Module xmlrat_dsig

Description
Data Types
Function Index
Function Details

Implementation of XML Digital Signature (DSIG).

Description

Implementation of XML Digital Signature (DSIG).

See W3C Recommendation: XML Signature Syntax and Processing Version 1.1.

Features supported:

Sign and validate enveloped signatures
Sign and validate detached signatures
Signatures on specific elements by ID
C14N transforms
KeyInfo for RSA and ECDSA keys, with or without X.509 certificates
RSA at standard key lengths
EC curves: NIST P-256, NIST P-384, NIST P-521
Hash functions: SHA2-512, SHA2-384, SHA2-256, SHA-1

The behaviours xmlrat_dsig_signer and xmlrat_dsig_verifier allow providing a callback module to customise the behaviour of xmlrat_dsig with respect to obtaining and using private keys and validating public keys and certificates.

Data Types

cert()

cert() = #'OTPCertificate'{}

hash_algo()

hash_algo() = sha | sha256 | sha384 | sha512

id()

id() = binary()

key_details()

key_details() = #{public_key => pubkey(), certificate => cert(), name => binary()}

pubkey()

pubkey() = #'RSAPublicKey'{} | {integer(), #'Dss-Parms'{}} | {#'ECPoint'{}, {namedCurve, tuple() | atom()}}

pubkey_algo()

pubkey_algo() = rsa | dsa | ecdsa | hmac

sign_options()

sign_options() = #{signer_options => map(), signer => module(), detached => boolean(), signed_elements => [id()], hash_preferences => [xmlrat_dsig_signer:hash_algo()]}

verify_options()

verify_options() = #{verifier_options => map(), verifier => module()}

Function Index

generate_key/1	Generate a ds:KeyInfo element.
parse_key/1	Parse a ds:KeyInfo element.
sign/2	Signs an XML document.
verify/2	Verifies an enveloped XML-DSIG signature.
verify/3	Verifies a detached XML-DSIG signature.

Function Details

generate_key/1

generate_key(KD::key_details()) -> {ok, xmlrat:document()} | {error, term()}

Generate a ds:KeyInfo element.

Inverse of parse_key/1. Converts a key_details() map into a ds:KeyInfo element.

parse_key/1

parse_key(Doc::xmlrat:document()) -> {ok, key_details()} | {error, term()}

Parse a ds:KeyInfo element.

Converts a ds:KeyInfo element into the more friendly key_details() map, containing decoded certificates and public keys.

sign/2

sign(Doc::xmlrat:document(), Opts0::sign_options()) -> {ok, xmlrat:document()} | {error, term()}

Signs an XML document.

Returns either the complete enveloped document with signature (if detached is false, the default); or just the detached signature document.

verify/2

verify(Doc::xmlrat:document(), Opts::verify_options()) -> {ok, VerifiedSubset::xmlrat:document()} | {error, term()}

Verifies an enveloped XML-DSIG signature.

The signature may not cover every part of the subject document, so this function (and verify/3) return a VerifiedSubset document containing just the parts covered by the signature. Parent elements of covered elements are preserved, but have all their attributes and other content (other than the signed parts) removed.

verify/3

verify(SignedDoc::xmlrat:document(), SigDoc::xmlrat:document(), Opts::verify_options()) -> {ok, VerifiedSubset::xmlrat:document()} | {error, term()}

Verifies a detached XML-DSIG signature.

Generated by EDoc