XML Signature and Encryption Combinations

An electronic signature achieves two results: it guarantees that the message has not been modified after being signed and that it originated from the claimed signer. It is possible, and may even be a requirement for some applications, that multiple entities sign the same message. As a practical example, think of a legal agreement being signed by two parties. As XML Signature allows the Signature element itself to be detached from the signed data and signed data itself could consist of multiple data items, it is perfectly valid to create multiple Signature elements, each over the same set of data items and corresponding to a different signer. In fact, there is also the possibility of a signature itself being signed, either separately or along with the signed data. All these cases are easily supported by XML Signature.

However, a signed data item continues to be visible and comprehensible to everyone. A signature does nothing to ensure the confidentiality of the message. This capability comes from encryption. There are scenarios when an originator wants the signature and the signed message to be confidential. This is accomplished by applying XML Encryption on the Signature element and the signed message. It is also possible to selectively encrypt only the signed message, certain portions of the signed message or only the signature.

Although XML Signature and XML Encryption technologies allow flexible combinations, it is the application requirements that should guide the selection of what particular combination should be used. If the requirement is to protect the message with data integrity, authentication and confidentiality, the best combination is to first sign the message and then encrypt the signed message and the signature. If the identity of the signer needs to be revealed for some processing, leave out the signature from encryption.

Technically, it is possible to first encrypt the message and then sign it. However, this is less desirable than encrypting a signed message, for this does not allow encryption of the signature itself. Also, in some applications, signing encrypted data may not provide adequate psychological assurance that the signer knows what has been signed.