XML digital signatures (xmldsig)
This module performs XML digital signature production and verification as specified in xmldsig-core.
To operate, a preconstructed DOM object is required. Any object that implements the DOM Level 2 API will suffice. I recommend xmldom if you're working with node, or your browser's native DOM implementation if you're not.
Also see example.js.
//
// $ openssl genrsa 1024 > signer.key
// $ openssl rsa -pubout < signer.key > signer.pub
//
var fs = require("fs"),
xmldom = require("xmldom");
var dsig = require("xml-dsig");
var xml = '<docs><doc id="doc-1"/><doc id="doc-2"/></docs>',
doc = (new xmldom.DOMParser()).parseFromString(xml);
var options = {
signatureOptions: {
privateKey: fs.readFileSync("./signer.key"),
publicKey: fs.readFileSync("./signer.pub"),
}
};
var node = doc.documentElement;
var signature = dsig.createSignature(node, options),
enveloped = dsig.insertEnvelopedSignature(node, options);
console.log("");
console.log(node.toString());
console.log("");
console.log(signature.toString());
console.log("");
console.log(enveloped.toString());
console.log("");
console.log(dsig.verifySignature(node, signature, options));
console.log("");
<docs><doc id="doc-1"/><doc id="doc-2"/></docs>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><Reference URI=""><Transforms><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><DigestValue>7CHcwH1bPS0AQ0mk/Js5PZv4nn1hiODMoG1iwa9kKRo=</DigestValue></Reference><CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/></SignedInfo><SignatureValue>UzjDCBHby6jvY/ZhyJCfz41l062uidQpI7VYTTF+Uix47zLiKFAPYVT6ICeZ5d8yYVEKWi5AydkStlj3OruwHupZdx27vy+EXRZM5If7xCWDCXuyf+vV3la9qkSk1CceLeDbwsz4dpIp08h+AkfJipPlMXuYhoqjj2bzjdqroh8=</SignatureValue></Signature>
<docs><doc id="doc-1"/><doc id="doc-2"/><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><Reference URI=""><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><DigestValue>7CHcwH1bPS0AQ0mk/Js5PZv4nn1hiODMoG1iwa9kKRo=</DigestValue></Reference><CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/></SignedInfo><SignatureValue>S2Qt11e4wO5fJy41BMFS0YF2fiCSfF08WioXhgXRfp26QqDnTvCi5vIijFnbI/fFnqn01eOOGj3IDm26YMHfXoP6NSo6zECkj4OJDLxheuPvMJi5NRxSRRdGH2LeQ3qVRcPtxmz2+djdCQPM6YG7UAP2MKao0U7vydYwdIqGM7g=</SignatureValue></Signature></docs>
true
Available via npm:
$ npm install xml-dsig
Or via git:
$ git clone git://github.com/deoxxa/xml-dsig.git node_modules/xml-dsig
dsig.createSignature
Creates a signature element from an XML DOM node.
dsig.createSignature(node, options);
// returns a DOM node representing the Signature element
var signature = dsig.createSignature(node, {
transforms: ["http://www.w3.org/2001/10/xml-exc-c14n#"],
canonicalisationAlgorithm: "http://www.w3.org/2001/10/xml-exc-c14n#",
digestAlgorithm: "http://www.w3.org/2001/04/xmlenc#sha256",
signatureAlgorithm: "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256",
signatureOptions: {
privateKey: "...",
publicKey: "...",
},
});
Arguments
- node - a DOM node implementing DOM Level 2
- options - an object specifying options for how to construct the signature
dsig.verifySignature
Verifies a signature given a DOM node, a signature element, and any required parameters for the signature (keys, etc).
dsig.verifySignature(node, signatureElement, options);
var signatureIsValid = dsig.verifySignature(node, signatureElement, options);
Arguments
- node - a DOM node implementing DOM Level 2
- signatureElement - a DOM node representing the XML signature to check
- options - an object specifying options for how to construct the signature (see
createSignature
above for more information)
dsig.insertEnvelopedSignature
Creates a signature with an enveloped signature transformation applied and returns a new element with the signature inserted as a child node.
dsig.insertEnvelopedSignature(node, options);
var newElement = dsig.insertEnvelopedSignature(node, options);
- node - a DOM node implementing DOM Level 2
- options - an object specifying options for how to construct the signature (see
createSignature
above for more information)
3-clause BSD. A copy is included with the source.
- GitHub (deoxxa)
- Twitter (@deoxxa)
- ADN (@deoxxa)
- Email (deoxxa@fknsrs.biz)