I just went thru this. Once you get the knack of it, it is truly a powerful
library.
Here is a series of command lines in a .bat (I downloaded the Windows
binaries) with associated templates and input docs for sign, verify,
encrypt, and decrypt. All work exactly as expected. You have to know a
little about XMLDSIG and XMLENC.
These are a little easier than those in the /tests directory to follow.
You'll have to create your own key material (.PEMs and P12s) using openssl.
Enjoy.
Ed
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of Keith Beattie
Sent: July 16, 2003 9:00 PM
To: [EMAIL PROTECTED]
Hello,
So, the xmlsec1 command line tool looks like a great way to experiment with
signing and veryfying xml docs - for those of us learning about xml sec in
general. I'm having a tough time understanding how to do simple things like
sign a sample xml doc and then verify that signature. On the chance that
someone has some examples or more thorough documentation, I though I'd ask.
Thanks,
ksb
_______________________________________________
xmlsec mailing list
[EMAIL PROTECTED]
http://www.aleksey.com/mailman/listinfo/xmlsec
xmlsec encrypt --pubkey-pem EdShallowPub.pem --session-key des-192 --xml-data
encrypt1-doc.xml --node-name Salary --output encrypted-3des-kt-RSA.xml
tmpl-EPM-encrypt-3des-kt-RSA.xml
PAUSE
xmlsec decrypt --pkcs12 EdSign.p12 --output decrypted-3des-kt-RSA.xml
encrypted-3des-kt-RSA.xml
PAUSE
xmlsec encrypt --xml-data encrypt1-doc.xml --node-name Salary --deskey deskey.bin
--output encrypted-3des.xml tmpl-EPM-encrypt-3des.xml
PAUSE
xmlsec decrypt --deskey deskey.bin --output decrypted-3des.xml encrypted-3des.xml
PAUSE
xmlsec encrypt --xml-data encrypt1-doc.xml --node-name Salary --pubkey-pem
EdShallowPub.pem --output encrypted-RSA.xml tmpl-EPM-encrypt-RSA.xml
PAUSE
xmlsec decrypt --pkcs12 EdSign.p12 --pwd ehtreb --output decrypted-RSA.xml
encrypted-RSA.xml
PAUSE
xmlsec sign --pkcs12 EdSign.p12 --output edsigned1.xml --pwd ehtreb tmpl-EPM-sign.xml
PAUSE
xmlsec verify --trusted-der cacert.der edsigned1.xml
PAUSE
PAUSE
PAUSE
openssl rsa -inform PEM -outform PEM -pubout -in EdShallow.pem -out EdShallowPub.pem
PAUSE
xmlsec sign --privkey-pem:EdShallow EdShallow.pem --trusted-der cacert.der --output
edsigned2.xml --pwd ehtreb tmpl1signX509.xml
PAUSE
xmlsec verify --trusted-der cacert.der edsigned2.xml
PAUSE
openssl rsautl -encrypt -in encrypt1.txt -out edencrypted1.txt -inkey EdShallowPub.pem
-pubin
PAUSE
openssl rsautl -decrypt -in edencrypted1.txt -out encrypt1N.txt -inkey EdShallow.pe
<?xml version="1.0" encoding="UTF-8"?>
<!--
XML Security Library - Sample Sign Template - Ed Shallow June 27, 2003
-->
<Envelope xmlns="urn:envelope">
<Data>This is the data to be signed. Ed Test June 30, 2003</Data>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#";>
<SignedInfo> <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue></DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>
</SignatureValue>
<KeyInfo>
<X509Data>
</X509Data>
</KeyInfo>
</Signature>
</Envelope>
<?xml version="1.0" encoding="UTF-8"?>
<!--
XML Security Library example: XML doc file encrypted with a session DES key loaded from file no password.
-->
<EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#"; Type="http://www.w3.org/2001/04/xmlenc#Content";>
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#";>
<KeyName>deskey.bin</KeyName>
</KeyInfo>
<CipherData>
<CipherValue></CipherValue>
</CipherData>
</EncryptedData>
<?xml version="1.0" encoding="UTF-8"?>
<!--
XML Security Library example: XML doc file encrypted with DES sym key then transported using xmlenc#rsa-1_5
-->
<EncryptedData Id="ED" Type="http://www.w3.org/2001/04/xmlenc#Content"; xmlns="http://www.w3.org/2001/04/xmlenc#";>
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<EncryptedKey Id="EK" xmlns="http://www.w3.org/2001/04/xmlenc#";>
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<ds:KeyName>EdShallowPub.pem</ds:KeyName>
</ds:KeyInfo>
<CipherData>
<CipherValue />
</CipherData>
</EncryptedKey>
</ds:KeyInfo>
<CipherData>
<CipherValue />
</CipherData>
</EncryptedData>
<?xml version="1.0" encoding="UTF-8"?>
<!--
XML Security Library example: XML doc file encrypted with recipient's public key using xmlenc#rsa-1_5
-->
<EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#"; Type="http://www.w3.org/2001/04/xmlenc#Content";>
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#";>
<KeyName>EdShallowPub.pem</KeyName>
</KeyInfo>
<CipherData>
<CipherValue></CipherValue>
</CipherData>
</EncryptedData>
<?xml version="1.0" encoding="UTF-8"?>
<!--
XML Security Library example: Original XML doc file before encryption (encrypt2 example).
-->
<PersonalData>
<Name>Ed Shallow</Name>
<StreetAddress>1234 Mockingbird Lane</StreetAddress>
<City>Yellowknife</City>
<PostalCode>W1C6J3</PostalCode>
<SIN>123456789</SIN>
<Salary>1,000,000,000,000</Salary>
</PersonalData>
