XMLDsig and XAdES

 

XML signature based on xmlsec.

miyako/4d-plugin-xmlsec

status:=xmlsec sign(params{;key{;certs}})
Parameter
Type
Description
params
Object
see below
key
BLOB
key used to sign the XML. typically PEM, DER or P12
certs
ARRAY BLOB
an array of chained certificates that qualify the signer. not used if key is P12. the order doesn't matter, but element 0 must be the signing certficate (so the same value will appear twice in the array) for XAdES
hash:=xmlsec hash(data{;algorithm})
Parameter
Type
Description
data
BLOB
data to hash
algorithm
Text
sha1 (default), sha224, sha256, sha384 or sha512
hash
Text
base64 encoded hash

This is a convenience method to hash a BLOB.

Params (XMLDsig)

* indicates default value

Property Type Description
xml Text source text
key Text format of private key pem* der pkcs12
password Text password to read private key
cert Text format of certificates pem* der
xmldsig Object root object for XMLDsig
xmldsig.digest Text dsig:DigestMethod@Algorithm sha1* sha224 sha256 sha384 sha512
xmldsig.ref Object dsig:Reference
xmldsig.ref.id Text dsig:Reference@Id
xmldsig.ref.uri Text dsig:Reference@URI
xmldsig.ref.type Text dsig:Reference@Type
xmldsig.sign Text dsig:SignatureMethod rsa-sha1* rsa-sha224 rsa-sha256 rsa-sha384 rsa-sha512 hmac-sha1 hmac-sha224 hmac-sha256 hmac-sha384 hmac-sha512 dsa-sha1 dsa-sha256 ecdsa-sha1 ecdsa-sha224 ecdsa-sha256 ecdsa-sha384 ecdsa-sha512
xmldsig.c14n Text dsig:CanonicalizationMethod 1.0* 1.0.c 1.1 1.1.c 1.0.e 1.0.e.c
xmldsig.ns Text [namespace ds*
xmldsig.id Text xmldsig:Signature@Id
xmldsig.ski Boolean false*
xmldsig.crl Boolean false*
xmldsig.subjectName Boolean false*
xmldsig.keyValue Boolean true*
xmldsig.issuerSerial Boolean false*
xmldsig.certificate Boolean true*
xmldsig.keyInfo Object  
xmldsig.keyInfo.id Text dsig:KeyInfo@Id
xmldsig.keyInfo.keyName Text dsig:KeyInfo/dsig:KeyName

Params (XAdES)

* indicates default value

Property Type Description
xades Text root object for XAdES
xades.ns Text namespace xades*
xades.digest Text xades:DigestValue@Algorithm sha1* sha224 sha256 sha384 sha512
xades.qualifyingProperties Object xades:QualifyingProperties
xades.qualifyingProperties.signedProperties Object xades:SignedProperties
xades.qualifyingProperties.signedProperties.id Object  
xades.qualifyingProperties.signedProperties.signedSignatureProperties Object xades:SignedSignatureProperties
xades.qualifyingProperties.signedProperties.signedSignatureProperties.signingTime Text  
xades.qualifyingProperties.signedProperties.signedSignatureProperties.signaturePolicyIdentifer Object  
xades.qualifyingProperties.signedProperties.signedSignatureProperties.signaturePolicyIdentifer.signaturePolicyId[] Collection  
xades.qualifyingProperties.signedProperties.signedSignatureProperties.signaturePolicyIdentifer.signaturePolicyId[].sigPolicyId Object  
xades.qualifyingProperties.signedProperties.signedSignatureProperties.signaturePolicyIdentifer.signaturePolicyId[].sigPolicyId.identifier Text  
xades.qualifyingProperties.signedProperties.signedSignatureProperties.signaturePolicyIdentifer.signaturePolicyId[].sigPolicyId.digest Text  
xades.qualifyingProperties.signedProperties.signedSignatureProperties.signaturePolicyIdentifer.signaturePolicyId[].sigPolicyId.description Text  
xades.qualifyingProperties.signedProperties.signedSignatureProperties.signaturePolicyIdentifer.signaturePolicyId[].sigPolicyId.documentationReferences[] Collection  
xades.qualifyingProperties.signedProperties.signedSignatureProperties.signaturePolicyIdentifer.signaturePolicyId[].sigPolicyId.documentationReferences[].documentationReference Text  
xades.qualifyingProperties.signedProperties.signedDataObjectProperties Object  
xades.qualifyingProperties.signedProperties.signedDataObjectProperties.dataObjectFormat Object  
xades.qualifyingProperties.signedProperties.signedDataObjectProperties.dataObjectFormat.id Text  
xades.qualifyingProperties.signedProperties.signedDataObjectProperties.dataObjectFormat.description Text  
xades.qualifyingProperties.signedProperties.signedDataObjectProperties.dataObjectFormat.objectIdentifier Object  
xades.qualifyingProperties.signedProperties.signedDataObjectProperties.dataObjectFormat.objectIdentifier.identifier Text  
xades.qualifyingProperties.signedProperties.signedDataObjectProperties.dataObjectFormat.objectIdentifier.identifier_qualifier Text  
xades.qualifyingProperties.signedProperties.signedDataObjectProperties.dataObjectFormat.objectIdentifier.description Text  
xades.qualifyingProperties.signedProperties.signedDataObjectProperties.dataObjectFormat.mimeType Text  
xades.qualifyingProperties.signedProperties.signedDataObjectProperties.dataObjectFormat.encoding Text  

xades:SigningCertificate is added automatically

xades:SignaturePolicyImplied is added if signaturePolicyId.length is 0

xades:SigPolicyHash is added automatically from policy

not implemented

Property Type Description
xades.qualifyingProperties.unsignedProperties Object  
xades.qualifyingProperties.unsignedProperties.id Text  
xades.qualifyingProperties.unsignedProperties.unsignedSignatureProperties[] Collection  
xades.qualifyingProperties.unsignedProperties.unsignedSignatureProperties[].signatureTimeStamp Object  
xades.qualifyingProperties.unsignedProperties.unsignedDataObjectProperties[] Collection  
xades.qualifyingProperties.unsignedProperties.unsignedDataObjectProperties[].unsignedDataObjectProperty Text  

Only the XAdES-B-B form is supported.

Results

Property Type Description
crypto Text crypto engine name openssl
success Boolean  
error Text error message
xml Text signed XML
status:=xmlsec x509(cert;params)
Parameter
Type
Description
cert
BLOB
der, pem or p12
params
Object
status
Object

This is a convenience method to get the certificate expire date.

Params

* indicates default value

Property Type Description
cert Text format of certificate pem* der pkcs12
password Text password to read pkcs12

Results

Property Type Description
success Boolean  
notBefore Text  
notAfter Text