Module xmerl_dsig

XML digital signatures for xmerl.

Description

XML digital signatures for xmerl

Functions for performing XML digital signature generation and verification, as specified at http://www.w3.org/TR/xmldsig-core/ .

These routines work on xmerl data structures (see the xmerl user guide for details).

Currently only RSA + SHA1|SHA256 signatures are supported, in the typical enveloped mode.

Data Types

fingerprint()

fingerprint() = binary() | {sha | sha256, binary()}

sig_method()

sig_method() = rsa_sha1 | rsa_sha256

sig_method_uri()

sig_method_uri() = string()

xml_thing()

xml_thing() = #xmlDocument{} | #xmlElement{} | #xmlAttribute{} | #xmlPI{} | #xmlText{} | #xmlComment{}

Function Index

digest/1Returns the canonical digest of an (optionally signed) element.
sign/3Signs the given XML element by creating a ds:Signature element within it, returning the element with the signature added.
sign/4
strip/1Returns an xmlelement without any ds:Signature elements that are inside it.
verify/1Verifies an XML digital signature, trusting any valid certificate.
verify/2Verifies an XML digital signature on the given element.

Function Details

digest/1

digest(Element::#xmlElement{}) -> binary()

Returns the canonical digest of an (optionally signed) element

Strips any XML digital signatures and applies any relevant InclusiveNamespaces before generating the digest.

sign/3

sign(Element::#xmlElement{}, PrivateKey::#'RSAPrivateKey'{}, CertBin::binary()) -> #xmlElement{}

Signs the given XML element by creating a ds:Signature element within it, returning the element with the signature added.

Don't use "ds" as a namespace prefix in the envelope document, or things will go baaaad.

sign/4

sign(Element::#xmlElement{}, PrivateKey::#'RSAPrivateKey'{}, CertBin::binary(), SignatureMethod::sig_method() | sig_method_uri()) -> #xmlElement{}

strip/1

strip(Element::#xmlElement{} | #xmlDocument{}) -> #xmlElement{}

Returns an xmlelement without any ds:Signature elements that are inside it.

verify/1

verify(Element::xml_thing()) -> ok | {error, bad_digest | bad_signature | cert_not_accepted}

Verifies an XML digital signature, trusting any valid certificate.

This is really not recommended for production use, but it's handy in testing/development.

verify/2

verify(Element::#xmlElement{}, Fingerprints::[fingerprint()] | any) -> ok | {error, bad_digest | bad_signature | cert_not_accepted}

Verifies an XML digital signature on the given element.

Fingerprints is a list of valid cert fingerprints that can be accepted.

Will throw badmatch errors if you give it XML that is not signed according to the xml-dsig spec. If you're using something other than rsa+sha1 or sha256 this will asplode. Don't say I didn't warn you.


Generated by EDoc