XML signature based on xmlsec.
status:=xmlsec sign(params{;key{;certs}})
Parameter
Type
Description
params
Object
see below
key
BLOB
key used to sign the XML. typically PEM, DER or P12
certs
ARRAY BLOB
an array of chained certificates that qualify the signer. not used if key is P12. the order doesn't matter, but element 0 must be the signing certficate (so the same value will appear twice in the array) for XAdES
hash:=xmlsec hash(data{;algorithm})
Parameter
Type
Description
data
BLOB
data to hash
algorithm
Text
sha1 (default), sha224, sha256, sha384 or sha512
hash
Text
base64 encoded hash
This is a convenience method to hash a BLOB.
Params (XMLDsig)
*
indicates default value
Property | Type | Description |
---|---|---|
xml | Text | source text |
key | Text | format of private key pem* der pkcs12 |
password | Text | password to read private key |
cert | Text | format of certificates pem* der |
xmldsig | Object | root object for XMLDsig |
xmldsig.digest | Text | dsig:DigestMethod@Algorithm sha1* sha224 sha256 sha384 sha512 |
xmldsig.ref | Object | dsig:Reference |
xmldsig.ref.id | Text | dsig:Reference@Id |
xmldsig.ref.uri | Text | dsig:Reference@URI |
xmldsig.ref.type | Text | dsig:Reference@Type |
xmldsig.sign | Text | dsig:SignatureMethod rsa-sha1* rsa-sha224 rsa-sha256 rsa-sha384 rsa-sha512 hmac-sha1 hmac-sha224 hmac-sha256 hmac-sha384 hmac-sha512 dsa-sha1 dsa-sha256 ecdsa-sha1 ecdsa-sha224 ecdsa-sha256 ecdsa-sha384 ecdsa-sha512 |
xmldsig.c14n | Text | dsig:CanonicalizationMethod 1.0* 1.0.c 1.1 1.1.c 1.0.e 1.0.e.c |
xmldsig.ns | Text | [namespace ds* |
xmldsig.id | Text | xmldsig:Signature@Id |
xmldsig.ski | Boolean | false* |
xmldsig.crl | Boolean | false* |
xmldsig.subjectName | Boolean | false* |
xmldsig.keyValue | Boolean | true* |
xmldsig.issuerSerial | Boolean | false* |
xmldsig.certificate | Boolean | true* |
xmldsig.keyInfo | Object | |
xmldsig.keyInfo.id | Text | dsig:KeyInfo@Id |
xmldsig.keyInfo.keyName | Text | dsig:KeyInfo/dsig:KeyName |
Params (XAdES)
*
indicates default value
Property | Type | Description |
---|---|---|
xades | Text | root object for XAdES |
xades.ns | Text | namespace xades* |
xades.digest | Text | xades:DigestValue@Algorithm sha1* sha224 sha256 sha384 sha512 |
xades.qualifyingProperties | Object | xades:QualifyingProperties |
xades.qualifyingProperties.signedProperties | Object | xades:SignedProperties |
xades.qualifyingProperties.signedProperties.id | Object | |
xades.qualifyingProperties.signedProperties.signedSignatureProperties | Object | xades:SignedSignatureProperties |
xades.qualifyingProperties.signedProperties.signedSignatureProperties.signingTime | Text | |
xades.qualifyingProperties.signedProperties.signedSignatureProperties.signaturePolicyIdentifer | Object | |
xades.qualifyingProperties.signedProperties.signedSignatureProperties.signaturePolicyIdentifer.signaturePolicyId[] | Collection | |
xades.qualifyingProperties.signedProperties.signedSignatureProperties.signaturePolicyIdentifer.signaturePolicyId[].sigPolicyId | Object | |
xades.qualifyingProperties.signedProperties.signedSignatureProperties.signaturePolicyIdentifer.signaturePolicyId[].sigPolicyId.identifier | Text | |
xades.qualifyingProperties.signedProperties.signedSignatureProperties.signaturePolicyIdentifer.signaturePolicyId[].sigPolicyId.digest | Text | |
xades.qualifyingProperties.signedProperties.signedSignatureProperties.signaturePolicyIdentifer.signaturePolicyId[].sigPolicyId.description | Text | |
xades.qualifyingProperties.signedProperties.signedSignatureProperties.signaturePolicyIdentifer.signaturePolicyId[].sigPolicyId.documentationReferences[] | Collection | |
xades.qualifyingProperties.signedProperties.signedSignatureProperties.signaturePolicyIdentifer.signaturePolicyId[].sigPolicyId.documentationReferences[].documentationReference | Text | |
xades.qualifyingProperties.signedProperties.signedDataObjectProperties | Object | |
xades.qualifyingProperties.signedProperties.signedDataObjectProperties.dataObjectFormat | Object | |
xades.qualifyingProperties.signedProperties.signedDataObjectProperties.dataObjectFormat.id | Text | |
xades.qualifyingProperties.signedProperties.signedDataObjectProperties.dataObjectFormat.description | Text | |
xades.qualifyingProperties.signedProperties.signedDataObjectProperties.dataObjectFormat.objectIdentifier | Object | |
xades.qualifyingProperties.signedProperties.signedDataObjectProperties.dataObjectFormat.objectIdentifier.identifier | Text | |
xades.qualifyingProperties.signedProperties.signedDataObjectProperties.dataObjectFormat.objectIdentifier.identifier_qualifier | Text | |
xades.qualifyingProperties.signedProperties.signedDataObjectProperties.dataObjectFormat.objectIdentifier.description | Text | |
xades.qualifyingProperties.signedProperties.signedDataObjectProperties.dataObjectFormat.mimeType | Text | |
xades.qualifyingProperties.signedProperties.signedDataObjectProperties.dataObjectFormat.encoding | Text |
xades:SigningCertificate
is added automatically
xades:SignaturePolicyImplied
is added if signaturePolicyId.length
is 0
xades:SigPolicyHash
is added automatically from policy
not implemented
Property | Type | Description |
---|---|---|
xades.qualifyingProperties.unsignedProperties | Object | |
xades.qualifyingProperties.unsignedProperties.id | Text | |
xades.qualifyingProperties.unsignedProperties.unsignedSignatureProperties[] | Collection | |
xades.qualifyingProperties.unsignedProperties.unsignedSignatureProperties[].signatureTimeStamp | Object | |
xades.qualifyingProperties.unsignedProperties.unsignedDataObjectProperties[] | Collection | |
xades.qualifyingProperties.unsignedProperties.unsignedDataObjectProperties[].unsignedDataObjectProperty | Text |
Only the XAdES-B-B form is supported.
Results
Property | Type | Description |
---|---|---|
crypto | Text | crypto engine name openssl |
success | Boolean | |
error | Text | error message |
xml | Text | signed XML |
status:=xmlsec x509(cert;params)
Parameter
Type
Description
cert
BLOB
der, pem or p12
params
Object
status
Object
This is a convenience method to get the certificate expire date.
Params
*
indicates default value
Property | Type | Description |
---|---|---|
cert | Text | format of certificate pem* der pkcs12 |
password | Text | password to read pkcs12 |
Results
Property | Type | Description |
---|---|---|
success | Boolean | |
notBefore | Text | |
notAfter | Text |
PREVIOUSNative Encoding Detection