/ 
XML-LibXML-xmlsec-0.01
River stage zero No dependents
/ XML::LibXML::xmlsec

NAME

XML::LibXML::xmlsec - XML signing/encription using xmlsec library

SYNOPSIS

use XML::LibXML::xmlsec;

my $signer=XML::LibxXML::xmlsec->new();
$signer->loadpkey(PEM => 'jdoe.pem', secret => 'hush');
$signer->signdoc($xmldoc);

DESCRIPTION

XML::LibXML::xmlsec is a bind module for xmlsec, a C library aimed for XML digital signature and encryption es described in W3C standards.

INSTALLATION

You must have a running xmlsec library. There are binaries been ported to many Linux distributions, as well as binaries for Windows available.

METHODS

loadpkey

$signer->loadpkey(PEM => 'me.pem', secret => 'mypassword');
$signer->loadpkey(DER => 'me.pem', name => 'joe');
$signer->loadpkey(PEM => $string_with_pem);

loadpkey will set the private key needed for digital signature. The key may be passed as a filename value, or it might be the key itself. A PEM=>val pair indicates PEM format, DER=>val indicates DER format and PFX=>val indicates PKCS12 format. An optional secret value will be used to decrypt the key. An optional name argument will be used to mention the private key in further methods.

loadcert

$signer->loadcert(PEM => 'me.crt', secret => 'hush')
$signer->loadcert(PEM => 'joe.crt', name => 'joe')

loadcert will set the X509 certificate needed for verifying or digital signature. The value may be passed in similar fashion as in loadpkey().

signdoc

$signer->signdoc($xmldoc, %options);

signdoc will compute the digital signature and then add it as contents to the XML document. The argument is expected to be a signature envelope as a well behaved LibXML::Document

The options are as follows

id => 'mydoc' indicates the id of the xml element subject of the signature
start => <libxml node> indicates a starting Signature o dsig:Signature of the signing process
id-attr => 'ID' indicates the name of the id attribute applied. Default lowercase 'id'
id-node => 'mytagname' indicates the tag name of the xml element subject of the signature

id-attr and id-node are provided as tweaks in order to be able to sign a DTD-less documents in the same way the option --id-attr works in xmlsec1 utility

KeysStoreSave('store.xml',XML::LibXML::xmlsec::xmlSecKeyDataTypeAny)

This will dump the current contents of the previously loaded keys in the named file. The second argument is a bitmask indicating which keys will be dumped. The file can be used in the future with KeysStoreLoad Please beware that any private key will be dumped unencrypted The options, as stated in xmlsec documentation are as follows:

xmlSecKeyDataTypeUnknown The key data type is unknown (same as xmlSecKeyDataTypeNone).
xmlSecKeyDataTypeNone The key data type is unknown (same as xmlSecKeyDataTypeUnknown).
xmlSecKeyDataTypePublic The key data contain a public key.
xmlSecKeyDataTypePrivate The key data contain a private key.
xmlSecKeyDataTypeSymmetric The key data contain a symmetric key.
xmlSecKeyDataTypeSession The key data contain session key (one time key, n
xmlSecKeyDataTypePermanent The key data contain permanent key (stored in keys manager).
xmlSecKeyDataTypeTrusted The key data is trusted.
xmlSecKeyDataTypeAny Any key data.

KeysStoreLoad('store.xml')

This will restore a previously saved keys

SEE ALSO

See W3C XML signature definition. See W3C XML encryption definition. The original xmlsec library has a webpage at https://www.aleksey.com/xmlsec/

AUTHOR

Erich Strelow, <hstrelo@puc.cl>

COPYRIGHT AND LICENSE

Copyright (C) 2020 by A. U. Thor

This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself, either Perl version 5.16.3 or, at your option, any later version of Perl 5 you may have available.