XML Security Library Reference Manual: XML Security Library Reference Manual

Aleksey Sanin

<aleksey@aleksey.com>

Copyright © 2002-2022 Aleksey Sanin

Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are preserved on all copies.

Permission is granted to copy and distribute modified versions of this manual under the conditions for verbatim copying, provided also that the entire resulting derived work is distributed under the terms of a permission notice identical to this one.

Permission is granted to copy and distribute translations of this manual into another language, under the above conditions for modified versions.

This manual documents the interfaces of the xmlsec library and has some short notes to help get you up to speed with using the library.

I. XML Security Library Tutorial

XML Security Library Structure.

Building the application with XML Security Library.

Overview.
Include files.
Compiling and linking on Unix.
Compiling and linking on Windows.
Compiling and linking on other systems.

Initialization and shutdown.

Signing and encrypting documents.

Overview.
Signing a document.
Encrypting data.

Creating dynamic templates.

Overview.
Creating dynamic signature templates.
Creating dynamic encryption templates.

Verifing and decrypting documents.

Overview.
Verifying a signed document
Decrypting an encrypted document

Keys manager.

Overview.
Simple keys store.
Using keys manager for signatures/encryption.
Using keys manager for verification/decryption.
Implementing a custom keys store.

Using X509 Certificates.

Overview.
Signing data with X509 certificate.
Verifing document signed with X509 certificates.

Transforms and transforms chain.

Using context objects.

Adding support for new cryptographic library.

Overview.
xmlSecCryptoApp* functions.
Klasses and objects.
Cryptographic transforms.
Keys data and keys data stores.
Default keys manager.
Sharing the results.

XML Security Library Examples.

Signing a template file.

sign1.c
sign1-tmpl.xml
sign1-res.xml

Signing a dynamicaly created template.

sign2.c
sign2-doc.xml
sign2-res.xml

Signing with X509 certificate.

sign3.c
sign3-doc.xml
sign3-res.xml

Verifying a signature with a single key.

verify1.c

Verifying a signature with keys manager.

verify2.c

Verifying a signature with X509 certificates.

verify3.c

Verifying a signature with additional restrictions.

verify4.c
verify4-tmpl.xml
verify4-res.xml
verify4-bad-tmpl.xml
verify4-bad-res.xml

Encrypting data with a template file.

encrypt1.c
encrypt1-tmpl.xml
encrypt1-res.xml

Encrypting data with a dynamicaly created template.

encrypt2.c
encrypt2-doc.xml
encrypt2-res.xml

Encrypting data with a session key.

encrypt3.c
encrypt3-doc.xml
encrypt3-res.xml

Decrypting data with a single key.

decrypt1.c

Decrypting data with keys manager.

decrypt2.c

Writing a custom keys manager.

decrypt3.c

APPENDIX A. XML Security Library Signature Klasses.

APPENDIX B. XML Security Library Encryption Klasses.

II. XML Security Library API Reference.

XML Security Core Library API Reference.

app — Crypto-engine independent application support functions.
base64 — Base64 encoding/decoding functions and base64 transform implementation.
bn — Big numbers support functions.
buffer — Binary memory buffer functions.
dl — Dynamic crypto-engine library loading functions.
errors — Error reporting and logging functions.
io — Input/output functions.
keyinfo — <dsig:KeyInfo/> node parser functions.
keysdata — Crypto key data object functions.
keys — Crypto key object functions.
keysmngr — Keys manager object functions.
list — Generic list structure functions.
membuf — Memory buffer transform functions.
nodeset — XML nodes set functions
parser — XML parser functions and the XML parser transform implementation.
templates — XML signature and encryption template functions.
transforms — XMLDsig and XMLEnc transforms.
version — Version macros.
xmldsig — XML Digital Signature functions.
xmlenc — XML Encryption support.
xmlsec — Utility functions.
xmltree — XML tree functions.

XML Security Library for OpenSLL API Reference.

app — Application support functions for OpenSSL.
crypto
evp
x509 — X509 certificates implementation for OpenSSL.

XML Security Library for GnuTLS API Reference.

app — Application support functions for GnuTLS.
crypto
x509 — X509 certificates implementation for GnuTLS.

XML Security Library for GCrypt API Reference.

app — Application support functions for GCrypt.
crypto — Core crypto functions for GCrypt.

XML Security Library for NSS API Reference.

app — Application support functions for NSS.
crypto
keysstore — Keys store implementation for NSS.
pkikeys — Private/public keys implementation for NSS.
x509 — X509 certificates implementation for NSS.

XML Security Library for Microsoft Crypto API Reference.

app — Application support functions for Microsoft Crypto API.
certkeys — Certificate keys support functions for Microsoft Crypto API.
crypto — Crypto transforms implementation for Microsoft Crypto API.
keysstore — Keys store implementation for Microsoft Crypto API.
x509 — X509 certificates implementation for Microsoft Crypto API.

XML Security Library for Microsoft Cryptography API: Next Generation (CNG) Reference.

app — Application support functions for Microsoft Cryptography API: Next Generation (CNG).
certkeys — Certificate keys support functions for Microsoft Cryptography API: Next Generation (CNG).
crypto
keysstore — Keys store implementation for Microsoft Cryptography API: Next Generation (CNG).
x509 — X509 certificates implementation for MSCng.

XML Security Library Reference Index