docs/api/xmlsec-notes-sign.html


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Signing a document.: XML Security Library Reference Manual</title>
<meta name="generator" content="DocBook XSL Stylesheets V1.79.1">
<link rel="home" href="index.html" title="XML Security Library Reference Manual">
<link rel="up" href="xmlsec-notes-sign-encrypt.html" title="Signing and encrypting documents.">
<link rel="prev" href="xmlsec-notes-sign-encrypt.html" title="Signing and encrypting documents.">
<link rel="next" href="xmlsec-notes-encrypt.html" title="Encrypting data.">
<meta name="generator" content="GTK-Doc V1.27 (XML mode)">
<link rel="stylesheet" href="style.css" type="text/css">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
<table class="navigation" id="top" width="100%" summary="Navigation header" cellpadding="2" cellspacing="5"><tr valign="middle">
<td width="100%" align="left" class="shortcuts"></td>
<td><a accesskey="h" href="index.html"><img src="home.png" width="16" height="16" border="0" alt="Home"></a></td>
<td><a accesskey="u" href="xmlsec-notes-sign-encrypt.html"><img src="up.png" width="16" height="16" border="0" alt="Up"></a></td>
<td><a accesskey="p" href="xmlsec-notes-sign-encrypt.html"><img src="left.png" width="16" height="16" border="0" alt="Prev"></a></td>
<td><a accesskey="n" href="xmlsec-notes-encrypt.html"><img src="right.png" width="16" height="16" border="0" alt="Next"></a></td>
</tr></table>
<div class="sect1">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="xmlsec-notes-sign"></a>Signing a document.</h2></div></div></div>
<p>The typical signature process includes following steps:
	  </p>
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
<li class="listitem"><p>
		Prepare data for signature.
	    </p></li>
<li class="listitem"><p>
		Create or load signature template and select start
    		<a class="ulink" href="" target="_top">&lt;dsig:Signature/&gt;</a>
		node.
	    </p></li>
<li class="listitem"><p>
		Create signature context <a class="link" href="xmlsec-xmldsig.html#xmlSecDSigCtx" title="struct xmlSecDSigCtx">xmlSecDSigCtx</a>
		using <a class="link" href="xmlsec-xmldsig.html#xmlSecDSigCtxCreate" title="xmlSecDSigCtxCreate ()">xmlSecDSigCtxCreate</a> or
		<a class="link" href="xmlsec-xmldsig.html#xmlSecDSigCtxInitialize" title="xmlSecDSigCtxInitialize ()">xmlSecDSigCtxInitialize</a>
		functions.
	    </p></li>
<li class="listitem"><p>
		Load signature key in <a class="link" href="xmlsec-keysmngr.html#xmlSecKeysMngr" title="struct xmlSecKeysMngr">keys manager</a> 
		or generate a session key and set it in the signature context 
		(<em class="structfield"><code>signKey</code></em> member of 
		<a class="link" href="xmlsec-xmldsig.html#xmlSecDSigCtx" title="struct xmlSecDSigCtx">xmlSecDSigCtx</a> structure).
	    </p></li>
<li class="listitem"><p>
		Sign data by calling <a class="link" href="xmlsec-xmldsig.html#xmlSecDSigCtxSign" title="xmlSecDSigCtxSign ()">xmlSecDSigCtxSign</a> 
		function.
	    </p></li>
<li class="listitem"><p>
		Check returned value and consume signed data.
	    </p></li>
<li class="listitem"><p>
		Destroy signature context <a class="link" href="xmlsec-xmldsig.html#xmlSecDSigCtx" title="struct xmlSecDSigCtx">xmlSecDSigCtx</a>
		using <a class="link" href="xmlsec-xmldsig.html#xmlSecDSigCtxDestroy" title="xmlSecDSigCtxDestroy ()">xmlSecDSigCtxDestroy</a> or
		<a class="link" href="xmlsec-xmldsig.html#xmlSecDSigCtxFinalize" title="xmlSecDSigCtxFinalize ()">xmlSecDSigCtxFinalize</a>
		functions.
	    </p></li>
</ul></div>
<p>
	</p>
<p>
	     </p>
<div class="example">
<a name="id-1.2.6.3.3.1"></a><p class="title"><b>Example 10. Signing a template.</b></p>
<div class="example-contents">
<pre class="programlisting">
/** 
 * sign_file:
 * @tmpl_file:		the signature template file name.
 * @key_file:		the PEM private key file name.
 *
 * Signs the #tmpl_file using private key from #key_file.
 *
 * Returns 0 on success or a negative value if an error occurs.
 */
int 
sign_file(const char* tmpl_file, const char* key_file) {
    xmlDocPtr doc = NULL;
    xmlNodePtr node = NULL;
    xmlSecDSigCtxPtr dsigCtx = NULL;
    int res = -1;
    
    assert(tmpl_file);
    assert(key_file);

    /* load template */
    doc = xmlParseFile(tmpl_file);
    if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){
	fprintf(stderr, "Error: unable to parse file \"%s\"\n", tmpl_file);
	goto done;	
    }
    
    /* find start node */
    node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeSignature, xmlSecDSigNs);
    if(node == NULL) {
	fprintf(stderr, "Error: start node not found in \"%s\"\n", tmpl_file);
	goto done;	
    }

    /* create signature context, we don't need keys manager in this example */
    dsigCtx = xmlSecDSigCtxCreate(NULL);
    if(dsigCtx == NULL) {
        fprintf(stderr,"Error: failed to create signature context\n");
	goto done;
    }

    /* load private key, assuming that there is not password */
    dsigCtx-&gt;signKey = xmlSecCryptoAppKeyLoad(key_file, xmlSecKeyDataFormatPem, NULL, NULL, NULL);
    if(dsigCtx-&gt;signKey == NULL) {
        fprintf(stderr,"Error: failed to load private pem key from \"%s\"\n", key_file);
	goto done;
    }

    /* set key name to the file name, this is just an example! */
    if(xmlSecKeySetName(dsigCtx-&gt;signKey, key_file) &lt; 0) {
    	fprintf(stderr,"Error: failed to set key name for key from \"%s\"\n", key_file);
	goto done;
    }

    /* sign the template */
    if(xmlSecDSigCtxSign(dsigCtx, node) &lt; 0) {
        fprintf(stderr,"Error: signature failed\n");
	goto done;
    }
        
    /* print signed document to stdout */
    xmlDocDump(stdout, doc);
    
    /* success */
    res = 0;

done:    
    /* cleanup */
    if(dsigCtx != NULL) {
	xmlSecDSigCtxDestroy(dsigCtx);
    }
    
    if(doc != NULL) {
	xmlFreeDoc(doc); 
    }
    return(res);
}
		</pre>
<p><a class="link" href="xmlsec-examples-sign-template-file.html#xmlsec-example-sign1" title="sign1.c">Full program listing</a></p>
<p><a class="link" href="xmlsec-examples-sign-template-file.html#xmlsec-example-sign1-tmpl" title="sign1-tmpl.xml">Simple signature template file</a></p>
</div>
</div>
<p><br class="example-break">
	</p>
</div>
<div class="footer">
<hr>Generated by GTK-Doc V1.27</div>
</body>
</html>