diff options
Diffstat (limited to 'docs/xmldsig.html')
-rw-r--r-- | docs/xmldsig.html | 646 |
1 files changed, 646 insertions, 0 deletions
diff --git a/docs/xmldsig.html b/docs/xmldsig.html new file mode 100644 index 00000000..4e008862 --- /dev/null +++ b/docs/xmldsig.html @@ -0,0 +1,646 @@ +<html> +<head> +<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> +<title>XML Security Library: XML Digital Signature</title> +</head> +<body><table witdh="100%" valign="top"><tr valign="top"> +<td valign="top" align="left" width="210"> +<img src="images/logo.gif" alt="XML Security Library" border="0"><p></p> +<ul> +<li><a href="index.html">Home</a></li> +<li><a href="download.html">Download</a></li> +<li><a href="news.html">News</a></li> +<li><a href="documentation.html">Documentation</a></li> +<ul> +<li><a href="faq.html">FAQ</a></li> +<li><a href="api/xmlsec-notes.html">Tutorial</a></li> +<li><a href="api/xmlsec-reference.html">API reference</a></li> +<li><a href="api/xmlsec-examples.html">Examples</a></li> +</ul> +<li><a href="xmldsig.html">XML Digital Signature</a></li> +<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul> +<li><a href="xmlenc.html">XML Encryption</a></li> +<li><a href="c14n.html">XML Canonicalization</a></li> +<li><a href="bugs.html">Reporting Bugs</a></li> +<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li> +<li><a href="related.html">Related</a></li> +<li><a href="authors.html">Authors</a></li> +</ul> +<table width="100%"> +<tr> +<td width="15"></td> +<td><a href="http://xmlsoft.org/"><img src="images/libxml2-logo.png" alt="LibXML2" border="0"></a></td> +</tr> +<tr> +<td width="15"></td> +<td><a href="http://xmlsoft.org/XSLT"><img src="images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td> +</tr> +<tr> +<td width="15"></td> +<td><a href="http://www.openssl.org/"><img src="images/openssl-logo.png" alt="OpenSSL" border="0"></a></td> +</tr> +<!--Links - start--><!--Links - end--> +</table> +</td> +<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent"> +<div align="center"> + <h2>XML Digital Signature</h2> + </div> +<p> <a href="http://www.w3.org/TR/xmldsig-core">XML +Digital Signature 1.0</a> provides <a href="http://www.w3.org/TR/xmldsig-core/#def-Integrity" class="link-def">integrity,</a> <a href="http://www.w3.org/TR/xmldsig-core/#def-AuthenticationMessage" class="link-def">message authentication,</a> and/or <a href="http://www.w3.org/TR/xmldsig-core/#def-AuthenticationSigner" class="link-def">signer authentication</a> services for data of any +type, whether located within the XML that includes the signature or +elsewhere. </p> +<p> XML Security Library supports all MUST/SHOULD/MAY +features and algorithms +described in the W3C standard and provides API to sign prepared +document templates, +add signature(s) to a document "on-the-fly" or verify the signature(s) +in the document. </p> +<p> <a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">XML Digital +Signature +Online Verifier</a> is an example of a real application based on XML +Security Library. Using this tool you can verify any XML Signature +and get detailed report on what and how was signed. </p> +<div align="center"> + <h3>XML Security Library Interoperability Report</h3> + </div> +<h4 style="text-align: center;">XML Digital Signature 1.0 (<a href="http://www.ietf.org/rfc/rfc3275.txt">RFC 3275</a>)</h4> +<div align="center"> + <table style="width: 85%;" border="1" cellpadding="2" cellspacing="2"><tbody> +<tr> +<td style="width: 40%;" align="left" valign="top"><b>Features and algorithms</b></td> + <td valign="top"><b>XMLSec with OpenSSL</b></td> + <td valign="top"><b>XMLSec with GnuTLS</b></td> + <td valign="top"><b>XMLSec with GCrypt</b></td> + <td valign="top"><b>XMLSec with NSS</b></td> + <td valign="top"><b>XMLSec with MSCrypto</b></td> +</tr> +<tr> +<td style="width: 40%;" align="left" valign="top">Detached Signature</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> +</tr> +<tr> +<td style="width: 40%;" align="left" valign="top">Enveloping Signature: +same document reference with fragment (URI="#Object1")</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> +</tr> +<tr> +<td style="width: 40%;" align="left" valign="top">Enveloped Signature: +same document reference (URI="") with Enveloped Signature Transform</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> +</tr> +<tr> +<td style="width: 40%;" align="left" valign="top">SignatureValue +generation/validation</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> +</tr> +<tr> +<td style="width: 40%;" align="left" valign="top">Manifest DigestValue +generation/valdiation</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> +</tr> +<tr> +<td style="width: 40%;" align="left" valign="top">Laxly schema valid Signature +element generation</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> +</tr> +<tr> +<td style="width: 40%;" align="left" valign="top">XPointers '#xpointer(/)'</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> +</tr> +<tr> +<td style="width: 40%;" align="left" valign="top">XPointers '#xpointer(id("<em>ID</em>"))'</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> +</tr> +<tr> +<td style="width: 40%;" align="left" valign="top">XPointers: full suppport</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> +</tr> +<tr> +<td style="width: 40%;" align="left" valign="top">XPath</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> +</tr> +<tr> +<td style="width: 40%;" align="left" valign="top">the dsig XPath 'here()' +function (can be used to implement enveloped signature)</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> +</tr> +<tr> +<td style="width: 40%;" align="left" valign="top">XSLT transform</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> +</tr> +<tr> +<td style="width: 40%;" align="left" valign="top">RetrievalMethod +(e.g. X509Data)</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> +</tr> +<tr> +<td style="width: 40%;" align="left" valign="top">SHA1</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> +</tr> +<tr> +<td style="width: 40%;" align="left" valign="top">Base64</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> +</tr> +<tr> +<td style="width: 40%;" align="left" valign="top">HMAC-SHA1</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> +</tr> +<tr> +<td style="width: 40%;" align="left" valign="top">DSA with SHA1 (DSS) <a href="#dsa-sha1"><sup>(1)</sup></a> +</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> +</tr> +<tr> +<td style="width: 40%;" align="left" valign="top">RSA with SHA1</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> +</tr> +<tr> +<td style="width: 40%;" valign="top">X509 support</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">N</td> + <td valign="top">Y</td> + <td valign="top">Y</td> +</tr> +<tr> +<td style="width: 40%;" valign="top">X509 CRL support</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">N</td> + <td valign="top">N</td> + <td valign="top">Y</td> +</tr> +<tr> +<td style="width: 40%;" align="left" valign="top">Minimal C14N (deprecated)</td> + <td valign="top">N</td> + <td valign="top">N</td> + <td valign="top">N</td> + <td valign="top">N</td> + <td valign="top">N</td> +</tr> +<tr> +<td style="width: 40%;" align="left" valign="top"> +<a href="http://www.w3.org/TR/xml-c14n">Canonical XML 1.0</a> +</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> +</tr> +<tr> +<td style="width: 40%;" align="left" valign="top"> +<a href="http://www.w3.org/TR/xml-exc-c14n">Exlusive Canonical XML 1.0</a> +</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> +</tr> +<tr> +<td style="width: 40%;" align="left" valign="top"> +<a href="http://www.w3.org/TR/xml-c14n11/">Canonical XML 1.1</a> +</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> +</tr> +<tr> +<td style="width: 40%;" align="left" valign="top">Enveloped Signature</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> +</tr> +</tbody></table> +<div align="left"> <br><h4 style="text-align: center;">Additional XML Security +Algorithms (<a href="http://www.ietf.org/rfc/rfc4051.txt">RFC 4051</a>)</h4> + <table style="width: 85%; text-align: left; margin-left: auto; margin-right: auto;" border="1" cellpadding="2" cellspacing="2"><tbody> +<tr> +<td style="width: 40%;" align="left" valign="top"><b>Features and algorithms<br></b></td> + <td valign="top"><b>XMLSec with OpenSSL</b></td> + <td valign="top"><b>XMLSec with GnuTLS</b></td> + <td valign="top"><b>XMLSec with GCrypt</b></td> + <td valign="top"><b>XMLSec with NSS</b></td> + <td valign="top"><b>XMLSec with MSCrypto</b></td> +</tr> +<tr> +<td style="vertical-align: top; width: 40%;">MD5</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> +</tr> +<tr> +<td style="vertical-align: top; width: 40%;">SHA224</td> + <td valign="top">Y</td> + <td valign="top">N</td> + <td valign="top">N</td> + <td valign="top">N</td> + <td valign="top">N</td> +</tr> +<tr> +<td style="vertical-align: top; width: 40%;">SHA256</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> +</tr> +<tr> +<td style="vertical-align: top; width: 40%;">SHA384</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> +</tr> +<tr> +<td style="vertical-align: top; width: 40%;">SHA512</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> +</tr> +<tr> +<td style="width: 40%;" align="left" valign="top">HMAC-MD5</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> +</tr> +<tr> +<td style="vertical-align: top; width: 40%;">HMAC-SHA224</td> + <td valign="top">Y</td> + <td valign="top">N</td> + <td valign="top">N</td> + <td valign="top">N</td> + <td valign="top">N</td> +</tr> +<tr> +<td style="vertical-align: top; width: 40%;">HMAC-SHA256</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> +</tr> +<tr> +<td style="vertical-align: top; width: 40%;">HMAC-SHA384</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> +</tr> +<tr> +<td style="width: 40%;" align="left" valign="top">HMAC-SHA512</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> +</tr> +<tr> +<td style="width: 40%;" valign="top">HMAC-RIPEMD160</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">N</td> +</tr> +<tr> +<td style="vertical-align: top; width: 40%;">RSA-MD5</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">N</td> + <td valign="top">Y</td> +</tr> +<tr> +<td style="vertical-align: top; width: 40%;">RSA-SHA224</td> + <td valign="top">Y</td> + <td valign="top">N</td> + <td valign="top">N</td> + <td valign="top">N</td> + <td valign="top">N</td> +</tr> +<tr> +<td style="vertical-align: top; width: 40%;">RSA-SHA256</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> +</tr> +<tr> +<td style="vertical-align: top; width: 40%;">RSA-SHA384</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> +</tr> +<tr> +<td style="vertical-align: top; width: 40%;">RSA-SHA512</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> +</tr> +<tr> +<td style="vertical-align: top; width: 40%;">RSA-RIPEMD160</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">N</td> + <td valign="top">N</td> +</tr> +<tr> +<td style="vertical-align: top; width: 40%;">ECDSA-SHA1</td> + <td valign="top">N</td> + <td valign="top">N</td> + <td valign="top">N</td> + <td valign="top">N</td> + <td valign="top">N</td> +</tr> +<tr> +<td style="vertical-align: top; width: 40%;">ECDSA-SHA224</td> + <td valign="top">N</td> + <td valign="top">N</td> + <td valign="top">N</td> + <td valign="top">N</td> + <td valign="top">N</td> +</tr> +<tr> +<td style="vertical-align: top; width: 40%;">ECDSA-SHA256</td> + <td valign="top">N</td> + <td valign="top">N</td> + <td valign="top">N</td> + <td valign="top">N</td> + <td valign="top">N</td> +</tr> +<tr> +<td style="vertical-align: top; width: 40%;">ECDSA-SHA384</td> + <td valign="top">N</td> + <td valign="top">N</td> + <td valign="top">N</td> + <td valign="top">N</td> + <td valign="top">N</td> +</tr> +<tr> +<td style="vertical-align: top; width: 40%;">ECDSA-SHA512</td> + <td valign="top">N</td> + <td valign="top">N</td> + <td valign="top">N</td> + <td valign="top">N</td> + <td valign="top">N</td> +</tr> +<tr> +<td style="vertical-align: top; width: 40%;">ESIGN-SHA1</td> + <td valign="top">N</td> + <td valign="top">N</td> + <td valign="top">N</td> + <td valign="top">N</td> + <td valign="top">N</td> +</tr> +<tr> +<td style="vertical-align: top; width: 40%;">ESIGN-SHA224</td> + <td valign="top">N</td> + <td valign="top">N</td> + <td valign="top">N</td> + <td valign="top">N</td> + <td valign="top">N</td> +</tr> +<tr> +<td style="vertical-align: top; width: 40%;">ESIGN-SHA256</td> + <td valign="top">N</td> + <td valign="top">N</td> + <td valign="top">N</td> + <td valign="top">N</td> + <td valign="top">N</td> +</tr> +<tr> +<td style="vertical-align: top; width: 40%;">ESIGN-SHA384</td> + <td valign="top">N</td> + <td valign="top">N</td> + <td valign="top">N</td> + <td valign="top">N</td> + <td valign="top">N</td> +</tr> +<tr> +<td style="vertical-align: top; width: 40%;">ESIGN-SHA512</td> + <td valign="top">N</td> + <td valign="top">N</td> + <td valign="top">N</td> + <td valign="top">N</td> + <td valign="top">N</td> +</tr> +<tr> +<td style="vertical-align: top; width: 40%;">Minimal C14N (deprecated)</td> + <td valign="top">N</td> + <td valign="top">N</td> + <td valign="top">N</td> + <td valign="top">N</td> + <td valign="top">N</td> +</tr> +<tr> +<td style="width: 40%;" align="left" valign="top">XPointer transform</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> + <td valign="top">Y</td> +</tr> +<tr> +<td style="vertical-align: top; width: 40%;">ARCFOUR Encryption</td> + <td valign="top">N</td> + <td valign="top">N</td> + <td valign="top">N</td> + <td valign="top">N</td> + <td valign="top">N</td> +</tr> +<tr> +<td style="vertical-align: top; width: 40%;">Camellia Block Encryption 128</td> + <td valign="top">N</td> + <td valign="top">N</td> + <td valign="top">N</td> + <td valign="top">N</td> + <td valign="top">N</td> +</tr> +<tr> +<td style="vertical-align: top; width: 40%;">Camellia Block Encryption 192</td> + <td valign="top">N</td> + <td valign="top">N</td> + <td valign="top">N</td> + <td valign="top">N</td> + <td valign="top">N</td> +</tr> +<tr> +<td style="vertical-align: top; width: 40%;">Camellia Block Encryption 256</td> + <td valign="top">N</td> + <td valign="top">N</td> + <td valign="top">N</td> + <td valign="top">N</td> + <td valign="top">N</td> +</tr> +<tr> +<td style="vertical-align: top; width: 40%;">Camellia Key Wrap 128</td> + <td valign="top">N</td> + <td valign="top">N</td> + <td valign="top">N</td> + <td valign="top">N</td> + <td valign="top">N</td> +</tr> +<tr> +<td style="vertical-align: top; width: 40%;">Camellia +Key Wrap 192</td> + <td valign="top">N</td> + <td valign="top">N</td> + <td valign="top">N</td> + <td valign="top">N</td> + <td valign="top">N</td> +</tr> +<tr> +<td style="vertical-align: top; width: 40%;">Camellia Key Wrap 256</td> + <td valign="top">N</td> + <td valign="top">N</td> + <td valign="top">N</td> + <td valign="top">N</td> + <td valign="top">N</td> +</tr> +<tr> +<td style="vertical-align: top; width: 40%;">PSEC-KEM</td> + <td valign="top">N</td> + <td valign="top">N</td> + <td valign="top">N</td> + <td valign="top">N</td> + <td valign="top">N</td> +</tr> +</tbody></table> +<div align="left"> +<h4 style="text-align: center;">Other algorithms</h4> + <table style="width: 85%; text-align: left; margin-left: auto; margin-right: auto;" border="1" cellpadding="2" cellspacing="2"><tbody> +<tr> +<td style="width: 40%;" align="left" valign="top"><b>Features and algorithms</b></td> + <td valign="top"><b>XMLSec with OpenSSL</b></td> + <td valign="top"><b>XMLSec with GnuTLS</b></td> + <td valign="top"><b>XMLSec with GCrypt</b></td> + <td valign="top"><b>XMLSec with NSS</b></td> + <td valign="top"> +<b>XMLSec with MSCrypto</b> </td> +</tr> +<tr> +<td style="vertical-align: top; width: 40%;">GOST94 digests</td> + <td valign="top">N</td> + <td valign="top">N</td> + <td valign="top">N</td> + <td valign="top">N</td> + <td valign="top">Y<a href="#gost-mscrypto"><sup>(2)</sup></a> +</td> +</tr> +<tr> +<td style="vertical-align: top; width: 40%;">GOST2001 signatures</td> + <td valign="top">N</td> + <td valign="top">N</td> + <td valign="top">N</td> + <td valign="top">N</td> + <td valign="top">Y<a href="#gost-mscrypto"><sup>(2)</sup></a> +</td> +</tr> +</tbody></table> +<br><br><a name="dsa-sha1"></a><sup>(1)</sup> Defining <a href="http://www.w3.org/TR/xmldsig-core/#sec-DSAKeyValue"> DSA key</a> +with Seed and PgenCounter is not supported. +<br><a name="gost-mscrypto"></a><sup>(2)</sup> Requires install of a CSP +providing these algorithms.<br><p>Test vectors (from <a href="http://www.w3.org/Signature/2001/04/05-xmldsig-interop.html">IETF/W3C +XML Signature WG: XML Signature Interoperability page</a>): <br><a href="http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2002AprJun/att-0016/01-merlin-xmldsig-twenty-three.tar.gz">merlin-xmldsig-twenty-three.tar.gz</a> + <br><a href="http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2001AprJun/att-00%2033/01-merlin-xmldsig-sixteen.tar.gz">merlin-xmldsig-sixteen.tar.gz</a> +(features, deprecated)<br><a href="http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2001JanMar/att-0155/04-merlin-xmldsig-fifteen.tar.gz">merlin-xmldsig-fifteen.tar.gz</a> +(algorithms, deprecated)<br></p> + </div> + </div> +</div> +</td></tr></table></td> +</tr></table></body> +</html> |