XML signature based on xmlsec.
status:=xmlsec sign(params{;key{;certs}})
Parameter
Type
Description
params
Object
see below
key
BLOB
key used to sign the XML. typically PEM, DER or P12
certs
ARRAY BLOB
an array of chained certificates that qualify the signer. not used if key is P12. the order doesn't matter, but element 0 must be the signing certficate (so the same value will appear twice in the array) for XAdES
hash:=xmlsec hash(data{;algorithm})
Parameter
Type
Description
data
BLOB
data to hash
algorithm
Text
sha1 (default), sha224, sha256, sha384 or sha512
hash
Text
base64 encoded hash
This is a convenience method to hash a BLOB.
Params (XMLDsig)
* indicates default value
| Property | Type | Description |
|---|---|---|
| xml | Text | source text |
| key | Text | format of private key pem* der pkcs12 |
| password | Text | password to read private key |
| cert | Text | format of certificates pem* der |
| xmldsig | Object | root object for XMLDsig |
| xmldsig.digest | Text | dsig:DigestMethod@Algorithm sha1* sha224 sha256 sha384 sha512 |
| xmldsig.ref | Object | dsig:Reference |
| xmldsig.ref.id | Text | dsig:Reference@Id |
| xmldsig.ref.uri | Text | dsig:Reference@URI |
| xmldsig.ref.type | Text | dsig:Reference@Type |
| xmldsig.sign | Text | dsig:SignatureMethod rsa-sha1* rsa-sha224 rsa-sha256 rsa-sha384 rsa-sha512 hmac-sha1 hmac-sha224 hmac-sha256 hmac-sha384 hmac-sha512 dsa-sha1 dsa-sha256 ecdsa-sha1 ecdsa-sha224 ecdsa-sha256 ecdsa-sha384 ecdsa-sha512 |
| xmldsig.c14n | Text | dsig:CanonicalizationMethod 1.0* 1.0.c 1.1 1.1.c 1.0.e 1.0.e.c |
| xmldsig.ns | Text | [namespace ds* |
| xmldsig.id | Text | xmldsig:Signature@Id |
| xmldsig.ski | Boolean | false* |
| xmldsig.crl | Boolean | false* |
| xmldsig.subjectName | Boolean | false* |
| xmldsig.keyValue | Boolean | true* |
| xmldsig.issuerSerial | Boolean | false* |
| xmldsig.certificate | Boolean | true* |
| xmldsig.keyInfo | Object | |
| xmldsig.keyInfo.id | Text | dsig:KeyInfo@Id |
| xmldsig.keyInfo.keyName | Text | dsig:KeyInfo/dsig:KeyName |
Params (XAdES)
* indicates default value
| Property | Type | Description |
|---|---|---|
| xades | Text | root object for XAdES |
| xades.ns | Text | namespace xades* |
| xades.digest | Text | xades:DigestValue@Algorithm sha1* sha224 sha256 sha384 sha512 |
| xades.qualifyingProperties | Object | xades:QualifyingProperties |
| xades.qualifyingProperties.signedProperties | Object | xades:SignedProperties |
| xades.qualifyingProperties.signedProperties.id | Object | |
| xades.qualifyingProperties.signedProperties.signedSignatureProperties | Object | xades:SignedSignatureProperties |
| xades.qualifyingProperties.signedProperties.signedSignatureProperties.signingTime | Text | |
| xades.qualifyingProperties.signedProperties.signedSignatureProperties.signaturePolicyIdentifer | Object | |
| xades.qualifyingProperties.signedProperties.signedSignatureProperties.signaturePolicyIdentifer.signaturePolicyId[] | Collection | |
| xades.qualifyingProperties.signedProperties.signedSignatureProperties.signaturePolicyIdentifer.signaturePolicyId[].sigPolicyId | Object | |
| xades.qualifyingProperties.signedProperties.signedSignatureProperties.signaturePolicyIdentifer.signaturePolicyId[].sigPolicyId.identifier | Text | |
| xades.qualifyingProperties.signedProperties.signedSignatureProperties.signaturePolicyIdentifer.signaturePolicyId[].sigPolicyId.digest | Text | |
| xades.qualifyingProperties.signedProperties.signedSignatureProperties.signaturePolicyIdentifer.signaturePolicyId[].sigPolicyId.description | Text | |
| xades.qualifyingProperties.signedProperties.signedSignatureProperties.signaturePolicyIdentifer.signaturePolicyId[].sigPolicyId.documentationReferences[] | Collection | |
| xades.qualifyingProperties.signedProperties.signedSignatureProperties.signaturePolicyIdentifer.signaturePolicyId[].sigPolicyId.documentationReferences[].documentationReference | Text | |
| xades.qualifyingProperties.signedProperties.signedDataObjectProperties | Object | |
| xades.qualifyingProperties.signedProperties.signedDataObjectProperties.dataObjectFormat | Object | |
| xades.qualifyingProperties.signedProperties.signedDataObjectProperties.dataObjectFormat.id | Text | |
| xades.qualifyingProperties.signedProperties.signedDataObjectProperties.dataObjectFormat.description | Text | |
| xades.qualifyingProperties.signedProperties.signedDataObjectProperties.dataObjectFormat.objectIdentifier | Object | |
| xades.qualifyingProperties.signedProperties.signedDataObjectProperties.dataObjectFormat.objectIdentifier.identifier | Text | |
| xades.qualifyingProperties.signedProperties.signedDataObjectProperties.dataObjectFormat.objectIdentifier.identifier_qualifier | Text | |
| xades.qualifyingProperties.signedProperties.signedDataObjectProperties.dataObjectFormat.objectIdentifier.description | Text | |
| xades.qualifyingProperties.signedProperties.signedDataObjectProperties.dataObjectFormat.mimeType | Text | |
| xades.qualifyingProperties.signedProperties.signedDataObjectProperties.dataObjectFormat.encoding | Text |
xades:SigningCertificate is added automatically
xades:SignaturePolicyImplied is added if signaturePolicyId.length is 0
xades:SigPolicyHash is added automatically from policy
not implemented
| Property | Type | Description |
|---|---|---|
| xades.qualifyingProperties.unsignedProperties | Object | |
| xades.qualifyingProperties.unsignedProperties.id | Text | |
| xades.qualifyingProperties.unsignedProperties.unsignedSignatureProperties[] | Collection | |
| xades.qualifyingProperties.unsignedProperties.unsignedSignatureProperties[].signatureTimeStamp | Object | |
| xades.qualifyingProperties.unsignedProperties.unsignedDataObjectProperties[] | Collection | |
| xades.qualifyingProperties.unsignedProperties.unsignedDataObjectProperties[].unsignedDataObjectProperty | Text |
Only the XAdES-B-B form is supported.
Results
| Property | Type | Description |
|---|---|---|
| crypto | Text | crypto engine name openssl |
| success | Boolean | |
| error | Text | error message |
| xml | Text | signed XML |
status:=xmlsec x509(cert;params)
Parameter
Type
Description
cert
BLOB
der, pem or p12
params
Object
status
Object
This is a convenience method to get the certificate expire date.
Params
* indicates default value
| Property | Type | Description |
|---|---|---|
| cert | Text | format of certificate pem* der pkcs12 |
| password | Text | password to read pkcs12 |
Results
| Property | Type | Description |
|---|---|---|
| success | Boolean | |
| notBefore | Text | |
| notAfter | Text |
PREVIOUSNative Encoding Detection