diff --git a/Makefile.am b/Makefile.am index 543e7b93e..5869aee3e 100644 --- a/Makefile.am +++ b/Makefile.am @@ -6,7 +6,10 @@ bin_SCRIPTS = xmlsec-config EXTRA_DIST = \ win32 \ - docs \ + docs/*.html \ + docs/api \ + docs/examples \ + docs/images \ NEWS \ ChangeLog \ Copyright \ diff --git a/docs/api-0.0.x/examples/example-dsig1.html b/docs/api-0.0.x/examples/example-dsig1.html new file mode 100644 index 000000000..b4d62636a --- /dev/null +++ b/docs/api-0.0.x/examples/example-dsig1.html @@ -0,0 +1,309 @@ + + + +XML Security Library: Example - Signing document from template + + + + +
+XML Security Library

+ +LibXML2
LibXSLT
OpenSSL +		 + + +
+
+

XML Digital Signature
+ Example 1. Signing document from template

+
+

+ In this example we will load a simple signature template from a file, + add some data and sign the document. The template contains all information + required to create the signature (except keys). If you need to sign many +similar documents using the same algorithms, transforms, etc. then probably +it's the way to go.
+ The source code for this example is included into the package: + source code + , the original template + and the signed document + .
+

+

Step 0. Initializing LibXML, OpenSSL and XML Security Library.

+

+ Before using the libraries we need to initialize them. This should + be done once in the beginning of your program
+    
+     int rnd_seed = 0;   

+     /**
+      * Init OpenSSL:
+      * this is a BAD way to init random numbers
+      * generator
+      */   
+     while (RAND_status() != 1) {
+     RAND_seed(&rnd_seed, sizeof(rnd_seed));
+     }
+    
+     /**
+      * Init libxml
+      */    
+     xmlInitParser();
+     LIBXML_TEST_VERSION

+     /**
+     * Init xmlsec
+     */
+    xmlSecInit();   

+

+

Step 1. Loading key and creating the DSig context.

+

+ Before signing or verifying the document you should create DSig context + object.  In most case you will need only one DSig context object +per application

+    xmlSecKeysMngrPtr keysMngr = NULL;
+    xmlSecDSigCtxPtr dsigCtx = NULL;
+    
+    /**
+     * Create Keys managers
+     */
+    keysMngr = xmlSecSimpleKeysMngrCreate();    +
+    if(keysMngr == NULL) {
+      fprintf(stderr, "Error: failed to create keys manager\n");
+      goto done;   
+    }

+    /**
+     * load key
+     */
+    if(xmlSecSimpleKeysMngrLoadPemKey(keysMngr, argv[1], NULL, NULL, 1) == NULL) {
+      fprintf(stderr, "Error: failed to load key from +\"%s\"\n", argv[1]);
+      goto done;
+    }

+    dsigCtx = xmlSecDSigCtxCreate(keysMngr);
+    if(dsigCtx == NULL) {
+      fprintf(stderr,"Error: failed to create dsig context\n");
+      goto done;
+    }
+

+

Step 2. Loading the template.

+

+ XMLDSig requires the XML document to be loaded with all default attributes + propagated to the nodes, all entities replaced, etc. (this is required + for correct document Canonicalization + ). In the LibXML this means that you need to take special actions when + loading document from an URI:

+       xmlDocPtr doc = NULL;    +

+     /**
+      * build an XML tree from a the file; we +need to add default
+      * attributes and resolve all character and + entities references
+      */
+     xmlLoadExtDtdDefaultValue = XML_DETECT_IDS | XML_COMPLETE_ATTRS;
+     xmlSubstituteEntitiesDefault(1);

+     /**
+      * Load doc
+      */
+     doc = xmlParseFile(argv[2]);
+     if (doc == NULL) {
+        fprintf(stderr, "Error    + : unable to parse file \"%s\"\n", argv[2]);
+        goto done;
+     }
+    
+     /**
+      * Check the document is of the right kind
+      */   
+     if(xmlDocGetRootElement(doc) == NULL) {
+         fprintf(stderr,"Error: +empty document for file \"%s\"\n", argv[2]);
+         goto done;
+     }

+ In this example we set global flags to control how the document is + loaded. In the real life you would probably want to control the loading + on "per-document" basis. Check the libxml/c14n.h header file from LibXML + distribution for details.
+

+

Step 3. Adding or changing data in the template.

+

+ Now it's time to change the data in the template. We will simply +add one more node with some text:

+     /**
+      * Add Data to the document
+      */
+     if(xmlNewChild(xmlDocGetRootElement(doc), NULL, + "Something",
+                 +   "Some important data") == NULL) {
+         fprintf(stderr,"Error: +failed to add data\n");
+         goto done;
+     }
+

+

Step 4. Sign It!

+

+ We are ready to sign the document!

+     xmlSecDSigResultPtr result = NULL;
+     /**
+      * Sign It!
+      */
+     ret = xmlSecDSigGenerate(dsigCtx, NULL, NULL, xmlDocGetRootElement(doc), &result);
+     if(ret < 0) {
+        fprintf(stderr,"Error: signature failed\n");
+        goto done;
+     }    
+     
+

+

Step 5. Now we can print the result.

+

+Print the document to stdout:

+     xmlChar* string;
+     /**
+      * Print out result document
+      */
+     xmlDocDumpMemoryEnc(doc, &string, &len, + NULL);
+     if(string == NULL) {
+       fprintf(stderr,"Error: failed to dump document + to memory\n");
+       goto done;
+     }
+     fwrite(string, len, 1, stdout);
+     xmlFree(string);
+

+

Step 6. Cleanup.

+

+ At the end we need to destroy DSig context, the doc and KeysManager; + shutdown XML Security Library, libxml and OpenSSL:

+    /*
+      * Cleanup
+     */
+     if(result != NULL) {
+        xmlSecDSigResultDestroy(result);
+     }
+     if(doc != NULL) {
+        xmlFreeDoc(doc);
+     }    
+    if(dsigCtx != NULL) {
+       xmlSecDSigCtxDestroy(dsigCtx);
+    }
+    if(keysMngr != NULL) {
+       xmlSecSimpleKeysMngrDestroy(keysMngr);
+    }
+    
+    /**
+     * Shutdown XML Sec
+     */
+    xmlSecShutdown();
+    
+    /*
+     * Shutdown libxml
+     */
+    xmlCleanupParser();
+    
+    /*
+     * Shutdown OpenSSL
+     */
+    RAND_cleanup();
+    ERR_clear_error(); + +

+

Appendix A. The template document.

+
+<?xml version="1.0" encoding="UTF-8"?>
+<Envelope xmlns="urn:envelope">
+  <Data>
+    Hello, World!
+  </Data>
+  <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+    <SignedInfo>
+      <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" +/>
+      <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1" +/>
+      <Reference URI="">
+        <Transforms>
+          <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" +/>
+        </Transforms>
+        <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" +/>
+        <DigestValue></DigestValue>
+      </Reference>
+    </SignedInfo>
+    <SignatureValue/>
+    <KeyInfo>
+    <KeyValue/>
+    </KeyInfo>
+  </Signature>

+</Envelope>


+
+

Appendix B. The signed document.

+
+<?xml version="1.0" encoding="UTF-8"?>
+<Envelope xmlns="urn:envelope">
+  <Data>
+    Hello, World!
+  </Data>
+  <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+    <SignedInfo>
+      <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
+      <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/>
+      <Reference URI="">
+        <Transforms>
+          <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+        </Transforms>
+        <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+        <DigestValue>lUsn3fJYExos8S49s/cc6e1TMrM=</DigestValue>
+      </Reference>
+    </SignedInfo>
+    <SignatureValue>AerkaAbF5Tneg5FlS1uSg571Af0toAbeRsfC/HRQyfLvQAbOYmd7RQ==</SignatureValue>
+    <KeyInfo>
+    <KeyValue>
+<DSAKeyValue>
+<P>
+imW6KYBPYXAf6itSAuYs1aLPfs8/vBEiusv/pl1XMiuMvB7vyiJgSj8/NTkRci/U
+X/rVXv8rbCRjvYFX3x5/53f4hc6HKz7JQI4qqB7Fl5N86zp+BsQxNQ4tzous9S2H
+Td2/zdTwVsvO+H9l3FahmVp/m2IHE4W27JYoF49qP10=
+</P>
+<Q>
+v/xzWqjRviekk2rMW3wpYspT9Us=
+</Q>
+<G>
+UIyzUDlLe6uCCgF4Rh98fiKZvg64UJ4FM5L+WbCSMmVsFN06fTwxy3naPPOCzzou
+fsHv/Bve2gvrDvd078oXWJJf9A44pIZnJkdjEhm2RsDFpXNq0tPKZFcjVsdmqg4M
+X6YNuwpvZuTwSoDG5u1QMN0mmH9gmbIT3j9x4MO+7EY=
+</G>
+<Y>
+On+KBJE3q1TRhG9RspNX01VI5C0VzSy4N/QyC4YzEENoq3GJkKHIYq+grq9ZqV9x
+g2Geo/3mqhdcENOtYRmWEfOZJj18oukD6TNceYRZ4HjHjK3WY3wK2OV6QOly+k3f
+xgEQpP/7IlCka5YICLuHXrbqjn5b0XcK9L2GDtWOyjs=
+</Y>
+</DSAKeyValue>
+</KeyValue>
+    </KeyInfo>
+  </Signature>

+<Something>Some important data</Something></Envelope> +
+
+
+

Aleksey Sanin

+
+ diff --git a/docs/api-0.0.x/examples/example-dsig2.html b/docs/api-0.0.x/examples/example-dsig2.html new file mode 100644 index 000000000..38066b061 --- /dev/null +++ b/docs/api-0.0.x/examples/example-dsig2.html @@ -0,0 +1,412 @@ + + + +XML Security Library: Example - Creating signature dynamically. + + + + +
+XML Security Library

+ +LibXML2
LibXSLT
OpenSSL +		 + + +
+
+

XML Digital Signature
+ Example 2. Creating signature dynamically.

+
+

+ In this example we will add a signature to the document +dynamically. Comparing to the first example, + now we are going to create the signature section of the template ourselves instead of loading + it from the file. This way gives an application more flexibility but requires + more work on the part of the software developer. Moreover, you can add all required + information to the document yourself! XML Security Library simplifies +this task, but you are not required to use it! Of course, you have to read +XMLDSig specification before.
+ The source code for this example is included in the package: + source code + , the original template + and the signed document + .
+

+

Step 0. Initializing LibXML, OpenSSL and XML Security Library.

+

+ Before using the libraries we need to initialize them. This + should be done once in the beginning of your program
+    
+     int rnd_seed = 0;   

+     /**
+      * Init OpenSSL:
+      * this is a BAD way to init random numbers
+      * generator
+      */   
+     while (RAND_status() != 1) {
+        RAND_seed(&rnd_seed, sizeof(rnd_seed));
+     }
+    
+     /**
+      * Init libxml
+      */    
+     xmlInitParser();
+     LIBXML_TEST_VERSION
+  
+      /**
+      * Init xmlsec
+      */
+     xmlSecInit();   

+

+

Step 1. Loading key and creating the DSig context.

+

+ Before signing or verifying the document you should create + DSig context object.  In most case you will need only one DSig +context object per application

+     xmlSecKeysMngrPtr keysMngr = NULL;
+     xmlSecDSigCtxPtr dsigCtx = NULL;
+    
+     /**
+      * Create Keys managers
+      */
+     keysMngr = xmlSecSimpleKeysMngrCreate();    +
+     if(keysMngr == NULL) {
+       fprintf(stderr, "Error: failed to create + keys manager\n");
+       goto done;   
+     }

+     /**
+      * load key
+      */
+     if(xmlSecSimpleKeysMngrLoadPemKey(keysMngr, argv[1], NULL, NULL, 1) == NULL) {
+       fprintf(stderr, "Error: failed to load +key from \"%s\"\n", argv[1]);
+       goto done;
+     }
+  
+    
+     /**
+      * Create Signature Context
+      */
+     dsigCtx = xmlSecDSigCtxCreate(keysMngr);
+     if(dsigCtx == NULL) {
+       fprintf(stderr,"Error: failed to create +dsig context\n");
+       goto done;
+     }
+

+

Step 2. Loading the document.

+

+ In this example, we will load document from a file. The real application + probably creates document itself.

+       xmlDocPtr doc = NULL;    +

+     /**
+      * build an XML tree from a the file; + we need to add default
+      * attributes and resolve all character + and entities references
+      */
+     xmlLoadExtDtdDefaultValue = XML_DETECT_IDS + | XML_COMPLETE_ATTRS;
+     xmlSubstituteEntitiesDefault(1);

+     /**
+      * Load doc
+      */
+     doc = xmlParseFile(argv[2]);
+     if (doc == NULL) {
+        fprintf(stderr, "Error    + : unable to parse file \"%s\"\n", argv[2]);
+        goto done;
+     }
+    
+     /**
+      * Check the document is of the right + kind
+      */   
+     if(xmlDocGetRootElement(doc) == NULL) {
+         fprintf(stderr,"Error: + empty document for file \"%s\"\n", argv[2]);
+         goto done;
+     }   +

+

Step 3. addSignature() function

+

+ The XMLDSig standard defines <Signature> element that +holds all signature information. XML Security Library provides functions +to create the Signature element dynamically. However, you are not limited +to use XML Security Library for this and can create the template yourself! + In this example, we use a separate  addSignature () function + to add signature to the end of the document: 
+

+
+xmlNodePtr addSignature(xmlDocPtr doc) {
+     xmlNodePtr signatureNode;
+     xmlNodePtr signedInfoNode;
+     xmlNodePtr keyInfoNode;
+     xmlNodePtr referenceNode;
+     xmlNodePtr cur;

+     /**
+      * Create Signature node
+      */
+     signatureNode = xmlSecSignatureCreate("NULL");
+     if(signatureNode == NULL) {
+         fprintf(stderr,"Error: failed +to create signature\n");
+         return(NULL);
+     }   

+     /**
+      * Add SignedInfo and set c14n and signature +methods
+      */
+     signedInfoNode = xmlSecSignatureAddSignedInfo(signatureNode, + NULL);
+     if(signedInfoNode == NULL) {
+         fprintf(stderr,"Error: failed +to add SignedInfo\n");
+         xmlSecSignatureDestroy(signatureNode);
+         return(NULL);
+     }

+     cur = xmlSecSignedInfoAddC14NMethod(signedInfoNode, + xmlSecC14NInclusive);
+     if(cur == NULL) {
+         fprintf(stderr,"Error: failed +to add C14N method\n");
+         xmlSecSignatureDestroy(signatureNode);
+         return(NULL);
+     }

+     cur = xmlSecSignedInfoAddSignMethod(signedInfoNode, + xmlSecSignDsaSha1);
+     if(cur == NULL) {
+         fprintf(stderr,"Error: failed +to add sign method\n");
+         xmlSecSignatureDestroy(signatureNode);
+         return(NULL);
+     }

+     /**
+      * Create Reference node with SHA1 as digest +method and
+      * enveloped transform
+      */
+     referenceNode = xmlSecSignedInfoAddReference(signedInfoNode,
+                 +     NULL,
+                 +     NULL,
+                 +     NULL);
+     if(referenceNode == NULL) {
+         fprintf(stderr,"Error: failed +to add Reference\n");
+         xmlSecSignatureDestroy(signatureNode);
+         return(NULL);
+     }

+     cur = xmlSecReferenceAddDigestMethod(referenceNode, + xmlSecDigestSha1);
+     if(cur == NULL) {
+         fprintf(stderr,"Error: failed +to add digest method\n");
+         xmlSecSignatureDestroy(signatureNode);
+         return(NULL);
+     }
+    
+     cur = xmlSecReferenceAddTransform(referenceNode, +
+                 +       xmlSecTransformEnveloped);
+     if(cur == NULL) {
+         fprintf(stderr,"Error: failed +to add enveloped transform\n");
+         xmlSecSignatureDestroy(signatureNode);
+         return(NULL);
+     }

+     /**
+      * Add KeyInfo node: for test purposes we will + put
+      * DSA key in the signature
+      */
+     keyInfoNode = xmlSecSignatureAddKeyInfo(signatureNode, + NULL); 
+     if(keyInfoNode == NULL) {
+         fprintf(stderr,"Error: failed +to add KeyInfo\n");
+         xmlSecSignatureDestroy(signatureNode);
+         return(NULL);
+     }
+    
+     cur = xmlSecKeyInfoAddKeyValue(keyInfoNode);
+     if(cur == NULL) {
+         fprintf(stderr,"Error: failed +to add KeyValue node\n");
+         xmlSecSignatureDestroy(signatureNode);
+         return(NULL);
+     }

    /**
+      * Add the signature to the end of the document
+      */   
+     if(xmlAddChild(xmlDocGetRootElement(doc), signatureNode) + == NULL) {
+         fprintf(stderr,"Error: failed +to add Signature\n");
+         xmlSecSignatureDestroy(signatureNode);
+         return(NULL);
+     }
 
+      return(signatureNode);
+ }
+
+

Step 4. Add Signature node and sign!

+

+ Add the Signature node using addSignature () function and sign +:

    xmlSecDSigResultPtr result;
+      xmlNodePtr signatureNode;   +

+     /**
+      * Add Signature
+      */
+     signatureNode = addSignature(doc);
+     if(signatureNode == NULL) {
+         fprintf(stderr,"Error: failed + to add signature\n");
+          goto done;
+     }

+     /**
+      * Sign It!
+      */
+     ret = xmlSecDSigGenerate(dsigCtx, NULL, NULL, signatureNode, &result);
+     if(ret < 0) {
+         fprintf(stderr,"Error: signature + failed\n");
+         goto done;
+     }   +

+

Step 5. Now we can print the result.

+

+ Simply print the document to stdout:

+     xmlChar* string;
+     /**
+      * Print out result document
+      */
+     xmlDocDumpMemoryEnc(doc, &string, + &len, NULL);
+     if(result == NULL) {
+       fprintf(stderr,"Error: failed +to dump document to memory\n");
+       goto done;
+     }
+     fwrite(string, len, 1, stdout);
+     xmlFree(string);
+

+

Step 6. Cleanup.

+

+ At the end we need to destroy DSig context, the doc and +KeysManager; shutdown XML Security Library, LIBXml and OpenSSL
+ (please note that we do not delete created Signature, Reference + andKeyInfo nodes separately because all nodes are included in the + XML document doc):
+      /*
+      * Cleanup
+      */
+     if(result != NULL) {
+         xmlSecSignatureDestroy(result);
+     }
+     if(dsigCtx != NULL) {
+        xmlSecDSigCtxDestroy(dsigCtx);
+     }
+     if(doc != NULL) {
+         xmlFreeDoc(doc);
+     }
+     
+     if(keysMngr != NULL) {
+        xmlSecSimpleKeysMngrDestroy(keysMngr);
+     }
+     
+     xmlSecShutdown();
+     
+     /*
+      * Shutdown libxml
+      */
+     xmlCleanupParser();
+     
+     /*
+      * Shutdown OpenSSL
+      */
+     RAND_cleanup();
+     ERR_clear_error(); +

+

Appendix A. The template document.

+
+<?xml version="1.0" encoding="UTF-8"?>
+ <Letter>
+     Hello, World!   
+     <Info Id="SomeData">
+     <!-- Commentary -->
+     <Data1> Some data </Data1>
+     <Data2> More data </Data2>
+     </Info>
+ </Letter>
+
+

Appendix B. The signed document.

+
<?xml version="1.0" encoding="UTF-8"?>
+ <Letter>
+     Hello, World!    
+     <Info Id="SomeData">
+     <!-- Commentary -->
+     <Data1> Some data </Data1>
+     <Data2> More data </Data2>
+     </Info>
+ <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/>
+ <Reference Id="reference-1" URI="#xpointer(id('SomeData'))">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments"/>
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+ <DigestValue>x/tL8hKZQyExW6ba0pi5h8eWRCc=</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>sSXCVpcCRydyUIebOFA1xw2Yfgy+YP0Dd41jIz/57iGbowwqyODPfA==</SignatureValue>
+ <KeyInfo Id="">
+ <KeyValue>
+ <DSAKeyValue>
+ <P>
+ imW6KYBPYXAf6itSAuYs1aLPfs8/vBEiusv/pl1XMiuMvB7vyiJgSj8/NTkRci/U
+ X/rVXv8rbCRjvYFX3x5/53f4hc6HKz7JQI4qqB7Fl5N86zp+BsQxNQ4tzous9S2H
+ Td2/zdTwVsvO+H9l3FahmVp/m2IHE4W27JYoF49qP10=
+ </P>
+ <Q>
+ v/xzWqjRviekk2rMW3wpYspT9Us=
+ </Q>
+ <G>
+ UIyzUDlLe6uCCgF4Rh98fiKZvg64UJ4FM5L+WbCSMmVsFN06fTwxy3naPPOCzzou
+ fsHv/Bve2gvrDvd078oXWJJf9A44pIZnJkdjEhm2RsDFpXNq0tPKZFcjVsdmqg4M
+ X6YNuwpvZuTwSoDG5u1QMN0mmH9gmbIT3j9x4MO+7EY=
+ </G>
+ <Y>
+ On+KBJE3q1TRhG9RspNX01VI5C0VzSy4N/QyC4YzEENoq3GJkKHIYq+grq9ZqV9x
+ g2Geo/3mqhdcENOtYRmWEfOZJj18oukD6TNceYRZ4HjHjK3WY3wK2OV6QOly+k3f
+ xgEQpP/7IlCka5YICLuHXrbqjn5b0XcK9L2GDtWOyjs=
+ </Y>
+ </DSAKeyValue>
+ </KeyValue>
+ </KeyInfo>
+ </Signature></Letter>

+
+

Aleksey Sanin

+
+ diff --git a/docs/api-0.0.x/examples/example-dsig3.html b/docs/api-0.0.x/examples/example-dsig3.html new file mode 100644 index 000000000..a3cd5b75b --- /dev/null +++ b/docs/api-0.0.x/examples/example-dsig3.html @@ -0,0 +1,406 @@ + + + +XML Security Library: Example 3 - Creating signature dynamically (including Reference ID and C14N inclusive Transform. + + + + +
+XML Security Library

+ +LibXML2
LibXSLT
OpenSSL +		 + + +
+
+

XML Digital Signature
+ Example 3. Creating signature dynamically
(including Reference ID and C14N inclusive Transform).

+
+

+ This example is almost identical to Example 2, except it adds the ability to refer to the signed content by its reference ID. It also changes the Canonicalization method to C14N inclusive. This allows for the inclusion of comments in the XML content.
+ The source code for this example is included into the package: + source code + , the original template + and the signed document + .
+

+

Step 0. Initializing LibXML, OpenSSL and XML Security Library.

+

+ Before using the libraries we need to initialize them. This + should be done once in the beginning of your program
+    
+     int rnd_seed = 0;   

+     /**
+      * Init OpenSSL:
+      * this is a BAD way to init random numbers
+      * generator
+      */   
+     while (RAND_status() != 1) {
+        RAND_seed(&rnd_seed, sizeof(rnd_seed));
+     }
+    
+     /**
+      * Init libxml
+      */    
+     xmlInitParser();
+     LIBXML_TEST_VERSION
+  
+      /**
+      * Init xmlsec
+      */
+     xmlSecInit();   

+

+

Step 1. Loading key and creating the DSig context.

+

+ Before signing or verifying the document you should create + DSig context object.  In most case you will need only one DSig +context object per application

+     xmlSecKeysMngrPtr keysMngr = NULL;
+     xmlSecDSigCtxPtr dsigCtx = NULL;
+    
+     /**
+      * Create Keys managers
+      */
+     keysMngr = xmlSecSimpleKeysMngrCreate();    +
+     if(keysMngr == NULL) {
+       fprintf(stderr, "Error: failed to create + keys manager\n");
+       goto done;   
+     }

+     /**
+      * load key
+      */
+     if(xmlSecSimpleKeysMngrLoadPemKey(keysMngr, argv[1], NULL, NULL, 1) == NULL) {
+       fprintf(stderr, "Error: failed to load +key from \"%s\"\n", argv[1]);
+       goto done;
+     }
+  
+    
+     /**
+      * Create Signature Context
+      */
+     dsigCtx = xmlSecDSigCtxCreate(keysMngr);
+     if(dsigCtx == NULL) {
+       fprintf(stderr,"Error: failed to create +dsig context\n");
+       goto done;
+     }
+

+

Step 2. Loading the document.

+

+ In this example, we will load document from a file. The real application + probably creates document itself.

+       xmlDocPtr doc = NULL;    +

+     /**
+      * build an XML tree from a the file; + we need to add default
+      * attributes and resolve all character + and entities references
+      */
+     xmlLoadExtDtdDefaultValue = XML_DETECT_IDS + | XML_COMPLETE_ATTRS;
+     xmlSubstituteEntitiesDefault(1);

+     /**
+      * Load doc
+      */
+     doc = xmlParseFile(argv[2]);
+     if (doc == NULL) {
+        fprintf(stderr, "Error    + : unable to parse file \"%s\"\n", argv[2]);
+        goto done;
+     }
+    
+     /**
+      * Check the document is of the right + kind
+      */   
+     if(xmlDocGetRootElement(doc) == NULL) {
+         fprintf(stderr,"Error: + empty document for file \"%s\"\n", argv[2]);
+         goto done;
+     }   +

+

Step 3. addSignature() function

+

+ The XMLDSig standard defines <Signature> element that +holds all signature information. XML Security Library provides functions +to create the Signature element dynamically. However, you are not limited +to use XML Security Library for this and can create the template yourself! + In this example, we use a separate  addSignature () function + to add signature to the end of the document: 
+

+
+xmlNodePtr addSignature(xmlDocPtr doc) {
+     xmlNodePtr signatureNode;
+     xmlNodePtr signedInfoNode;
+     xmlNodePtr keyInfoNode;
+     xmlNodePtr referenceNode;
+     xmlNodePtr cur;

+     /**
+      * Create Signature node
+      */
+     signatureNode = xmlSecSignatureCreate("my-signature");
+     if(signatureNode == NULL) {
+         fprintf(stderr,"Error: failed +to create signature\n");
+         return(NULL);
+     }   

+     /**
+      * Add SignedInfo and set c14n and signature +methods
+      */
+     signedInfoNode = xmlSecSignatureAddSignedInfo(signatureNode, + NULL);
+     if(signedInfoNode == NULL) {
+         fprintf(stderr,"Error: failed +to add SignedInfo\n");
+         xmlSecSignatureDestroy(signatureNode);
+         return(NULL);
+     }

+     cur = xmlSecSignedInfoAddC14NMethod(signedInfoNode, + xmlSecC14NInclusive);
+     if(cur == NULL) {
+         fprintf(stderr,"Error: failed +to add C14N method\n");
+         xmlSecSignatureDestroy(signatureNode);
+         return(NULL);
+     }

+     cur = xmlSecSignedInfoAddSignMethod(signedInfoNode, + xmlSecSignDsaSha1);
+     if(cur == NULL) {
+         fprintf(stderr,"Error: failed +to add sign method\n");
+         xmlSecSignatureDestroy(signatureNode);
+         return(NULL);
+     }

+     /**
+      * Create Reference node with SHA1 as digest +method and one
+      * C14N transform to include comments in the +digest
+      */
+     referenceNode = xmlSecSignedInfoAddReference(signedInfoNode,
+                 +     "my-reference",
+                 +     "#xpointer(id('SomeData'))",
+                 +     NULL);
+     if(referenceNode == NULL) {
+         fprintf(stderr,"Error: failed +to add Reference\n");
+         xmlSecSignatureDestroy(signatureNode);
+         return(NULL);
+     }

+     cur = xmlSecReferenceAddDigestMethod(referenceNode, + xmlSecDigestSha1);
+     if(cur == NULL) {
+         fprintf(stderr,"Error: failed +to add digest method\n");
+         xmlSecSignatureDestroy(signatureNode);
+         return(NULL);
+     }
+    
+     cur = xmlSecReferenceAddTransform(referenceNode, +
+                 +       xmlSecC14NExclusiveWithComments);
+     if(cur == NULL) {
+         fprintf(stderr,"Error: failed +to add c14n transform\n");
+         xmlSecSignatureDestroy(signatureNode);
+         return(NULL);
+     }

+     /**
+      * Add KeyInfo node: for test purposes we will + put
+      * DSA key in the signature
+      */
+     keyInfoNode = xmlSecSignatureAddKeyInfo(signatureNode, + NULL); 
+     if(keyInfoNode == NULL) {
+         fprintf(stderr,"Error: failed +to add KeyInfo\n");
+         xmlSecSignatureDestroy(signatureNode);
+         return(NULL);
+     }
+    
+     cur = xmlSecKeyInfoAddKeyValue(keyInfoNode);
+     if(cur == NULL) {
+         fprintf(stderr,"Error: failed +to add KeyValue node\n");
+         xmlSecSignatureDestroy(signatureNode);
+         return(NULL);
+     }

    /**
+      * Add the signature to the end of the document
+      */   
+     if(xmlAddChild(xmlDocGetRootElement(doc), signatureNode) + == NULL) {
+         fprintf(stderr,"Error: failed +to add Signature\n");
+         xmlSecSignatureDestroy(signatureNode);
+         return(NULL);
+     }
 
+      return(signatureNode);
+ }
+
+

Step 4. Add Signature node and sign!

+

+ Add the Signature node using addSignature () function and sign +:

    xmlSecDSigResultPtr result;
+      xmlNodePtr signatureNode;   +

+     /**
+      * Add Signature
+      */
+     signatureNode = addSignature(doc);
+     if(signatureNode == NULL) {
+         fprintf(stderr,"Error: failed + to add signature\n");
+          goto done;
+     }

+     /**
+      * Sign It!
+      */
+     ret = xmlSecDSigGenerate(dsigCtx, NULL, NULL, signatureNode, &result);
+     if(ret < 0) {
+         fprintf(stderr,"Error: signature + failed\n");
+         goto done;
+     }   +

+

Step 5. Now we can print the result.

+

+ Simply print the document to stdout:

+     xmlChar* string;
+     /**
+      * Print out result document
+      */
+     xmlDocDumpMemoryEnc(doc, &string, + &len, NULL);
+     if(result == NULL) {
+       fprintf(stderr,"Error: failed +to dump document to memory\n");
+       goto done;
+     }
+     fwrite(string, len, 1, stdout);
+     xmlFree(string);
+

+

Step 6. Cleanup.

+

+ At the end we need to destroy DSig context, the doc and +KeysManager; shutdown XML Security Library, LIBXml and OpenSSL
+ (please note that we do not delete created Signature, Reference + andKeyInfo nodes separately because all nodes are included in the + XML document doc):
+      /*
+      * Cleanup
+      */
+     if(result != NULL) {
+         xmlSecSignatureDestroy(result);
+     }
+     if(dsigCtx != NULL) {
+        xmlSecDSigCtxDestroy(dsigCtx);
+     }
+     if(doc != NULL) {
+         xmlFreeDoc(doc);
+     }
+     
+     if(keysMngr != NULL) {
+        xmlSecSimpleKeysMngrDestroy(keysMngr);
+     }
+     
+     xmlSecShutdown();
+     
+     /*
+      * Shutdown libxml
+      */
+     xmlCleanupParser();
+     
+     /*
+      * Shutdown OpenSSL
+      */
+     RAND_cleanup();
+     ERR_clear_error(); +

+

Appendix A. The template document.

+
+<?xml version="1.0" encoding="UTF-8"?>
+ <Letter>
+     Hello, World!   
+     <Info Id="SomeData">
+     <!-- Commentary -->
+     <Data1> Some data </Data1>
+     <Data2> More data </Data2>
+     </Info>
+ </Letter>
+
+

Appendix B. The signed document.

+
<?xml version="1.0" encoding="UTF-8"?>
+ <Letter>
+     Hello, World!    
+     <Info Id="SomeData">
+     <!-- Commentary -->
+     <Data1> Some data </Data1>
+     <Data2> More data </Data2>
+     </Info>
+ <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/>
+ <Reference Id="reference-1" URI="#xpointer(id('SomeData'))">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments"/>
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+ <DigestValue>x/tL8hKZQyExW6ba0pi5h8eWRCc=</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>sSXCVpcCRydyUIebOFA1xw2Yfgy+YP0Dd41jIz/57iGbowwqyODPfA==</SignatureValue>
+ <KeyInfo Id="">
+ <KeyValue>
+ <DSAKeyValue>
+ <P>
+ imW6KYBPYXAf6itSAuYs1aLPfs8/vBEiusv/pl1XMiuMvB7vyiJgSj8/NTkRci/U
+ X/rVXv8rbCRjvYFX3x5/53f4hc6HKz7JQI4qqB7Fl5N86zp+BsQxNQ4tzous9S2H
+ Td2/zdTwVsvO+H9l3FahmVp/m2IHE4W27JYoF49qP10=
+ </P>
+ <Q>
+ v/xzWqjRviekk2rMW3wpYspT9Us=
+ </Q>
+ <G>
+ UIyzUDlLe6uCCgF4Rh98fiKZvg64UJ4FM5L+WbCSMmVsFN06fTwxy3naPPOCzzou
+ fsHv/Bve2gvrDvd078oXWJJf9A44pIZnJkdjEhm2RsDFpXNq0tPKZFcjVsdmqg4M
+ X6YNuwpvZuTwSoDG5u1QMN0mmH9gmbIT3j9x4MO+7EY=
+ </G>
+ <Y>
+ On+KBJE3q1TRhG9RspNX01VI5C0VzSy4N/QyC4YzEENoq3GJkKHIYq+grq9ZqV9x
+ g2Geo/3mqhdcENOtYRmWEfOZJj18oukD6TNceYRZ4HjHjK3WY3wK2OV6QOly+k3f
+ xgEQpP/7IlCka5YICLuHXrbqjn5b0XcK9L2GDtWOyjs=
+ </Y>
+ </DSAKeyValue>
+ </KeyValue>
+ </KeyInfo>
+ </Signature></Letter>
+
+

Aleksey Sanin

+
+ diff --git a/docs/api-0.0.x/examples/example-dsig4.html b/docs/api-0.0.x/examples/example-dsig4.html new file mode 100644 index 000000000..a4b8d06e4 --- /dev/null +++ b/docs/api-0.0.x/examples/example-dsig4.html @@ -0,0 +1,253 @@ + + + +XML Security Library: Example - Verifying signatures in the document + + + + +
+XML Security Library

+ +LibXML2
LibXSLT
OpenSSL +		 + + +
+
+

XML Digital Signature
+ Example 4. Verifying signatures in the document.

+
+

+ In this example we will verify a signature created in the +previous + example. The source code for this example is included into the package: + source code + and the signed document. +
+

+

Step 0. Initializing LibXML, OpenSSL and XML Security Library. +Creating DSig context.

+

+ Before using the libraries we need to initialize them. This +should be done once in the beginning of your program.
+     int rnd_seed = 0;
+     xmlSecKeysMngrPtr keysMngr = NULL;
+     xmlSecDSigCtxPtr dsigCtx = NULL;

+     /**
+      * Init OpenSSL
+      */   
+     while (RAND_status() != 1) {
+         RAND_seed(&rnd_seed, sizeof(rnd_seed));
+     }
+    
+     /*
+      * Init libxml
+      */    
+     xmlInitParser();
+     LIBXML_TEST_VERSION

+     /*
+      * Init xmlsec
+      */
+     xmlSecInit();   

+     /**
+      * Create Keys managers
+      */
+     keysMngr = xmlSecSimpleKeysMngrCreate();    +
+     if(keysMngr == NULL) {
+         fprintf(stderr, "Error: failed to create +keys manager\n");
+         goto done;   
+     }

+     dsigCtx = xmlSecDSigCtxCreate(keysMngr);
+     if(dsigCtx == NULL) {
+         fprintf(stderr,"Error: failed to create +dsig context\n");
+         goto done;
+     }
+       
+

+

Step 1. Loading the document.

+

+ XMLDSig requires the XML document to be loaded with all default + attributes propagated to the nodes, all entities replaced, etc. (this + is required for correct document + Canonicalization + ). In the LibXML this means that you need to take special actions + when loading document from an URI:

+       xmlDocPtr doc = NULL;    +

+     /**
+      * build an XML tree from a the file; + we need to add default
+      * attributes and resolve all character + and entities references
+      */
+     xmlLoadExtDtdDefaultValue = XML_DETECT_IDS + | XML_COMPLETE_ATTRS;
+     xmlSubstituteEntitiesDefault(1);

+     /**
+      * Load doc
+      */
+     doc = xmlParseFile(argv[2]);
+     if (doc == NULL) {
+        fprintf(stderr, "Error    + : unable to parse file \"%s\"\n", argv[1]);
+        goto done;
+     }
+    
+     /**
+      * Check the document is of the right + kind
+      */   
+     if(xmlDocGetRootElement(doc) == NULL) {
+         fprintf(stderr,"Error: + empty document for file \"%s\"\n", argv[1]);
+         goto done;
+     }
+    
+ In this example we set global flags to control how the document + is loaded. In the real life you would probably want to control the +loading on "per-document" basis. Check the libxml/c14n.h header file +from LibXML distribution for details.
+

+

Step 2. Verify It!

+

+ We are ready to sign the document but first we need to find +<Signature> node:

+     xmlNodePtr signNode;
+    xmlSecDSigResultPtr result = NULL;

    signNode = xmlSecFindNode(xmlDocGetRootElement(doc), +BAD_CAST "Signature", xmlSecDSigNs);
+    if(signNode == NULL) {
+        fprintf(stderr,"Error: failed +to find Signature node\n");
+        goto done;
+    } 
+      
+    /**
+      * Verify It!
+      */
+     ret = xmlSecDSigValidate(dsigCtx, NULL, NULL, signNode, &result);
+     if(ret < 0) {
+         fprintf(stderr,"Error: verification +failed\n");
+         goto done;
+     }     + +

+

Step 3. Print results.

+

+ In our example we will use an XML Security Library function to print the +verification results. Real application should process signature objects list +(there could be more than one signature in the document!) by itself.
+       /*
+      * Print out result    
+      */
+     xmlSecDSigResultDebugDump(result, stdout);
+

+

Step 4. Cleanup.

+

+ At the end we need to destroy DSig context, the doc and KeysManager; + shutdown libxml and OpenSSL
+ (please note that we do not delete creted Signature and Reference + nodes separatelly because both nodes are included into the XML document + doc):
+      /**
+      * Cleanup
+      */
+     if(result != NULL) {
+        xmlSecDSigResultDestroy(result);
+     }
+     if(dsigCtx != NULL) {
+        xmlSecDSigCtxDestroy(dsigCtx);
+     }
+     if(doc != NULL) {
+       xmlFreeDoc(doc);
+     }
+     
+     if(keysMngr != NULL) {
+       xmlSecSimpleKeysMngrDestroy(keysMngr);
+     }
+     
+     xmlSecShutdown();
+     
+     /*
+      * Shutdown libxml
+      */
+     xmlCleanupParser();
+     
+     /*
+      * Shutdown OpenSSL
+      */
+     RAND_cleanup();
+     ERR_clear_error(); +

+

Appendix A. The verification output.

+
+= SIGNATURE (validate)
== result: OK
== sign method: http://www.w3.org/2000/09/xmldsig#dsa-sha1
== key name: (null)
== key origin: 0
== start buffer:
<SignedInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></CanonicalizationMethod>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"></SignatureMethod>
<Reference Id="reference-1" URI="#xpointer(id('SomeData'))">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments"></Transform>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod><DigestValue>x/tL8hKZQyExW6ba0pi5h8eWRCc=</DigestValue>
</Reference>
</SignedInfo>
== end buffer
== SIGNED INFO REFERENCES
==== REFERENCE
===== ref type: SignedInfo Reference
===== result: OK
===== digest method: http://www.w3.org/2000/09/xmldsig#sha1
===== uri: #xpointer(id('SomeData'))
===== type: NULL
===== id: reference-1
===== start buffer:
<Info Id="SomeData">
    <!-- Commentary -->
    <Data1> Some data </Data1>
    <Data2> More data </Data2>
    </Info>
===== end buffer
+
+

Appendix B. The signed document.

+
<?xml version="1.0" encoding="UTF-8"?>
+ <Letter>
+     Hello, World!    
+     <Info Id="SomeData">
+     <!-- Commentary -->
+     <Data1> Some data </Data1>
+     <Data2> More data </Data2>
+     </Info>
+ <Something>Some important data</Something><Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/>
+ <Reference Id="reference-1" URI="#xpointer(id('SomeData'))">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments"/>
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+ <DigestValue>x/tL8hKZQyExW6ba0pi5h8eWRCc=</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>uwYbk29Juoe8B0eCW6aAjw4t+QBT7oQsjAmQnu8fFQPNy0RwP6pWNA==</SignatureValue>
+ <KeyInfo Id="">
+ <KeyValue>
+ <DSAKeyValue>
+ <P>
+ imW6KYBPYXAf6itSAuYs1aLPfs8/vBEiusv/pl1XMiuMvB7vyiJgSj8/NTkRci/U
+ X/rVXv8rbCRjvYFX3x5/53f4hc6HKz7JQI4qqB7Fl5N86zp+BsQxNQ4tzous9S2H
+ Td2/zdTwVsvO+H9l3FahmVp/m2IHE4W27JYoF49qP10=
+ </P>
+ <Q>
+ v/xzWqjRviekk2rMW3wpYspT9Us=
+ </Q>
+ <G>
+ UIyzUDlLe6uCCgF4Rh98fiKZvg64UJ4FM5L+WbCSMmVsFN06fTwxy3naPPOCzzou
+ fsHv/Bve2gvrDvd078oXWJJf9A44pIZnJkdjEhm2RsDFpXNq0tPKZFcjVsdmqg4M
+ X6YNuwpvZuTwSoDG5u1QMN0mmH9gmbIT3j9x4MO+7EY=
+ </G>
+ <Y>
+ On+KBJE3q1TRhG9RspNX01VI5C0VzSy4N/QyC4YzEENoq3GJkKHIYq+grq9ZqV9x
+ g2Geo/3mqhdcENOtYRmWEfOZJj18oukD6TNceYRZ4HjHjK3WY3wK2OV6QOly+k3f
+ xgEQpP/7IlCka5YICLuHXrbqjn5b0XcK9L2GDtWOyjs=
+ </Y>
+ </DSAKeyValue>
+ </KeyValue>
+ </KeyInfo>
+ </Signature></Letter>
+
+

Aleksey Sanin

+
+ diff --git a/docs/api-0.0.x/examples/example-enc1.html b/docs/api-0.0.x/examples/example-enc1.html new file mode 100644 index 000000000..020270554 --- /dev/null +++ b/docs/api-0.0.x/examples/example-enc1.html @@ -0,0 +1,323 @@ + + + +XML Security Library: Example - Encryption + + + + +
+XML Security Library

+ +LibXML2
LibXSLT
OpenSSL +		 + + +
+
+

XML Encryption
+ Example 1. Encrypting

+
+

+ To encrypt data using XML Security Library the application should:
+

+
    +
  1. Create encryption context (depending on the application it could + be done once in the beggining of the program).
    +
    2. +
  2. Create or load encryption template that describes the encryption + algorithm, encryption key transport mechanism, etc.
    3. +
  3. Call one of the encryption functions:
      +
    • xmlSecEncryptMemory()
      • +
    • xmlSecEncryptUri()
      • +
    • +xmlSecEncryptXmlNode()
      +
      • +
    +
    4. +
  4. Verifiy the result.
    5. +
+

+ In this example, we will encrypt a string using DES3 algorithm with +session key which will be RSA encrypted and included into the XML document. +The source code for this example is included into the package: + source code + and the encrypted document + .
+

+

Step 0. Initializing LibXML, OpenSSL and XML Security Library.

+

+ Before using the libraries we need to initialize them. This + should be done once in the beginning of your program
+    
+     int rnd_seed = 0;   

+     /**
+      * Init OpenSSL:
+      * this is a BAD way to init random numbers
+      * generator
+      */   
+     while (RAND_status() != 1) {
+        RAND_seed(&rnd_seed, +sizeof(rnd_seed));
+     }
+    
+     /**
+      * Init libxml
+      */    
+     xmlInitParser();
+     LIBXML_TEST_VERSION
+  
+      /**
+      * Init xmlsec
+      */
+     xmlSecInit();   

+

+

Step 1. Loading key and creating the encryption context.

+

+ Before encrypting or decrypting the document you should create + encryption context object.  In most case you will need only one + context object per application

+     xmlSecKeysMngrPtr keysMngr= NULL;
+      xmlSecEncCtxPtr ctx = NULL;
+    
+     /**
+      * Create Keys managers
+      */
+     keysMngr = xmlSecSimpleKeysMngrCreate();    +
+     if(keysMngr == NULL) {
+       fprintf(stderr, "Error: failed to create keys + manager\n");
+       return(-1);   
+     }

+  
+     /**
+      * Create enc context
+      */
+     ctx = xmlSecEncCtxCreate(keysMngr);
+     if(ctx == NULL) {
+       fprintf(stderr, "Error: template failed to create context\n");
+       return(-1)
+     }
+     /**
+      * load key public rsa key
+      */
+     if(xmlSecSimpleKeysMngrLoadPemKey(keysMngr, argv[1], NULL, NULL, 0) == NULL) {
+       fprintf(stderr, "Error: failed to load key from \"%s\"\n", argv[1]);
+       return(-1);
+     }
+  
+

+

Step 2. Creating the template.

+

+ In this example we will create encryption template dynamically. However, + you can also prepare encryption templates manually, save as XML files and + quickly load them into the application.

    xmlNodePtr encKey = NULL;
+     xmlNodePtr encData = NULL;
+     xmlSecEncResultPtr result = NULL;
+     xmlNodePtr cur;
+     int ret;
+    
+     /**
+      * Create the EncryptedData node
+      */
+     encData = xmlSecEncDataCreate(NULL, NULL, NULL, NULL);
+     if(encData == NULL) {
+       fprintf(stderr, "Error: template + creation failed\n");
      goto done;   +  
+     }

+     /**
+      * Set the encryption method
+      */
+     cur = xmlSecEncDataAddEncMethod(encData, xmlSecEncDes3Cbc);
+     if(cur == NULL) {
+ fprintf(stderr, "Error: failed to add Enc Method\n");
+       goto done;    
+     }

+     /**
+      * Add EncryptionProperties node just for fun
+      */
+     cur = xmlSecEncDataAddEncProperty(encData, BAD_CAST "Classified", + NULL);
+     if(cur == NULL) {
+       fprintf(stderr, "Error: failed to add KeyInfo\n");
+       goto done;    
+     }
+     xmlSetProp(cur, BAD_CAST "Level", BAD_CAST "Top secret: + destroy before reading");

+     /**
+      * The encrypted data should be saved in CipherValue + node
+      */
+     cur = xmlSecEncDataAddCipherValue(encData);    +
+     if(cur == NULL) {
+       fprintf(stderr, "Error: failed to add CipherValue\n");
+       goto done;    
+     }

+     /**
+      * Add key info node
+      */
+     cur = xmlSecEncDataAddKeyInfo(encData);
+     if(cur == NULL) {
+       fprintf(stderr, "Error: failed to add KeyInfo\n");
+       goto done;    
+     }

+     /**
+      * The session DES key will be RSA encrypted and + included
+      * in the message
+      */
+     encKey = xmlSecKeyInfoAddEncryptedKey(cur, NULL, NULL, + NULL);
+     if(encKey == NULL) {
+       fprintf(stderr, "Error: failed to add EncryptedKey\n");
+       goto done;    
+     }
+    
+     /**
+      * Set the encryption method for encrypting the + key
+      */
+     cur = xmlSecEncDataAddEncMethod(encKey, xmlSecEncRsaOaep);
+     if(cur == NULL) {
+       fprintf(stderr, "Error: failed to add EncryptedKey + Enc Method\n");
+       goto done;    
+     }
+    
+     /**
+      * The encrypted key should be stored in XML document
+      */
+     cur = xmlSecEncDataAddCipherValue(encKey);    +
+     if(cur == NULL) {
+       fprintf(stderr, "Error: failed to add EncryptedKey + CipherValue\n");
+       goto done;    
+     }

+     /**
+      * Now specify the key used to encrypt session +key
+      */
+     cur = xmlSecEncDataAddKeyInfo(encKey);
+     if(cur == NULL) {
+       fprintf(stderr, "Error: failed to add EncryptedKey + KeyInfo\n");
+       goto done;    
+     }

+     cur = xmlSecKeyInfoAddKeyName(cur);
+     if(cur == NULL) {
+       fprintf(stderr, "Error: failed to add EncryptedKey + KeyName\n");
+       goto done;    
+     }          

+

+

Step 3. Encrypt the data and print result document to stdout.

+

+ We are ready to encrypt the document!
+    
+     static const char buf[] = "big secret";
 
+    /**
+      * Finally encrypt everything
+      */
+     ret = xmlSecEncryptMemory(ctx, NULL, NULL, encData, (const unsigned + char*)buf,
+                  + strlen(buf), &result);
+     if(ret < 0) {
+        fprintf(stderr, "Error: memory encryption + failed\n");
+        goto done;    
+     }
+     
+     /**
+      * And print result to stdout
+      */           +       
+     xmlDocDump(stdout, encData->doc) +

+

Step 4. Cleanup.

+

+ At the end we need to destroy encryption context, the doc +and KeysManager; shutdown XML Security Library, libxml and OpenSSL:

+      /*
+      * Cleanup
+      */  
+     if(ctx != NULL) {
+        xmlSecEncCtxDestroy(ctx);
+     }
+     if(keysMngr != NULL) {
+        xmlSecSimpleKeysMngrDestroy(keysMngr);
+     }
+     
+     /**
+      * Shutdown XML Sec
+      */
+     xmlSecShutdown();

+     /**
+      * Shutdown libxslt
+      */
+     xsltCleanupGlobals();

+     /*
+      * Shutdown libxml
+      */
+     xmlCleanupParser();
+     
+     /*
+      * Shutdown OpenSSL
+      */
+     RAND_cleanup();
+     ERR_clear_error(); +

+

Appendix A. The encrypted document.

+
+<?xml version="1.0"?>
+ <EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/>
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <KeyName>test-rsa-key</KeyName>
+ </KeyInfo>
+ <CipherData>
+ <CipherValue>
+ ETFcDnUPrXyZpaUNDCbe6r6E+YIWmoXBcppWHgv03H+0jIH+w74YKRJh601KUA4u
+ KDUK/MbglWQ40FvQ4vhOC4X0uGtWizRllOoZJHn9ppzAcIuwURQOIjCNl9GtrcEx
+ 14HNIlUoAEXjIbbwSaGCS5u4IdtxzhS2f9P8INh5PkpJjV9EYT73cbX4Cq5e4Yto
+ Puox+NUpfOhSfPhTf+41+3u99Nn6oaxlLokfl//lbSE8gD2Yo48cyXN2HkX4tchF
+ qOFdCb5bYXA/NmLnrdXXm1Fpuf4QoLDXmbfrCXGF+mHSBkVC1C49FL4ynIVGcBF3
+ FibDfsohFvg/ucbDhKHNVQ==
+ </CipherValue>
+ </CipherData>
+ </EncryptedKey>
+ </KeyInfo>
+ <CipherData>
+ <CipherValue>
+ BwP8RHXhJ8xcFVSONxfkwOxhgZNElAmJbaaAdzAIjbk=
+ </CipherValue>
+ </CipherData>
+ <EncryptionProperties>
+ <EncryptionProperty Id="Classified" Level="Top secret"/>
+ </EncryptionProperties>
+ </EncryptedData>
+
+
+

Aleksey Sanin

+
+ diff --git a/docs/api-0.0.x/examples/example-enc2.html b/docs/api-0.0.x/examples/example-enc2.html new file mode 100644 index 000000000..6529a67b1 --- /dev/null +++ b/docs/api-0.0.x/examples/example-enc2.html @@ -0,0 +1,233 @@ + + + +XML Security Library: Example - Decryption + + + + +
+XML Security Library

+ +LibXML2
LibXSLT
OpenSSL +		 + + +
+
+

XML Encryption
+ Example 1. Encrypting

+
+

+ To decrypt data using XML Security Library the application should:
+

+
    +
  1. Create decryption context (depending on the application it could + be done once in the beggining of the program).
    +
    2. +
  2. Call decryption functions:
      +
    • xmlSecDecrypt()
      • +
    +
    3. +
  3. Verifiy the result and continue decrypted data processing.
    4. +
+

+ In this example, we will decrypt XML document encrypted in + previous example. The source code + for this example is included into the package.
+

+

Step 0. Initializing LibXML, OpenSSL and XML Security Library.

+

+ Before using the libraries we need to initialize them. This + should be done once in the beginning of your program
+    
+     int rnd_seed = 0;    +

+     /**
+      * Init OpenSSL:
+      * this is a BAD way to init random numbers +
+      * generator
+      */   
+     while (RAND_status() != 1) {
+        RAND_seed(&rnd_seed, +sizeof(rnd_seed));
+     }
+    
+     /**
+      * Init libxml
+      */    
+     xmlInitParser();
+     LIBXML_TEST_VERSION
+  
+      /**
+      * Init xmlsec
+      */
+     xmlSecInit();   

+

+

Step 1. Loading key and creating the encryption context.

+

+ Before encrypting or decrypting the document you should +create encryption context object.  In most case you will need +only one context object per application

+      xmlSecKeysMngrPtr keysMngr = NULL;
+     xmlSecEncCtxPtr ctx = NULL;
+    
+     /**
+      * Create Keys managers
+      */
+     keysMngr = xmlSecSimpleKeysMngrCreate();    +
+     if(keysMngr == NULL) {
+       fprintf(stderr, "Error: failed to create keys + manager\n");
+       return(-1);   
+     }

+  

+     /**
+      * Create enc context
+      */
+     ctx = xmlSecEncCtxCreate(keysMngr);
+     if(ctx == NULL) {
+       fprintf(stderr, "Error: template failed to create context\n");
+       return(-1)
+     }

+     /**
+      * load key private rsa key
+      */
+     if(xmlSecSimpleKeysMngrLoadPem(keysMgr, argv[1], NULL, NULL, 1) == NULL) {
+       fprintf(stderr, "Error: failed to load key from \"%s\"\n", argv[1]);
+       return(-1);
+     }

 +

+

Step 2. Load the document, decrypt and print result document to +stdout.

+

+ We are ready to decrypt the document!
+    
+     xmlDocPtr doc = NULL;
+    xmlSecEncResultPtr result = NULL;
+    int ret;


+    /*
+     * build an XML tree from a the file; we need to +add default
+     * attributes and resolve all character and entities +references
+     */
+    xmlLoadExtDtdDefaultValue = XML_DETECT_IDS | XML_COMPLETE_ATTRS;
+    xmlSubstituteEntitiesDefault(1);

+    doc = xmlParseFile(filename);
+    if (doc == NULL) {
+       fprintf(stderr, "Error: unable to parse file \"%s\"\n", +filename);
+       goto done;   
+    }
+    
+    /*
+     * Check the document is of the right kind
+     */    
+    if(xmlDocGetRootElement(doc) == NULL) {
+       fprintf(stderr,"Error: empty document for file +\"%s\"\n", filename);
+       goto done;   
+    }
+    
+    /**
+     * Decrypt
+     */
+    ret = xmlSecDecrypt(ctx, NULL, NULL, xmlDocGetRootElement(doc), &result);
+    if(ret < 0) {
+       fprintf(stderr, "Error: decryption failed\n");
+       goto done;   
+    }
+    
+    /**
+     * And print result to stdout
+     */            +    
+     ret = fwrite(xmlBufferContent(result->buffer),xmlBufferLength(result->buffer),
+                  +1, stdout);     +

+

Step 3. Cleanup.

+

+ At the end we need to destroy encryption context, the doc + and KeysManager; shutdown XML Security Library, libxml and OpenSSL:

+      /*
+      * Cleanup
+      */  
+     if(ctx != NULL) {
+        xmlSecEncCtxDestroy(ctx);
+     }
+     if(keysMngr != NULL) {
+        xmlSecSimpleKeysMngrDestroy(keysMngr);
+     }
+     
+     /**
+      * Shutdown XML Sec
+      */
+     xmlSecShutdown();

+     /**
+      * Shutdown libxslt
+      */
+     xsltCleanupGlobals();

+     /*
+      * Shutdown libxml
+      */
+     xmlCleanupParser();
+     
+     /*
+      * Shutdown OpenSSL
+      */
+     RAND_cleanup();
+     ERR_clear_error(); +

+

Appendix A. The encrypted document.

+
<?xml version="1.0"?>
+ <EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/>
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <KeyName>test-rsa-key</KeyName>
+ </KeyInfo>
+ <CipherData>
+ <CipherValue>
+ ETFcDnUPrXyZpaUNDCbe6r6E+YIWmoXBcppWHgv03H+0jIH+w74YKRJh601KUA4u
+ KDUK/MbglWQ40FvQ4vhOC4X0uGtWizRllOoZJHn9ppzAcIuwURQOIjCNl9GtrcEx
+ 14HNIlUoAEXjIbbwSaGCS5u4IdtxzhS2f9P8INh5PkpJjV9EYT73cbX4Cq5e4Yto
+ Puox+NUpfOhSfPhTf+41+3u99Nn6oaxlLokfl//lbSE8gD2Yo48cyXN2HkX4tchF
+ qOFdCb5bYXA/NmLnrdXXm1Fpuf4QoLDXmbfrCXGF+mHSBkVC1C49FL4ynIVGcBF3
+ FibDfsohFvg/ucbDhKHNVQ==
+ </CipherValue>
+ </CipherData>
+ </EncryptedKey>
+ </KeyInfo>
+ <CipherData>
+ <CipherValue>
+ BwP8RHXhJ8xcFVSONxfkwOxhgZNElAmJbaaAdzAIjbk=
+ </CipherValue>
+ </CipherData>
+ <EncryptionProperties>
+ <EncryptionProperty Id="Classified" Level="Top secret"/>
+ </EncryptionProperties>
+ </EncryptedData> +
+
+

Aleksey Sanin

+
+ diff --git a/docs/api-0.0.x/index.html b/docs/api-0.0.x/index.html index 007020326..54e8fec96 100644 --- a/docs/api-0.0.x/index.html +++ b/docs/api-0.0.x/index.html @@ -2,7 +2,7 @@
-XML Security Library

+XML Security Library

-LibXML2
LibXSLT
OpenSSL +LibXML2
LibXSLT
OpenSSL 		diff --git a/docs/api-0.0.x/xmlsec-base64.html b/docs/api-0.0.x/xmlsec-base64.html index 007020326..54e8fec96 100644 --- a/docs/api-0.0.x/xmlsec-base64.html +++ b/docs/api-0.0.x/xmlsec-base64.html @@ -2,7 +2,7 @@
-XML Security Library

+XML Security Library

-LibXML2
LibXSLT
OpenSSL +LibXML2
LibXSLT
OpenSSL 		diff --git a/docs/api-0.0.x/xmlsec-bn.html b/docs/api-0.0.x/xmlsec-bn.html index 007020326..54e8fec96 100644 --- a/docs/api-0.0.x/xmlsec-bn.html +++ b/docs/api-0.0.x/xmlsec-bn.html @@ -2,7 +2,7 @@
-XML Security Library

+XML Security Library

-LibXML2
LibXSLT
OpenSSL +LibXML2
LibXSLT
OpenSSL 		diff --git a/docs/api-0.0.x/xmlsec-buffered.html b/docs/api-0.0.x/xmlsec-buffered.html index 007020326..54e8fec96 100644 --- a/docs/api-0.0.x/xmlsec-buffered.html +++ b/docs/api-0.0.x/xmlsec-buffered.html @@ -2,7 +2,7 @@
-XML Security Library

+XML Security Library

-LibXML2
LibXSLT
OpenSSL +LibXML2
LibXSLT
OpenSSL 		diff --git a/docs/api-0.0.x/xmlsec-ciphers.html b/docs/api-0.0.x/xmlsec-ciphers.html index 007020326..54e8fec96 100644 --- a/docs/api-0.0.x/xmlsec-ciphers.html +++ b/docs/api-0.0.x/xmlsec-ciphers.html @@ -2,7 +2,7 @@
-XML Security Library

+XML Security Library

-LibXML2
LibXSLT
OpenSSL +LibXML2
LibXSLT
OpenSSL 		diff --git a/docs/api-0.0.x/xmlsec-debug.html b/docs/api-0.0.x/xmlsec-debug.html index 007020326..54e8fec96 100644 --- a/docs/api-0.0.x/xmlsec-debug.html +++ b/docs/api-0.0.x/xmlsec-debug.html @@ -2,7 +2,7 @@
-XML Security Library

+XML Security Library

-LibXML2
LibXSLT
OpenSSL +LibXML2
LibXSLT
OpenSSL 		diff --git a/docs/api-0.0.x/xmlsec-digests.html b/docs/api-0.0.x/xmlsec-digests.html index 007020326..54e8fec96 100644 --- a/docs/api-0.0.x/xmlsec-digests.html +++ b/docs/api-0.0.x/xmlsec-digests.html @@ -2,7 +2,7 @@
-XML Security Library

+XML Security Library

-LibXML2
LibXSLT
OpenSSL +LibXML2
LibXSLT
OpenSSL 		diff --git a/docs/api-0.0.x/xmlsec-errors.html b/docs/api-0.0.x/xmlsec-errors.html index 007020326..54e8fec96 100644 --- a/docs/api-0.0.x/xmlsec-errors.html +++ b/docs/api-0.0.x/xmlsec-errors.html @@ -2,7 +2,7 @@
-XML Security Library

+XML Security Library

-LibXML2
LibXSLT
OpenSSL +LibXML2
LibXSLT
OpenSSL 		diff --git a/docs/api-0.0.x/xmlsec-io.html b/docs/api-0.0.x/xmlsec-io.html index 007020326..54e8fec96 100644 --- a/docs/api-0.0.x/xmlsec-io.html +++ b/docs/api-0.0.x/xmlsec-io.html @@ -2,7 +2,7 @@
-XML Security Library

+XML Security Library

-LibXML2
LibXSLT
OpenSSL +LibXML2
LibXSLT
OpenSSL 		diff --git a/docs/api-0.0.x/xmlsec-keyinfo.html b/docs/api-0.0.x/xmlsec-keyinfo.html index 007020326..54e8fec96 100644 --- a/docs/api-0.0.x/xmlsec-keyinfo.html +++ b/docs/api-0.0.x/xmlsec-keyinfo.html @@ -2,7 +2,7 @@
-XML Security Library

+XML Security Library

-LibXML2
LibXSLT
OpenSSL +LibXML2
LibXSLT
OpenSSL 		diff --git a/docs/api-0.0.x/xmlsec-keys.html b/docs/api-0.0.x/xmlsec-keys.html index 007020326..54e8fec96 100644 --- a/docs/api-0.0.x/xmlsec-keys.html +++ b/docs/api-0.0.x/xmlsec-keys.html @@ -2,7 +2,7 @@
-XML Security Library

+XML Security Library

-LibXML2
LibXSLT
OpenSSL +LibXML2
LibXSLT
OpenSSL 		diff --git a/docs/api-0.0.x/xmlsec-keysinternal.html b/docs/api-0.0.x/xmlsec-keysinternal.html index 007020326..54e8fec96 100644 --- a/docs/api-0.0.x/xmlsec-keysinternal.html +++ b/docs/api-0.0.x/xmlsec-keysinternal.html @@ -2,7 +2,7 @@
-XML Security Library

+XML Security Library

-LibXML2
LibXSLT
OpenSSL +LibXML2
LibXSLT
OpenSSL 		diff --git a/docs/api-0.0.x/xmlsec-keysmngr.html b/docs/api-0.0.x/xmlsec-keysmngr.html index 007020326..54e8fec96 100644 --- a/docs/api-0.0.x/xmlsec-keysmngr.html +++ b/docs/api-0.0.x/xmlsec-keysmngr.html @@ -2,7 +2,7 @@
-XML Security Library

+XML Security Library

-LibXML2
LibXSLT
OpenSSL +LibXML2
LibXSLT
OpenSSL 		diff --git a/docs/api-0.0.x/xmlsec-membuf.html b/docs/api-0.0.x/xmlsec-membuf.html index 007020326..54e8fec96 100644 --- a/docs/api-0.0.x/xmlsec-membuf.html +++ b/docs/api-0.0.x/xmlsec-membuf.html @@ -2,7 +2,7 @@
-XML Security Library

+XML Security Library

-LibXML2
LibXSLT
OpenSSL +LibXML2
LibXSLT
OpenSSL 		diff --git a/docs/api-0.0.x/xmlsec-nodeset.html b/docs/api-0.0.x/xmlsec-nodeset.html index 007020326..54e8fec96 100644 --- a/docs/api-0.0.x/xmlsec-nodeset.html +++ b/docs/api-0.0.x/xmlsec-nodeset.html @@ -2,7 +2,7 @@
-XML Security Library

+XML Security Library

-LibXML2
LibXSLT
OpenSSL +LibXML2
LibXSLT
OpenSSL 		diff --git a/docs/api-0.0.x/xmlsec-notes.html b/docs/api-0.0.x/xmlsec-notes.html index 007020326..54e8fec96 100644 --- a/docs/api-0.0.x/xmlsec-notes.html +++ b/docs/api-0.0.x/xmlsec-notes.html @@ -2,7 +2,7 @@
-XML Security Library

+XML Security Library

-LibXML2
LibXSLT
OpenSSL +LibXML2
LibXSLT
OpenSSL 		diff --git a/docs/api-0.0.x/xmlsec-ref-int.html b/docs/api-0.0.x/xmlsec-ref-int.html index 46020ee28..bbfd2a501 100644 --- a/docs/api-0.0.x/xmlsec-ref-int.html +++ b/docs/api-0.0.x/xmlsec-ref-int.html @@ -10,7 +10,7 @@
-XML Security Library

+XML Security Library

-LibXML2
LibXSLT
OpenSSL +LibXML2
LibXSLT
OpenSSL
diff --git a/docs/api-0.0.x/xmlsec-ref.html b/docs/api-0.0.x/xmlsec-ref.html index 7b92a0e47..dae5beb6e 100644 --- a/docs/api-0.0.x/xmlsec-ref.html +++ b/docs/api-0.0.x/xmlsec-ref.html @@ -10,7 +10,7 @@
-XML Security Library

+XML Security Library

-LibXML2
LibXSLT
OpenSSL +LibXML2
LibXSLT
OpenSSL
diff --git a/docs/api-0.0.x/xmlsec-transforms.html b/docs/api-0.0.x/xmlsec-transforms.html index 0453836a0..f3d6a7205 100644 --- a/docs/api-0.0.x/xmlsec-transforms.html +++ b/docs/api-0.0.x/xmlsec-transforms.html @@ -11,7 +11,7 @@
-XML Security Library

+XML Security Library

-LibXML2
LibXSLT
OpenSSL +LibXML2
LibXSLT
OpenSSL
diff --git a/docs/api-0.0.x/xmlsec-transformsinternal.html b/docs/api-0.0.x/xmlsec-transformsinternal.html index ff923c600..ccd821b61 100644 --- a/docs/api-0.0.x/xmlsec-transformsinternal.html +++ b/docs/api-0.0.x/xmlsec-transformsinternal.html @@ -11,7 +11,7 @@
-XML Security Library

+XML Security Library

-LibXML2
LibXSLT
OpenSSL +LibXML2
LibXSLT
OpenSSL
diff --git a/docs/api-0.0.x/xmlsec-version.html b/docs/api-0.0.x/xmlsec-version.html index 462ac6de9..41fd6255d 100644 --- a/docs/api-0.0.x/xmlsec-version.html +++ b/docs/api-0.0.x/xmlsec-version.html @@ -11,7 +11,7 @@
-XML Security Library

+XML Security Library

-LibXML2
LibXSLT
OpenSSL +LibXML2
LibXSLT
OpenSSL
diff --git a/docs/api-0.0.x/xmlsec-x509.html b/docs/api-0.0.x/xmlsec-x509.html index 1ee838867..cbe1b49b4 100644 --- a/docs/api-0.0.x/xmlsec-x509.html +++ b/docs/api-0.0.x/xmlsec-x509.html @@ -11,7 +11,7 @@
-XML Security Library

+XML Security Library

-LibXML2
LibXSLT
OpenSSL +LibXML2
LibXSLT
OpenSSL
diff --git a/docs/api-0.0.x/xmlsec-xmldsig.html b/docs/api-0.0.x/xmlsec-xmldsig.html index 9a6c6eef8..48f7fe12c 100644 --- a/docs/api-0.0.x/xmlsec-xmldsig.html +++ b/docs/api-0.0.x/xmlsec-xmldsig.html @@ -11,7 +11,7 @@
-XML Security Library

+XML Security Library

-LibXML2
LibXSLT
OpenSSL +LibXML2
LibXSLT
OpenSSL
diff --git a/docs/api-0.0.x/xmlsec-xmlenc.html b/docs/api-0.0.x/xmlsec-xmlenc.html index e11a32468..c4273999c 100644 --- a/docs/api-0.0.x/xmlsec-xmlenc.html +++ b/docs/api-0.0.x/xmlsec-xmlenc.html @@ -11,7 +11,7 @@
-XML Security Library

+XML Security Library

-LibXML2
LibXSLT
OpenSSL +LibXML2
LibXSLT
OpenSSL
diff --git a/docs/api-0.0.x/xmlsec-xmlsec.html b/docs/api-0.0.x/xmlsec-xmlsec.html index aed00c131..1187a83a4 100644 --- a/docs/api-0.0.x/xmlsec-xmlsec.html +++ b/docs/api-0.0.x/xmlsec-xmlsec.html @@ -11,7 +11,7 @@
-XML Security Library

+XML Security Library

-LibXML2
LibXSLT
OpenSSL +LibXML2
LibXSLT
OpenSSL
diff --git a/docs/api-0.0.x/xmlsec-xmltree.html b/docs/api-0.0.x/xmlsec-xmltree.html index 31e2fb8f5..ee873ca2d 100644 --- a/docs/api-0.0.x/xmlsec-xmltree.html +++ b/docs/api-0.0.x/xmlsec-xmltree.html @@ -10,7 +10,7 @@
-XML Security Library

+XML Security Library

-LibXML2
LibXSLT
OpenSSL +LibXML2
LibXSLT
OpenSSL
diff --git a/docs/api/Makefile.am b/docs/api/Makefile.am index a84ff24c5..fa9585fb4 100644 --- a/docs/api/Makefile.am +++ b/docs/api/Makefile.am @@ -12,7 +12,7 @@ DOC_SOURCE_DIR=./code DOC_SOURCE_FILES=$(shell find $(SOURCE_DIR) -name '*.c' -print ) \ $(shell find $(INCLUDE_DIR) -name '*.h' -print ) -all: sgml html +all: sgml html clean-sources html: sgml xmlsec.sgml gtkdoc-mkhtml xmlsec xmlsec.sgml @@ -70,12 +70,15 @@ doc_sources: $(DOC_SOURCE_FILES) @mkdir -p $(DOC_SOURCE_DIR)/include/xmlsec/base @mv -f $(DOC_SOURCE_DIR)/include/xmlsec/*.h $(DOC_SOURCE_DIR)/include/xmlsec/base -clean: +clean: clean-sources @rm -rf $(DOC_SOURCE_DIR) @rm -f sgml/*~ sgml/*.bak @rm -f tmpl/*~ tmpl/*.bak @rm -f *~ *.bak *.hierarchy *.signals *-unused.txt *.stamp +clean-sources: + @rm -rf $(DOC_SOURCE_DIR) + clean-local: @rm -f *~ *.bak *.hierarchy *.signals *-unused.txt diff --git a/docs/architecture/diagrams.sxd b/docs/api/images/diagrams.sxd similarity index 100% rename from docs/architecture/diagrams.sxd rename to docs/api/images/diagrams.sxd diff --git a/docs/architecture/encryption-structure.png b/docs/api/images/encryption-structure.png similarity index 100% rename from docs/architecture/encryption-structure.png rename to docs/api/images/encryption-structure.png diff --git a/docs/architecture/key.png b/docs/api/images/key.png similarity index 100% rename from docs/architecture/key.png rename to docs/api/images/key.png diff --git a/docs/architecture/keysmngr.png b/docs/api/images/keysmngr.png similarity index 100% rename from docs/architecture/keysmngr.png rename to docs/api/images/keysmngr.png diff --git a/docs/architecture/signature-structure.png b/docs/api/images/signature-structure.png similarity index 100% rename from docs/architecture/signature-structure.png rename to docs/api/images/signature-structure.png diff --git a/docs/architecture/transform.png b/docs/api/images/transform.png similarity index 100% rename from docs/architecture/transform.png rename to docs/api/images/transform.png diff --git a/docs/architecture/transforms-chain.png b/docs/api/images/transforms-chain.png similarity index 100% rename from docs/architecture/transforms-chain.png rename to docs/api/images/transforms-chain.png diff --git a/docs/api/index.html b/docs/api/index.html index fa8cdc894..612eb89c0 100644 --- a/docs/api/index.html +++ b/docs/api/index.html @@ -8,7 +8,7 @@
-XML Security Library

+XML Security Library

-LibXML2
LibXSLT
OpenSSL +LibXML2
LibXSLT
OpenSSL
diff --git a/docs/api/xmlsec-base64.html b/docs/api/xmlsec-base64.html index ff9753864..0bae28450 100644 --- a/docs/api/xmlsec-base64.html +++ b/docs/api/xmlsec-base64.html @@ -11,7 +11,7 @@
-XML Security Library

+XML Security Library

-LibXML2
LibXSLT
OpenSSL +LibXML2
LibXSLT
OpenSSL
diff --git a/docs/api/xmlsec-buffer.html b/docs/api/xmlsec-buffer.html index 902a1c37c..5a85092f4 100644 --- a/docs/api/xmlsec-buffer.html +++ b/docs/api/xmlsec-buffer.html @@ -11,7 +11,7 @@
-XML Security Library

+XML Security Library

-LibXML2
LibXSLT
OpenSSL +LibXML2
LibXSLT
OpenSSL
diff --git a/docs/api/xmlsec-errors.html b/docs/api/xmlsec-errors.html index a43e160fc..23b1df9eb 100644 --- a/docs/api/xmlsec-errors.html +++ b/docs/api/xmlsec-errors.html @@ -11,7 +11,7 @@
-XML Security Library

+XML Security Library

-LibXML2
LibXSLT
OpenSSL +LibXML2
LibXSLT
OpenSSL
diff --git a/docs/api/xmlsec-gnutls-app.html b/docs/api/xmlsec-gnutls-app.html index 00dba6496..68481e11e 100644 --- a/docs/api/xmlsec-gnutls-app.html +++ b/docs/api/xmlsec-gnutls-app.html @@ -11,7 +11,7 @@
-XML Security Library

+XML Security Library

-LibXML2
LibXSLT
OpenSSL +LibXML2
LibXSLT
OpenSSL
diff --git a/docs/api/xmlsec-gnutls-crypto.html b/docs/api/xmlsec-gnutls-crypto.html index c834f54d2..3f4b9f548 100644 --- a/docs/api/xmlsec-gnutls-crypto.html +++ b/docs/api/xmlsec-gnutls-crypto.html @@ -11,7 +11,7 @@
-XML Security Library

+XML Security Library

-LibXML2
LibXSLT
OpenSSL +LibXML2
LibXSLT
OpenSSL
diff --git a/docs/api/xmlsec-gnutls-ref.html b/docs/api/xmlsec-gnutls-ref.html index 52e410bc7..c5e291abd 100644 --- a/docs/api/xmlsec-gnutls-ref.html +++ b/docs/api/xmlsec-gnutls-ref.html @@ -10,7 +10,7 @@
-XML Security Library

+XML Security Library

-LibXML2
LibXSLT
OpenSSL +LibXML2
LibXSLT
OpenSSL
diff --git a/docs/api/xmlsec-io.html b/docs/api/xmlsec-io.html index 7e2602b5e..7f074b851 100644 --- a/docs/api/xmlsec-io.html +++ b/docs/api/xmlsec-io.html @@ -11,7 +11,7 @@
-XML Security Library

+XML Security Library

-LibXML2
LibXSLT
OpenSSL +LibXML2
LibXSLT
OpenSSL
diff --git a/docs/api/xmlsec-keyinfo.html b/docs/api/xmlsec-keyinfo.html index c249a4042..0efdbe034 100644 --- a/docs/api/xmlsec-keyinfo.html +++ b/docs/api/xmlsec-keyinfo.html @@ -11,7 +11,7 @@
-XML Security Library

+XML Security Library

-LibXML2
LibXSLT
OpenSSL +LibXML2
LibXSLT
OpenSSL
diff --git a/docs/api/xmlsec-keys.html b/docs/api/xmlsec-keys.html index b618d346e..e1c39cac9 100644 --- a/docs/api/xmlsec-keys.html +++ b/docs/api/xmlsec-keys.html @@ -11,7 +11,7 @@
-XML Security Library

+XML Security Library

-LibXML2
LibXSLT
OpenSSL +LibXML2
LibXSLT
OpenSSL
diff --git a/docs/api/xmlsec-keysdata.html b/docs/api/xmlsec-keysdata.html index 66dd665a7..14742d569 100644 --- a/docs/api/xmlsec-keysdata.html +++ b/docs/api/xmlsec-keysdata.html @@ -11,7 +11,7 @@
-XML Security Library

+XML Security Library

-LibXML2
LibXSLT
OpenSSL +LibXML2
LibXSLT
OpenSSL
diff --git a/docs/api/xmlsec-keysmngr.html b/docs/api/xmlsec-keysmngr.html index 48ebf4bbf..46f97d81b 100644 --- a/docs/api/xmlsec-keysmngr.html +++ b/docs/api/xmlsec-keysmngr.html @@ -11,7 +11,7 @@
-XML Security Library

+XML Security Library

-LibXML2
LibXSLT
OpenSSL +LibXML2
LibXSLT
OpenSSL
diff --git a/docs/api/xmlsec-list.html b/docs/api/xmlsec-list.html index b1d209598..9cae9324d 100644 --- a/docs/api/xmlsec-list.html +++ b/docs/api/xmlsec-list.html @@ -11,7 +11,7 @@
-XML Security Library

+XML Security Library

-LibXML2
LibXSLT
OpenSSL +LibXML2
LibXSLT
OpenSSL
diff --git a/docs/api/xmlsec-membuf.html b/docs/api/xmlsec-membuf.html index 08fdee680..93b21b466 100644 --- a/docs/api/xmlsec-membuf.html +++ b/docs/api/xmlsec-membuf.html @@ -11,7 +11,7 @@
-XML Security Library

+XML Security Library

-LibXML2
LibXSLT
OpenSSL +LibXML2
LibXSLT
OpenSSL
diff --git a/docs/api/xmlsec-nodeset.html b/docs/api/xmlsec-nodeset.html index e06ea8919..991f4c151 100644 --- a/docs/api/xmlsec-nodeset.html +++ b/docs/api/xmlsec-nodeset.html @@ -11,7 +11,7 @@
-XML Security Library

+XML Security Library

-LibXML2
LibXSLT
OpenSSL +LibXML2
LibXSLT
OpenSSL
diff --git a/docs/api/xmlsec-notes-cusomize-signature.html b/docs/api/xmlsec-notes-cusomize-signature.html index 4155aa2e3..1b0829c8d 100644 --- a/docs/api/xmlsec-notes-cusomize-signature.html +++ b/docs/api/xmlsec-notes-cusomize-signature.html @@ -11,7 +11,7 @@
-XML Security Library

+XML Security Library

-LibXML2
LibXSLT
OpenSSL +LibXML2
LibXSLT
OpenSSL
diff --git a/docs/api/xmlsec-notes-customize-encryption.html b/docs/api/xmlsec-notes-customize-encryption.html index 201dbb1d9..f70ec73ea 100644 --- a/docs/api/xmlsec-notes-customize-encryption.html +++ b/docs/api/xmlsec-notes-customize-encryption.html @@ -11,7 +11,7 @@
-XML Security Library

+XML Security Library

-LibXML2
LibXSLT
OpenSSL +LibXML2
LibXSLT
OpenSSL
diff --git a/docs/api/xmlsec-notes-init-shutdown.html b/docs/api/xmlsec-notes-init-shutdown.html index 864c1c901..48fef2d28 100644 --- a/docs/api/xmlsec-notes-init-shutdown.html +++ b/docs/api/xmlsec-notes-init-shutdown.html @@ -11,7 +11,7 @@
-XML Security Library

+XML Security Library

-LibXML2
LibXSLT
OpenSSL +LibXML2
LibXSLT
OpenSSL
diff --git a/docs/api/xmlsec-notes-keysmngr.html b/docs/api/xmlsec-notes-keysmngr.html index 57ef730f0..396cc7aa0 100644 --- a/docs/api/xmlsec-notes-keysmngr.html +++ b/docs/api/xmlsec-notes-keysmngr.html @@ -11,7 +11,7 @@
-XML Security Library

+XML Security Library

-LibXML2
LibXSLT
OpenSSL +LibXML2
LibXSLT
OpenSSL
diff --git a/docs/api/xmlsec-notes-new-crypto-library.html b/docs/api/xmlsec-notes-new-crypto-library.html index 90ba12cdc..d5dd19e5b 100644 --- a/docs/api/xmlsec-notes-new-crypto-library.html +++ b/docs/api/xmlsec-notes-new-crypto-library.html @@ -11,7 +11,7 @@
-XML Security Library

+XML Security Library

-LibXML2
LibXSLT
OpenSSL +LibXML2
LibXSLT
OpenSSL
diff --git a/docs/api/xmlsec-notes-sign-encrypt.html b/docs/api/xmlsec-notes-sign-encrypt.html index 89e0d1f36..f02bf175e 100644 --- a/docs/api/xmlsec-notes-sign-encrypt.html +++ b/docs/api/xmlsec-notes-sign-encrypt.html @@ -11,7 +11,7 @@
-XML Security Library

+XML Security Library

-LibXML2
LibXSLT
OpenSSL +LibXML2
LibXSLT
OpenSSL
diff --git a/docs/api/xmlsec-notes-structure.html b/docs/api/xmlsec-notes-structure.html index e207ed2b7..6faa570e1 100644 --- a/docs/api/xmlsec-notes-structure.html +++ b/docs/api/xmlsec-notes-structure.html @@ -11,7 +11,7 @@
-XML Security Library

+XML Security Library

-LibXML2
LibXSLT
OpenSSL +LibXML2
LibXSLT
OpenSSL
diff --git a/docs/api/xmlsec-notes-templates.html b/docs/api/xmlsec-notes-templates.html index a8102f9b1..449bad6df 100644 --- a/docs/api/xmlsec-notes-templates.html +++ b/docs/api/xmlsec-notes-templates.html @@ -11,7 +11,7 @@
-XML Security Library

+XML Security Library

-LibXML2
LibXSLT
OpenSSL +LibXML2
LibXSLT
OpenSSL
diff --git a/docs/api/xmlsec-notes-transforms.html b/docs/api/xmlsec-notes-transforms.html index b9fdea609..675962a52 100644 --- a/docs/api/xmlsec-notes-transforms.html +++ b/docs/api/xmlsec-notes-transforms.html @@ -11,7 +11,7 @@
-XML Security Library

+XML Security Library

-LibXML2
LibXSLT
OpenSSL +LibXML2
LibXSLT
OpenSSL
diff --git a/docs/api/xmlsec-notes-verify-decrypt.html b/docs/api/xmlsec-notes-verify-decrypt.html index 376a4b2c2..738fdf5c8 100644 --- a/docs/api/xmlsec-notes-verify-decrypt.html +++ b/docs/api/xmlsec-notes-verify-decrypt.html @@ -11,7 +11,7 @@
-XML Security Library

+XML Security Library

-LibXML2
LibXSLT
OpenSSL +LibXML2
LibXSLT
OpenSSL
diff --git a/docs/api/xmlsec-notes.html b/docs/api/xmlsec-notes.html index a1d723fde..bb167cd5b 100644 --- a/docs/api/xmlsec-notes.html +++ b/docs/api/xmlsec-notes.html @@ -10,7 +10,7 @@
-XML Security Library

+XML Security Library

-LibXML2
LibXSLT
OpenSSL +LibXML2
LibXSLT
OpenSSL
diff --git a/docs/api/xmlsec-nss-app.html b/docs/api/xmlsec-nss-app.html index 67a8383a2..9c53e62a8 100644 --- a/docs/api/xmlsec-nss-app.html +++ b/docs/api/xmlsec-nss-app.html @@ -11,7 +11,7 @@
-XML Security Library

+XML Security Library

-LibXML2
LibXSLT
OpenSSL +LibXML2
LibXSLT
OpenSSL
diff --git a/docs/api/xmlsec-nss-crypto.html b/docs/api/xmlsec-nss-crypto.html index 55e11418a..e509b41e9 100644 --- a/docs/api/xmlsec-nss-crypto.html +++ b/docs/api/xmlsec-nss-crypto.html @@ -10,7 +10,7 @@
-XML Security Library

+XML Security Library

-LibXML2
LibXSLT
OpenSSL +LibXML2
LibXSLT
OpenSSL
diff --git a/docs/api/xmlsec-nss-ref.html b/docs/api/xmlsec-nss-ref.html index 1f566e259..59b6efd9b 100644 --- a/docs/api/xmlsec-nss-ref.html +++ b/docs/api/xmlsec-nss-ref.html @@ -10,7 +10,7 @@
-XML Security Library

+XML Security Library

-LibXML2
LibXSLT
OpenSSL +LibXML2
LibXSLT
OpenSSL
diff --git a/docs/api/xmlsec-openssl-app.html b/docs/api/xmlsec-openssl-app.html index 957f95cfd..a8c308961 100644 --- a/docs/api/xmlsec-openssl-app.html +++ b/docs/api/xmlsec-openssl-app.html @@ -11,7 +11,7 @@
-XML Security Library

+XML Security Library

-LibXML2
LibXSLT
OpenSSL +LibXML2
LibXSLT
OpenSSL
diff --git a/docs/api/xmlsec-openssl-bn.html b/docs/api/xmlsec-openssl-bn.html index 6f856f213..4060ced1b 100644 --- a/docs/api/xmlsec-openssl-bn.html +++ b/docs/api/xmlsec-openssl-bn.html @@ -11,7 +11,7 @@
-XML Security Library

+XML Security Library

-LibXML2
LibXSLT
OpenSSL +LibXML2
LibXSLT
OpenSSL
diff --git a/docs/api/xmlsec-openssl-crypto.html b/docs/api/xmlsec-openssl-crypto.html index 64395a89e..754756027 100644 --- a/docs/api/xmlsec-openssl-crypto.html +++ b/docs/api/xmlsec-openssl-crypto.html @@ -11,7 +11,7 @@
-XML Security Library

+XML Security Library

-LibXML2
LibXSLT
OpenSSL +LibXML2
LibXSLT
OpenSSL
diff --git a/docs/api/xmlsec-openssl-ref.html b/docs/api/xmlsec-openssl-ref.html index 3d8a34814..175de7fbe 100644 --- a/docs/api/xmlsec-openssl-ref.html +++ b/docs/api/xmlsec-openssl-ref.html @@ -10,7 +10,7 @@
-XML Security Library

+XML Security Library

-LibXML2
LibXSLT
OpenSSL +LibXML2
LibXSLT
OpenSSL
diff --git a/docs/api/xmlsec-openssl-x509.html b/docs/api/xmlsec-openssl-x509.html index 9599bf940..c73fc8f5c 100644 --- a/docs/api/xmlsec-openssl-x509.html +++ b/docs/api/xmlsec-openssl-x509.html @@ -11,7 +11,7 @@
-XML Security Library

+XML Security Library

-LibXML2
LibXSLT
OpenSSL +LibXML2
LibXSLT
OpenSSL
diff --git a/docs/api/xmlsec-parser.html b/docs/api/xmlsec-parser.html index a3ff8ba2a..172a12b08 100644 --- a/docs/api/xmlsec-parser.html +++ b/docs/api/xmlsec-parser.html @@ -11,7 +11,7 @@
-XML Security Library

+XML Security Library

-LibXML2
LibXSLT
OpenSSL +LibXML2
LibXSLT
OpenSSL
diff --git a/docs/api/xmlsec-ref.html b/docs/api/xmlsec-ref.html index a32e5e2ed..de5386ea4 100644 --- a/docs/api/xmlsec-ref.html +++ b/docs/api/xmlsec-ref.html @@ -10,7 +10,7 @@
-XML Security Library

+XML Security Library

-LibXML2
LibXSLT
OpenSSL +LibXML2
LibXSLT
OpenSSL
diff --git a/docs/api/xmlsec-templates.html b/docs/api/xmlsec-templates.html index c38eac650..e62ed1ecc 100644 --- a/docs/api/xmlsec-templates.html +++ b/docs/api/xmlsec-templates.html @@ -11,7 +11,7 @@
-XML Security Library

+XML Security Library

-LibXML2
LibXSLT
OpenSSL +LibXML2
LibXSLT
OpenSSL
diff --git a/docs/api/xmlsec-transforms.html b/docs/api/xmlsec-transforms.html index 2e6996f20..37f5dbd7b 100644 --- a/docs/api/xmlsec-transforms.html +++ b/docs/api/xmlsec-transforms.html @@ -11,7 +11,7 @@
-XML Security Library

+XML Security Library

-LibXML2
LibXSLT
OpenSSL +LibXML2
LibXSLT
OpenSSL
diff --git a/docs/api/xmlsec-version.html b/docs/api/xmlsec-version.html index 83e68f9dc..63a1a0c73 100644 --- a/docs/api/xmlsec-version.html +++ b/docs/api/xmlsec-version.html @@ -11,7 +11,7 @@
-XML Security Library

+XML Security Library

-LibXML2
LibXSLT
OpenSSL +LibXML2
LibXSLT
OpenSSL
diff --git a/docs/api/xmlsec-xmldsig.html b/docs/api/xmlsec-xmldsig.html index 4fc0efce6..11a27c438 100644 --- a/docs/api/xmlsec-xmldsig.html +++ b/docs/api/xmlsec-xmldsig.html @@ -11,7 +11,7 @@
-XML Security Library

+XML Security Library

-LibXML2
LibXSLT
OpenSSL +LibXML2
LibXSLT
OpenSSL
diff --git a/docs/api/xmlsec-xmlenc.html b/docs/api/xmlsec-xmlenc.html index de2c2268f..8a174410d 100644 --- a/docs/api/xmlsec-xmlenc.html +++ b/docs/api/xmlsec-xmlenc.html @@ -11,7 +11,7 @@
-XML Security Library

+XML Security Library

-LibXML2
LibXSLT
OpenSSL +LibXML2
LibXSLT
OpenSSL
diff --git a/docs/api/xmlsec-xmlsec.html b/docs/api/xmlsec-xmlsec.html index 1ff76ec82..55ce571d6 100644 --- a/docs/api/xmlsec-xmlsec.html +++ b/docs/api/xmlsec-xmlsec.html @@ -11,7 +11,7 @@
-XML Security Library

+XML Security Library

-LibXML2
LibXSLT
OpenSSL +LibXML2
LibXSLT
OpenSSL
diff --git a/docs/api/xmlsec-xmltree.html b/docs/api/xmlsec-xmltree.html index d9e8a5be1..b3c65489b 100644 --- a/docs/api/xmlsec-xmltree.html +++ b/docs/api/xmlsec-xmltree.html @@ -11,7 +11,7 @@
-XML Security Library

+XML Security Library

-LibXML2
LibXSLT
OpenSSL +LibXML2
LibXSLT
OpenSSL
diff --git a/docs/architecture/.cvsignore b/docs/architecture/.cvsignore deleted file mode 100644 index 300a060ef..000000000 --- a/docs/architecture/.cvsignore +++ /dev/null @@ -1,2 +0,0 @@ -.xvpics -tmp.* diff --git a/docs/architecture/sign-enc-model.png b/docs/architecture/sign-enc-model.png deleted file mode 100644 index ac1e3da7d..000000000 Binary files a/docs/architecture/sign-enc-model.png and /dev/null differ diff --git a/docs/architecture/structure.png b/docs/architecture/structure.png deleted file mode 100644 index 63ac0203e..000000000 Binary files a/docs/architecture/structure.png and /dev/null differ diff --git a/docs/architecture/verif-dec-model.png b/docs/architecture/verif-dec-model.png deleted file mode 100644 index 7acc90eba..000000000 Binary files a/docs/architecture/verif-dec-model.png and /dev/null differ diff --git a/docs/bugs.html b/docs/bugs.html index 8e5197c36..22b7fb215 100644 --- a/docs/bugs.html +++ b/docs/bugs.html @@ -5,7 +5,7 @@
-XML Security Library

+XML Security Library

-LibXML2
LibXSLT
OpenSSL +LibXML2
LibXSLT
OpenSSL
@@ -79,7 +75,7 @@

-
Ask google
+
Ask google
Unfortunatelly, I don't know the author of this picture and I was not able to ask permissions to publish it. If you are the author or know the author then I would appreciate if you diff --git a/docs/c14n.html b/docs/c14n.html index d11c86813..e1041e082 100644 --- a/docs/c14n.html +++ b/docs/c14n.html @@ -5,7 +5,7 @@
-XML Security Library

+XML Security Library

-LibXML2
LibXSLT
OpenSSL +LibXML2
LibXSLT
OpenSSL
diff --git a/docs/architecture/design-overview.html b/docs/design-overview.html similarity index 82% rename from docs/architecture/design-overview.html rename to docs/design-overview.html index c2a6712ae..f218269cc 100644 --- a/docs/architecture/design-overview.html +++ b/docs/design-overview.html @@ -5,26 +5,22 @@
-XML Security Library

+XML Security Library

-LibXML2
LibXSLT
OpenSSL +LibXML2
LibXSLT
OpenSSL
@@ -53,7 +49,7 @@

1. Processing model.

and puts the results in the template. Signature or encryption context controls the whole process and stores the required temporary data.


-
Signature/encryption processing model
+
Signature/encryption processing model

Since the template is just an XML file, it might be created in advance and saved in a file. It's also possible for application to create templates without using XML Security Library functions. Also in some cases @@ -62,12 +58,12 @@

1. Processing model.

Signature verification and data decryption do not require template because all the necessary information is provided in the signed or encrypted document:

-
Verification/decryption processing model
+
Verification/decryption processing model

2. Library structure and dependencies.

In order to provide the an ability to use different crypto engines, the XML Security Library was splitted in two parts: core library (xmlsec) and crypto library (xmlsec-openssl, xmlsec-gnutls, xmlsec-nss, ...). -The library dependencies are shown on Figure 1. +The library dependencies are shown on Figure 1. The core library has no dependency on any crypto library and provides implementation of all the engines as well as support for all the non crypto transforms (xml parser, c14n transforms, xpath and xslt transforms,...). The XML Security @@ -77,7 +73,8 @@

1. Processing model.

be general enough so switching crypto engine would be a matter of changing several #include directives.
Internal XML Security Library structure and dependencies between objects -are shown on  Figure 2 and Figure 3.
+are shown on  Figure 2 +and Figure 3.

2. Transforms.

XML Digital Signature and XML Encryption standards are very @@ -91,7 +88,7 @@

2. Transforms.

decrypting. Each transform provides at least one of the following callbacks: "push binary data", "push xml data", "pop binary data" or "pop xml data":


-
Transform +
Transform


In order to simplify transforms development, additional "execute" callback was added. This callback updates internal transform buffers @@ -103,7 +100,7 @@

2. Transforms.

in the template or document and processes data by "pushing" or "popping" through the chain. For example, then binary data chunk is pushed through a binary-to-binary transform, it processes this chunk and pushes the result to the next transform -in the chain. The Figure 4 shows an example +in the chain. The Figure 4 shows an example transforms chain constructed for <dsig:Reference/> element processing.
The XML Security library transforms engine makes sure that output data type @@ -121,7 +118,7 @@

2. Transforms.

it then such a key can have a DSA key "value" and two key data objects for X509 certificate and PGP key data.


-
Key +
Key

 
XML Security Library has several "invisible" key data classes. These classes @@ -137,7 +134,7 @@

4. Keys manager and keys data stores.

keeps all the common information for key data processing in a a collection of key data stores called "keys manager":


-
Keys Manager +
Keys Manager


Keys manager has a special "keys store" which lists the keys known to the application. This "keys store" is used by XML Security diff --git a/docs/documentation.html b/docs/documentation.html index cf3c248f6..2740008f0 100644 --- a/docs/documentation.html +++ b/docs/documentation.html @@ -5,7 +5,7 @@
-XML Security Library

+XML Security Library

-LibXML2
LibXSLT
OpenSSL +LibXML2
LibXSLT
OpenSSL
@@ -41,26 +37,26 @@

Stable 0.0.x series

  • Annotated examples:

    • Development 0.1.x series

    diff --git a/docs/download.html b/docs/download.html index 14b288978..6d342ba09 100644 --- a/docs/download.html +++ b/docs/download.html @@ -5,7 +5,7 @@
    -XML Security Library

    +XML Security Library

    -LibXML2
    LibXSLT
    OpenSSL +LibXML2
    LibXSLT
    OpenSSL
    diff --git a/docs/faq.html b/docs/faq.html index 5e23f4c11..f569f8d0b 100644 --- a/docs/faq.html +++ b/docs/faq.html @@ -5,7 +5,7 @@
    -XML Security Library

    +XML Security Library

    -LibXML2
    LibXSLT
    OpenSSL +LibXML2
    LibXSLT
    OpenSSL
    diff --git a/docs/bart.gif b/docs/images/bart.gif similarity index 100% rename from docs/bart.gif rename to docs/images/bart.gif diff --git a/docs/libxml2-logo.png b/docs/images/libxml2-logo.png similarity index 100% rename from docs/libxml2-logo.png rename to docs/images/libxml2-logo.png diff --git a/docs/libxslt-logo.png b/docs/images/libxslt-logo.png similarity index 100% rename from docs/libxslt-logo.png rename to docs/images/libxslt-logo.png diff --git a/docs/logo.gif b/docs/images/logo.gif similarity index 100% rename from docs/logo.gif rename to docs/images/logo.gif diff --git a/docs/openssl-logo.png b/docs/images/openssl-logo.png similarity index 100% rename from docs/openssl-logo.png rename to docs/images/openssl-logo.png diff --git a/docs/xmlsec-logo.gif b/docs/images/xmlsec-logo.gif similarity index 100% rename from docs/xmlsec-logo.gif rename to docs/images/xmlsec-logo.gif diff --git a/docs/index.html b/docs/index.html index 186a249ba..ab88ff0db 100644 --- a/docs/index.html +++ b/docs/index.html @@ -5,7 +5,7 @@
    -XML Security Library

    +XML Security Library

    -LibXML2
    LibXSLT
    OpenSSL +LibXML2
    LibXSLT
    OpenSSL
    diff --git a/docs/news.html b/docs/news.html index 9ebd37183..17566c07f 100644 --- a/docs/news.html +++ b/docs/news.html @@ -5,7 +5,7 @@
    -XML Security Library

    +XML Security Library

    -LibXML2
    LibXSLT
    OpenSSL +LibXML2
    LibXSLT
    OpenSSL
    @@ -210,7 +206,7 @@

    XML Security Library News

    from XMLDSig standard!
    - Added X509 certificates and certificate chains support
    - The detailed signature generation/verification results are made available - to the application (see example 3 + to the application (see example 3 )
    - RetrievalMethod, Manifests and additional algorithms diff --git a/docs/related.html b/docs/related.html index abdd96360..a37622c42 100644 --- a/docs/related.html +++ b/docs/related.html @@ -5,7 +5,7 @@
    -XML Security Library

    +XML Security Library

    -LibXML2
    LibXSLT
    OpenSSL +LibXML2
    LibXSLT
    OpenSSL
    diff --git a/docs/architecture/status.html b/docs/status.html similarity index 80% rename from docs/architecture/status.html rename to docs/status.html index 3472c783a..0dd88e874 100644 --- a/docs/architecture/status.html +++ b/docs/status.html @@ -5,26 +5,22 @@
    -XML Security Library

    +XML Security Library

    -LibXML2
    LibXSLT
    OpenSSL +LibXML2
    LibXSLT
    OpenSSL
    diff --git a/docs/xmldsig-interop.html b/docs/xmldsig-interop.html deleted file mode 100644 index ea6e9c531..000000000 --- a/docs/xmldsig-interop.html +++ /dev/null @@ -1,455 +0,0 @@ - - - -XML Security Library: XML Signature Interoperability Report - - - - -
    -XML Security Library

    - -LibXML2
    LibXSLT
    OpenSSL -    		 - - -
    -
    -

    XML Security Library
    -XML Signature Interoperability Report

    - Aleksey Sanin
    -March 2 2003
    -
    -

    - -

    -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Features and algorithms
    		Key Word
    		 -XMLSec with OpenSSL XMLSec with GnuTLS(0) -XMLSec with NSS(0) -
    - -Detached Signature
    -    		MUST
    -    		Y
    -    		Y
    -    		Y
    -
    - -Enveloping Signature: same document reference with fragment -(URI="#Object1")
    -    		MUST
    -    		Y
    -    		Y
    -    		Y
    -
    - -Enveloped Signature: same document reference (URI="") with -Enveloped Signature Transform .
    -    		MUST
    -    		Y
    -    		Y
    -    		Y
    -
    - -SignatureValue generation/validation
    -    		MUST
    -    		Y
    -    		Y
    -    		Y
    -
    - Manifest -DigestValue generation/valdiation
    -    		MAYY
    -    		Y
    -    		Y
    -
    Feature: laxly -schema valid Signature element generation
    -    		MUST
    -    		Y
    -    		Y
    -    		Y
    -
    - -XPointers '#xpointer(/)'
    -    		SHOULD
    -    		Y
    -    		Y
    -    		Y
    -
    - -XPointers '#xpointer(id("ID"))'
    -    		SHOULD
    -    		Y
    -    		Y
    -    		Y
    -
    - -XPointers: full suppport MAY
    -    		Y
    -    		Y
    -    		Y
    -
    - XPath
    -    		SHOULD
    -    		Y
    -    		Y
    -    		Y
    -
    the dsig XPath -'here()' function (can be used to implement enveloped signature)
    -    		SHOULD
    -    		Y
    -    		Y
    -    		Y
    -
    XSLT (note, the child -XSLT element of Transform has been deprecated.)
    -    		MAY
    -    		Y
    -    		Y
    -    		Y
    -
    RetrievalMethod (e.g., -X509Data)
    -    		SHOULD
    -    		Y
    -    		Y
    -    		Y
    -
    - SHA1
    -    		MUST
    -    		Y
    -    		Y
    -    		Y
    -
    - Base64
    -    		MUST
    -    		Y
    -    		Y
    -    		Y
    -
    - HMAC-SHA1
    -    		MUST
    -    		Y
    -    		Y
    -    		Y
    -
    - DSAwithSHA1
    -(DSS)
    -    		MUST
    -    		Y(1)
    -    		N
    -    		N
    -
    - RSAwithSHA1
    -    		SHOULD
    -    		Y
    -    		N
    -    		N
    -
    X509 support
    -    		SHOULD
    -    		Y
    -    		N
    -    		N
    -
    - minimal -(deprecated)
    -    		n/a
    -    		N
    -    		N
    -    		N
    -
    - Canonical XML -(20010315)
    -    		MUST
    -    		Y
    -    		Y
    -    		Y
    -
    - Canonical XML -with comments
    -    		SHOULD
    -    		Y
    -    		Y
    -    		Y
    -
    - Exlusive -Canonical XML
    -    		SHOULD
    -    		Y
    -    		Y
    -    		Y
    -
    - Exlusive -Canonical XML with comments
    -    		SHOULD
    -    		Y
    -    		Y
    -    		Y
    -
    - -Enveloped Signature
    -    		MUST
    -    		Y
    -    		Y
    -    		Y
    -
    -Additional algorithms ( -* )
    -



    HMAC-MD5
    -    		 
    -    		Y
    -    		Y
    -    		Y
    -
    HMAC-RIPEMD160
    -    		 
    -    		Y
    -    		Y
    -    		Y
    -
    XPointer transform
    -    		 
    -    		Y
    -    		Y
    -    		Y
    -
    -
    -
    (0) This feature is currently -available only in the development release.
    (1) Defining DSA key -with Seed and PgenCounter is not supported.


    Test vectors:
    -merlin-xmldsig-twenty-three.tar.gz
    -merlin-xmldsig-sixteen.tar.gz (features, deprecated)
    -merlin-xmldsig-fifteen.tar.gz (algorithms, deprecated)
    -

    -
    -
    -
    -

    Aleksey Sanin

    -
    - diff --git a/docs/xmldsig-verifier.html b/docs/xmldsig-verifier.html index 8b78e70c6..a57a09d52 100644 --- a/docs/xmldsig-verifier.html +++ b/docs/xmldsig-verifier.html @@ -5,7 +5,7 @@
    -XML Security Library

    +XML Security Library

    -LibXML2
    LibXSLT
    OpenSSL +LibXML2
    LibXSLT
    OpenSSL

    Online XML Digital Signature Verifer

    The online XML Digital Signature Verifier is a simple -cgi script (source code) +cgi script (source code) that demonstrates how to use XML Secuirty Library in real applications.

    Copy/Paste the Signed XML Document in the input field below:

    @@ -49,10 +45,6 @@

    Copy/Paste the Signed XML Document in the input field below:

    - -You also can use a simple Perl script to submit -signed XML document to the verifier. -

    Allowed root certificates and signature keys

    In order to successfully verify your message using XML Digital Signature Online Verifier you should sign it using any of @@ -62,8 +54,8 @@

    Allowed root certificates and signature keys

    root certificates from standard root CA authorities (Verisign, etc.), Merlin's root CA used to sign interoperability tests from merlin-xmldsig-sixteen.tar.gz -or "fake" root certificate -(the corresponding private key +or "fake" root certificate +(the corresponding private key is encrypted using passphrase "1234");
  • HMAC key "secret" (in hex, 73 65 63 72 65 74); diff --git a/docs/xmldsig.html b/docs/xmldsig.html index aab000d12..6f3ea3061 100644 --- a/docs/xmldsig.html +++ b/docs/xmldsig.html @@ -5,7 +5,7 @@
    -XML Security Library

    +XML Security Library

    -LibXML2
    LibXSLT
    OpenSSL +LibXML2
    LibXSLT
    OpenSSL

    XML Digital Signature

    -
    +

    XML Digital Signature provides @@ -52,28 +48,420 @@

    XML Digital Signature

    is an example of a real application based on XML Security Library. Using this tool you can verify any XML Signature and get detailed report on what and how was signed. -

    -

    - Other examples: -

    - +
    +

    XML Security Library XML Signature Interoperability Report

    +
    +
    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    Features and algorithms
    		Key Word
    		 +XMLSec with OpenSSL XMLSec with GnuTLS(0) +XMLSec with NSS(0) +
    + +Detached Signature
    +    		MUST
    +    		Y
    +    		Y
    +    		Y
    +
    + +Enveloping Signature: same document reference with fragment +(URI="#Object1")
    +    		MUST
    +    		Y
    +    		Y
    +    		Y
    +
    + +Enveloped Signature: same document reference (URI="") with +Enveloped Signature Transform .
    +    		MUST
    +    		Y
    +    		Y
    +    		Y
    +
    + +SignatureValue generation/validation
    +    		MUST
    +    		Y
    +    		Y
    +    		Y
    +
    + Manifest +DigestValue generation/valdiation
    +    		MAYY
    +    		Y
    +    		Y
    +
    Feature: laxly +schema valid Signature element generation
    +    		MUST
    +    		Y
    +    		Y
    +    		Y
    +
    + +XPointers '#xpointer(/)'
    +    		SHOULD
    +    		Y
    +    		Y
    +    		Y
    +
    + +XPointers '#xpointer(id("ID"))'
    +    		SHOULD
    +    		Y
    +    		Y
    +    		Y
    +
    + +XPointers: full suppport MAY
    +    		Y
    +    		Y
    +    		Y
    +
    + XPath
    +    		SHOULD
    +    		Y
    +    		Y
    +    		Y
    +
    the dsig XPath +'here()' function (can be used to implement enveloped signature)
    +    		SHOULD
    +    		Y
    +    		Y
    +    		Y
    +
    XSLT (note, the child +XSLT element of Transform has been deprecated.)
    +    		MAY
    +    		Y
    +    		Y
    +    		Y
    +
    RetrievalMethod (e.g., +X509Data)
    +    		SHOULD
    +    		Y
    +    		Y
    +    		Y
    +
    + SHA1
    +    		MUST
    +    		Y
    +    		Y
    +    		Y
    +
    + Base64
    +    		MUST
    +    		Y
    +    		Y
    +    		Y
    +
    + HMAC-SHA1
    +    		MUST
    +    		Y
    +    		Y
    +    		Y
    +
    + DSAwithSHA1
    +(DSS)
    +    		MUST
    +    		Y(1)
    +    		N
    +    		N
    +
    + RSAwithSHA1
    +    		SHOULD
    +    		Y
    +    		N
    +    		N
    +
    X509 support
    +    		SHOULD
    +    		Y
    +    		N
    +    		N
    +
    + minimal +(deprecated)
    +    		n/a
    +    		N
    +    		N
    +    		N
    +
    + Canonical XML +(20010315)
    +    		MUST
    +    		Y
    +    		Y
    +    		Y
    +
    + Canonical XML +with comments
    +    		SHOULD
    +    		Y
    +    		Y
    +    		Y
    +
    + Exlusive +Canonical XML
    +    		SHOULD
    +    		Y
    +    		Y
    +    		Y
    +
    + Exlusive +Canonical XML with comments
    +    		SHOULD
    +    		Y
    +    		Y
    +    		Y
    +
    + +Enveloped Signature
    +    		MUST
    +    		Y
    +    		Y
    +    		Y
    +
    +Additional algorithms ( +* )
    +



    HMAC-MD5
    +    		 
    +    		Y
    +    		Y
    +    		Y
    +
    HMAC-RIPEMD160
    +    		 
    +    		Y
    +    		Y
    +    		Y
    +
    XPointer transform
    +    		 
    +    		Y
    +    		Y
    +    		Y
    +
    +
    +
    (0) This feature is currently +available only in the development release.
    (1) Defining DSA key +with Seed and PgenCounter is not supported.

    Test vectors (from IETF/W3C XML +Signature WG: XML Signature Interoperability page): +
    +merlin-xmldsig-twenty-three.tar.gz
    +merlin-xmldsig-sixteen.tar.gz (features, deprecated)
    +merlin-xmldsig-fifteen.tar.gz (algorithms, deprecated)
    +

    +
    +


    Aleksey Sanin

    diff --git a/docs/xmlenc-interop.html b/docs/xmlenc-interop.html deleted file mode 100644 index 7c33b1e33..000000000 --- a/docs/xmlenc-interop.html +++ /dev/null @@ -1,579 +0,0 @@ - - - -XML Security Library: XML Encryption Interoperability Report - - - - -
    -XML Security Library

    - -LibXML2
    LibXSLT
    OpenSSL -    		 - - -
    -
    -

    XML Security Library
    -XML Encryption Interoperability Report

    - Aleksey Sanin
    -March 02 2003
    -
    -
    -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Features and algorithms
    		Key Word
    		 -XMLSec with OpenSSL XMLSec with GnuTLS(0) -XMLSec with NSS(0) -
    - Laxly -valid schema generation of EncryptedData -/EncryptedKey
    -    		MUST
    -    		Y
    -    		Y
    -    		Y
    -
      -
    • Normalized Form C generations.
      • -
    -    		SHOULD
    -    		Y
    -    		YY
    - Type, -MimeType, and Encoding
    -    		MUST
    -    		Y
    -    		YY
    - -CipherReference URI derefencing
    -    		MUST
    -    		Y
    -    		YY
    -
      -
    • Transforms
      • -
    -    		OPTIONAL
    -    		Y
    -    		YY
    - -ds:KeyInfo
    -    		MUST
    -    		Y
    -    		YY
    -
      -
    • enc:DHKeyValue
      • -
    -    		OPTIONAL
    -    		N
    -    		N
    -    		N
    -
    -
      -
    • ds:KeyName
      • -
    -    		RECOMMENDED
    -    		Y
    -    		YY
    - - REQUIRED
    -    		Y
    -    		YY
    - -ReferenceList
    -    		OPTIONAL
    -    		N
    -    		N
    -    		N
    -
    - -EncryptionProperties
    -    		OPTIONAL
    -    		Y
    -    		YY
    Satisfactory Performance
    -    		(required!)
    -    		Y
    -    		YY
    - Required -Type support: Element and Content.
    -    		MUST
    -    		Y
    -    		YY
    - -Encryption
    -    		MUST
    -    		Y
    -    		YY
    -
      -
    • Serialization of XML Element and Content. -
        -
      1. NFC conversion from non-Unicode encodings.
        2. -
      -
      • -
    -    		MAY
    -MUST
    -    		Y
    -    		YY
    -
      -
    • Encryptor returns EncryptedData structure.
      • -
    -    		MUST
    -    		Y
    -    		YY
    -
      -
    • Encryptor replaces EncryptedData into source -document (when Type is Element or Content).
      • -
    -    		SHOULD
    -    		Y
    -    		YY
    - -Decryption
    -    		MUST
    -    		Y
    -    		YY
    -
      -
    • The decryptor returns the data and its Type to the -application (be it an octet sequence or key value).
      • -
    -    		MUST
    -    		Y
    -    		YY
    -
      -
    • If data is Element or Content the decryptor return -the UTF-8 encoding XML character data.
      • -
    -    		MUST
    -    		Y
    -    		YY
    -
      -
    • If data is Element or Content the decryptor -replaces the EncryptedData in the source document with -the decrypted data.
      • -
    -    		SHOULD
    -    		Y
    -    		YY
    TRIPLEDES
    -    		 REQUIRED
    -    		Y
    -    		YY
    AES-128
    -    		 REQUIRED
    -    		Y
    -    		YY
    AES-256
    -    		 REQUIRED
    -    		Y
    -    		YY
    AES-192
    -    		OPTIONAL
    -    		Y
    -    		YY
    RSA-v1.5 (192 bit keys for -AES or DES)
    -    		 REQUIRED
    -    		Y
    -    		N
    -    		N
    RSA-OAEP (128 and 256 bit keys for AES)
    -    		 REQUIRED
    -    		Y(1)
    -    		NN
    Diffie-Hellman Key Agreement
    -    		OPTIONAL
    -    		N
    -    		NN
    TRIPLEDES Key Wrap
    -    		 REQUIRED
    -    		Y
    -    		NN
    AES-128 Key Wrap (128 bit keys)
    -    		 REQUIRED
    -    		Y
    -    		NN
    AES-256 Key Wrap (256 bit keys)
    -    		 REQUIRED
    -    		Y
    -    		NN
    AES-192 Key Wrap
    -    		OPTIONAL
    -    		Y
    -    		NN
    SHA1
    -    		REQUIRED
    -    		Y
    -    		Y
    -    		Y
    -
    SHA256
    -    		RECOMMENDED
    -    		N
    -    		NN
    SHA512
    -    		OPTIONAL
    -    		N
    -    		NN
    RIPEMD-160
    -    		OPTIONAL
    -    		Y
    -    		Y
    -    		Y
    -
    - XML Digital Signature
    -    		RECOMMENDED
    -    		Y
    -    		Y
    -    		Y
    -
    - -Decryption Transform for XML Signature
    -    		RECOMMENDED
    -    		N
    -    		NN
    -
      -
    • XPointer support in Except URI.
      • -
    -    		OPTIONAL
    -    		N
    -    		NN
    -

    -Canonical XML -(with and without comments)

    -     		OPTIONAL
    -    		Y
    -    		Y
    -    		Y
    - -Exclusive Canonicalization (with and without comments)
    -    		OPTIONAL
    -    		Y
    -    		YY
    base64 Encoding
    -    		 REQUIRED
    -    		Y
    -    		YY
    -
    -
    (0) This feature is currently -available only in the development release.
    (1) OpenSSL (and XML Security -Library) supports only SHA1 as the digest in the RSA-OAEP key -transport.

    -Test vectors:
    -merlin-xmlenc-five.tar.gz
    -phaos-xmlenc-3.zip
    -

    -
    -
    -
    -

    Aleksey Sanin

    -
    - diff --git a/docs/xmlenc.html b/docs/xmlenc.html index 9dcaa960c..1f1580451 100644 --- a/docs/xmlenc.html +++ b/docs/xmlenc.html @@ -5,7 +5,7 @@ diff --git a/docs/xmlsec-man.html b/docs/xmlsec-man.html index 891b6d2c1..8d02a24bb 100644 --- a/docs/xmlsec-man.html +++ b/docs/xmlsec-man.html @@ -5,7 +5,7 @@
    -XML Security Library

    +XML Security Library

    -LibXML2
    LibXSLT
    OpenSSL +LibXML2
    LibXSLT
    OpenSSL     		- + +
    +

    XML Encryption Implementation and +Interoperability Report

    +
    +
    +

    +

    +
    +

    XML Encryption

    @@ -35,20 +31,551 @@

    XML Encryption

    standard specifies the process for encryptind data and representing the result in XML document. The data may be an XML element, or an XML element content, or any arbitrary data (including XML document). -

    Examples.

    - - -
    -
    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    Features and algorithms
    		Key Word
    		 +XMLSec with OpenSSL XMLSec with GnuTLS(0) +XMLSec with NSS(0) +
    + Laxly +valid schema generation of EncryptedData +/EncryptedKey
    +    		MUST
    +    		Y
    +    		Y
    +    		Y
    +
      +
    • Normalized Form C generations.
      • +
    +    		SHOULD
    +    		Y
    +    		YY
    + Type, +MimeType, and Encoding
    +    		MUST
    +    		Y
    +    		YY
    + +CipherReference URI derefencing
    +    		MUST
    +    		Y
    +    		YY
    +
      +
    • Transforms
      • +
    +    		OPTIONAL
    +    		Y
    +    		YY
    + +ds:KeyInfo
    +    		MUST
    +    		Y
    +    		YY
    +
      +
    • enc:DHKeyValue
      • +
    +    		OPTIONAL
    +    		N
    +    		N
    +    		N
    +
    +
      +
    • ds:KeyName
      • +
    +    		RECOMMENDED
    +    		Y
    +    		YY
    + + REQUIRED
    +    		Y
    +    		YY
    + +ReferenceList
    +    		OPTIONAL
    +    		N
    +    		N
    +    		N
    +
    + +EncryptionProperties
    +    		OPTIONAL
    +    		Y
    +    		YY
    Satisfactory Performance
    +    		(required!)
    +    		Y
    +    		YY
    + Required +Type support: Element and Content.
    +    		MUST
    +    		Y
    +    		YY
    + +Encryption
    +    		MUST
    +    		Y
    +    		YY
    +
      +
    • Serialization of XML Element and Content. +
        +
      1. NFC conversion from non-Unicode encodings.
        2. +
      +
      • +
    +    		MAY
    +MUST
    +    		Y
    +    		YY
    +
      +
    • Encryptor returns EncryptedData structure.
      • +
    +    		MUST
    +    		Y
    +    		YY
    +
      +
    • Encryptor replaces EncryptedData into source +document (when Type is Element or Content).
      • +
    +    		SHOULD
    +    		Y
    +    		YY
    + +Decryption
    +    		MUST
    +    		Y
    +    		YY
    +
      +
    • The decryptor returns the data and its Type to the +application (be it an octet sequence or key value).
      • +
    +    		MUST
    +    		Y
    +    		YY
    +
      +
    • If data is Element or Content the decryptor return +the UTF-8 encoding XML character data.
      • +
    +    		MUST
    +    		Y
    +    		YY
    +
      +
    • If data is Element or Content the decryptor +replaces the EncryptedData in the source document with +the decrypted data.
      • +
    +    		SHOULD
    +    		Y
    +    		YY
    TRIPLEDES
    +    		 REQUIRED
    +    		Y
    +    		YY
    AES-128
    +    		 REQUIRED
    +    		Y
    +    		YY
    AES-256
    +    		 REQUIRED
    +    		Y
    +    		YY
    AES-192
    +    		OPTIONAL
    +    		Y
    +    		YY
    RSA-v1.5 (192 bit keys for +AES or DES)
    +    		 REQUIRED
    +    		Y
    +    		N
    +    		N
    RSA-OAEP (128 and 256 bit keys for AES)
    +    		 REQUIRED
    +    		Y(1)
    +    		NN
    Diffie-Hellman Key Agreement
    +    		OPTIONAL
    +    		N
    +    		NN
    TRIPLEDES Key Wrap
    +    		 REQUIRED
    +    		Y
    +    		NN
    AES-128 Key Wrap (128 bit keys)
    +    		 REQUIRED
    +    		Y
    +    		NN
    AES-256 Key Wrap (256 bit keys)
    +    		 REQUIRED
    +    		Y
    +    		NN
    AES-192 Key Wrap
    +    		OPTIONAL
    +    		Y
    +    		NN
    SHA1
    +    		REQUIRED
    +    		Y
    +    		Y
    +    		Y
    +
    SHA256
    +    		RECOMMENDED
    +    		N
    +    		NN
    SHA512
    +    		OPTIONAL
    +    		N
    +    		NN
    RIPEMD-160
    +    		OPTIONAL
    +    		Y
    +    		Y
    +    		Y
    +
    + XML Digital Signature
    +    		RECOMMENDED
    +    		Y
    +    		Y
    +    		Y
    +
    + +Decryption Transform for XML Signature
    +    		RECOMMENDED
    +    		N
    +    		NN
    +
      +
    • XPointer support in Except URI.
      • +
    +    		OPTIONAL
    +    		N
    +    		NN
    +

    +Canonical XML +(with and without comments)

    +     		OPTIONAL
    +    		Y
    +    		Y
    +    		Y
    + +Exclusive Canonicalization (with and without comments)
    +    		OPTIONAL
    +    		Y
    +    		YY
    base64 Encoding
    +    		 REQUIRED
    +    		Y
    +    		YY
    +
    +
    (0) This feature is currently +available only in the development release.
    (1) OpenSSL (and XML Security +Library) supports only SHA1 as the digest in the RSA-OAEP key +transport.

    +Test vectors (from W3C XML +Encryption interop page): + +
    +merlin-xmlenc-five.tar.gz
    +phaos-xmlenc-3.zip
    +

    +
    + +


    Aleksey Sanin

    -XML Security Library

    +XML Security Library

    -LibXML2
    LibXSLT
    OpenSSL +LibXML2
    LibXSLT
    OpenSSL
    diff --git a/scripts/xmlsec.xsl b/scripts/xmlsec.xsl index 8a9ae4193..315308fb5 100644 --- a/scripts/xmlsec.xsl +++ b/scripts/xmlsec.xsl @@ -36,7 +36,7 @@ - logo.gif + images/logo.gif XML Security Library

    @@ -79,12 +79,6 @@

      -
    • - - xmldsig-interop.html - Interop report - -
    • xmldsig-verifier.html @@ -98,14 +92,6 @@ XML Encryption
      • -
        -
      • - - xmlenc-interop.html - Interop report - -
        • -
    • c14n.html @@ -128,21 +114,21 @@
    - libxml2-logo.png + images/libxml2-logo.png LibXML2
    - libxslt-logo.png + images/libxslt-logo.png LibXSLT
    - openssl-logo.png + images/openssl-logo.png OpenSSL