[Oisf-wg-ruleslanguage] On encrypting rule files (xml example)
Scott MacGregor
shadowbq at gmail.com
Mon Sep 21 00:02:15 UTC 2009
My personal opinion :=> "lets please not do this.." (sniffle)
---
FYI: There are some decent articles on encrypting xml data..
http://dotnetslackers.com/articles/xml/XMLEncryption.aspx
---
IDEAS:
If the organization as whole wants to encrypt some of the rules so
that we can get "pre-release patches" this would be my route:
Create an CA and X.509 certificate chain for the root signing of
Asymmetric encryption of the rules.
Have anyone/company who wants to have access to utilize encrypted
rules register for a certificate with the OSIF organization
Certificate Authority.
Anyone without a certificate can utilize the /rule file/ without
error, but the system just skips the encrypted rules.
Allow multiple X.509 chains for rule decryption, such that an
organization can create its own encryption cert and have "propriety
rules" mixed with "org subscription rules" and "org community rules".
This is never going to be trivial....
Having something like this.. rough sketch of an xml encrypted rule file...
The below uses RSA to decode off a keychain named OSIF
Reference: http://www.w3.org/TR/xmlenc-core/
<?xml version="1.0" standalone="no"?>
<rules>
<rule>
<title>OSIF Pre-Release $soft GDI overflow </title>
<vulnerability>
<title>$soft GDI overflow </title>
<para>This space can have a more detailed description.</para>
<para>This space can have additional description.</para>
<releasedate>01-01-2039</releasedate>
<url>https://www.osif.org/rules/reference/[$sid]</url>
<author>OSIF blah....</author>
<status>Limited Public Release</status>
</vulnerability>
<tracking>
<version>1.0</version>
<classtype>bad-unknown</classtype>
<priority>1</priority>
<id>112273645111111</id>
</tracking>
<EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element"
xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<KeyName>osif</KeyName>
</KeyInfo>
<CipherData>
<CipherValue>
<![CDATA[
1892379812730981273091287301298731290837019283709
1238712098379182736897126398761293876192876912876
ahsfiouy23978r7ry98ef79237rhi7r9287ry23478rh98472
98u2h9r7h946rt92783987ghf9478f82h978f2978fg78429f
]]>
</CipherValue>
</CipherData>
</EncryptedData>
</rule>
</rules>
~~~~ shadowbq
More information about the Oisf-wg-ruleslanguage
mailing list