlsec-generic-hybrid-20130124/>。

[Keccak] Bertoni, G., Daeman, J., Peeters, M., and G. Van Assche, "The KECCAK sponge function family", January 2013, <http://keccak.noekeon.org>.

[Keccak]Bertoni,G.,Daeman,J.,Peeters,M.,和G.Van Assche,“Keccak海绵功能系列”,2013年1月<http://keccak.noekeon.org>.

[RFC3075] Eastlake 3rd, D., Reagle, J., and D. Solo, "XML-Signature Syntax and Processing", RFC 3075, March 2001.

[RFC3075]Eastlake 3rd,D.,Reagle,J.,和D.Solo,“XML签名语法和处理”,RFC 30752001年3月。

[RFC3076] Boyer, J., "Canonical XML Version 1.0", RFC 3076, March 2001.

[RFC3076]Boyer,J.,“规范XML版本1.0”,RFC3076,2001年3月。

[RFC3092] Eastlake 3rd, D., Manros, C., and E. Raymond, "Etymology of "Foo"", RFC 3092, 1 April 2001.

[RFC3092]伊斯特莱克三世,D.,曼罗斯,C.,和E.雷蒙德,“Foo”的词源学”,RFC3092,2001年4月1日。

[RFC3741] Boyer, J., Eastlake 3rd, D., and J. Reagle, "Exclusive XML Canonicalization, Version 1.0", RFC 3741, March 2004.

[RFC3741]Boyer,J.,Eastlake 3rd,D.,和J.Reagle,“独家XML规范化,版本1.0”,RFC 37412004年3月。

[RFC4010] Park, J., Lee, S., Kim, J., and J. Lee, "Use of the SEED Encryption Algorithm in Cryptographic Message Syntax (CMS)", RFC 4010, February 2005.

[RFC4010]Park,J.,Lee,S.,Kim,J.,和J.Lee,“加密消息语法(CMS)中种子加密算法的使用”,RFC 4010,2005年2月。

[RFC4051] Eastlake 3rd, D., "Additional XML Security Uniform Resource Identifiers (URIs)", RFC 4051, April 2005.

[RFC4051]Eastlake 3rd,D.,“附加XML安全统一资源标识符(URI)”,RFC 4051,2005年4月。

[RFC6090] McGrew, D., Igoe, K., and M. Salter, "Fundamental Elliptic Curve Cryptography Algorithms", RFC 6090, February 2011.

[RFC6090]McGrew,D.,Igoe,K.,和M.Salter,“基本椭圆曲线密码算法”,RFC 60902011年2月。

[RFC6151] Turner, S. and L. Chen, "Updated Security Considerations for the MD5 Message-Digest and the HMAC-MD5 Algorithms", RFC 6151, March 2011.

[RFC6151]Turner,S.和L.Chen,“MD5消息摘要和HMAC-MD5算法的更新安全注意事项”,RFC 61512011年3月。

[RFC6194] Polk, T., Chen, L., Turner, S., and P. Hoffman, "Security Considerations for the SHA-0 and SHA-1 Message-Digest Algorithms", RFC 6194, March 2011.

[RFC6194]Polk,T.,Chen,L.,Turner,S.,和P.Hoffman,“SHA-0和SHA-1消息摘要算法的安全考虑”,RFC 61942011年3月。

[Schema] Thompson, H., Beech, D., Maloney, M., and N. Mendelsohn, "XML Schema Part 1: Structures Second Edition", W3C Recommendation, 28 October 2004, <http://www.w3.org/TR/2004/REC-xmlschema-1-20041028/>.

[Schema]Thompson,H.,Beech,D.,Maloney,M.,和N.Mendelsohn,“XML模式第1部分:结构第二版”,W3C建议,2004年10月28日<http://www.w3.org/TR/2004/REC-xmlschema-1-20041028/>.

Biron, P. and A. Malhotra, "XML Schema Part 2: Datatypes Second Edition", W3C Recommendation, 28 October 2004, <http://www.w3.org/TR/2004/REC-xmlschema-2-20041028/>.

Biron,P.和A.Malhotra,“XML模式第2部分:数据类型第二版”,W3C建议,2004年10月28日<http://www.w3.org/TR/2004/REC-xmlschema-2-20041028/>.

[SHA-3] US National Institute of Science and Technology, "SHA-3 WINNER", February 2013, <http://csrc.nist.gov/ groups/ST/hash/sha-3/winner_sha-3.html>.

[SHA-3]美国国家科学技术研究所,“SHA-3获奖者”,2013年2月<http://csrc.nist.gov/ groups/ST/hash/sha-3/winner\u sha-3.html>。

[W3C] World Wide Web Consortium, <http://www.w3.org>.

[W3C]万维网联盟<http://www.w3.org>.

[XCANON] Boyer, J., Eastlake, D., and J. Reagle, "Exclusive XML Canonicalization Version 1.0", W3C Recommendation, 18 July 2002, <http://www.w3.org/TR/2002/REC-xml-exc-c14n-20020718/>.

[XCANON]Boyer,J.,Eastlake,D.,和J.Reagle,“独家XML规范化版本1.0”,W3C建议,2002年7月18日<http://www.w3.org/TR/2002/REC-xml-exc-c14n-20020718/>.

[XMLDSIG10] Eastlake, D., Reagle, J., Solo, D., Hirsch, F., and T. Roessler, "XML Signature Syntax and Processing (Second Edition)", W3C Recommendation, 10 June 2008, <http://www.w3.org/TR/2008/REC-xmldsig-core-20080610/>.

[XMLDSIG10]Eastlake,D.,Reagle,J.,Solo,D.,Hirsch,F.,和T.Roessler,“XML签名语法和处理(第二版)”,W3C建议,2008年6月10日<http://www.w3.org/TR/2008/REC-xmldsig-core-20080610/>.

[XMLDSIG11] Eastlake, D., Reagle, J., Solo, D., Hirsch, F., Nystrom, M., Roessler, T., and K. Yiu, "XML Signature Syntax and Processing Version 1.1", W3C Proposed Recommendation, 24 January 2013, <http://www.w3.org/TR/2013/PR-xmldsig-core1-20130124/>.

[XMLDSIG11]伊斯特莱克,D.,雷格尔,J.,索洛,D.,赫希,F.,Nystrom,M.,Roessler,T.,和K.Yiu,“XML签名语法和处理版本1.1”,W3C建议,2013年1月24日<http://www.w3.org/TR/2013/PR-xmldsig-core1-20130124/>.

[XMLDSIG-PROP] Hirsch, F., "XML Signature Properties", W3C Proposed Recommendation, 24 January 2013, <http://www.w3.org/TR/ 2013/PR-xmldsig-properties-20130124/>.

[XMLDSIG-PROP]Hirsch,F.,“XML签名属性”,W3C建议,2013年1月24日<http://www.w3.org/TR/ 2013/PR-xmldsig-properties-20130124/>。

[XMLSECXREF] Hirsch, F., Roessler, T., and K. Yiu, "XML Security Algorithm Cross-Reference", W3C Working Group Note, 24 January 2013, <http://www.w3.org/TR/2013/ NOTE-xmlsec-algorithms-20130124/>.

[XMLSECXREF]Hirsch,F.,Roessler,T.,和K.Yiu,“XML安全算法交叉引用”,W3C工作组说明,2013年1月24日<http://www.w3.org/TR/2013/ 注-xmlsec-algorithms-20130124/>。

[XPATH] Boyer, J., Hughes, M., and J. Reagle, "XML-Signature XPath Filter 2.0", W3C Recommendation, 8 November 2002, <http://www.w3.org/TR/2002/ REC-xmldsig-filter2-20021108/>.

[XPATH]Boyer,J.,Hughes,M.,和J.Reagle,“XML签名XPATH过滤器2.0”,W3C建议,2002年11月8日<http://www.w3.org/TR/2002/ REC-xmldsig-filter2-20021108/>。

Berglund, A., Boag, S., Chamberlin, D., Fernandez, M., Kay, M., Robie, J., and J. Simeon, "XML Path Language (XPath) 2.0 (Second Edition)", W3C Recommendation, 14 December 2010, <http://www.w3.org/TR/2010/REC-xpath20-20101214/>.

Berglund,A.,Boag,S.,Chamberlin,D.,Fernandez,M.,Kay,M.,Robie,J.,和J.Simeon,“XML路径语言(XPath)2.0(第二版)”,W3C建议,2010年12月14日<http://www.w3.org/TR/2010/REC-xpath20-20101214/>.

[XSLT] Saxonica, M., "XSL Transformations (XSLT) Version 2.0", W3C Recommendation, 23 January 2007, <http://www.w3.org/TR/2007/REC-xslt20-20070123/>.

[XSLT]Saxonica,M.,“XSL转换(XSLT)2.0版”,W3C建议,2007年1月23日<http://www.w3.org/TR/2007/REC-xslt20-20070123/>.

Author's Address

作者地址

Donald E. Eastlake, 3rd Huawei Technologies 155 Beaver Street Milford, MA 01757 USA

美国马萨诸塞州米尔福德市海狸街155号华为技术第三公司Donald E.Eastlake邮编01757

   Phone: +1-508-333-2270
   EMail: d3e3e3@gmail.com
        
   Phone: +1-508-333-2270
   EMail: d3e3e3@gmail.com