All predicatesShow sourcexmldsig.pl -- XML Digital signature

This library deals with XMLDSIG, RSA signed XML documents.

See also
- http://www.di-mgt.com.au/xmldsig.html
- https://www.bmt-online.org/geekisms/RSA_verify
- http://stackoverflow.com/questions/5576777/whats-the-difference-between-nid-sha-and-nid-sha1-in-openssl
Source xmld_signed_DOM(+DOM, -SignedDOM, +Options) is det
Translate an XML DOM structure in a signed version. Options:
key_file(+File)
File holding the private key needed to sign
key_password(+Password)
String holding the password to op the private key.

The SignedDOM must be emitted using xml_write/3 or xml_write_canonical/3. If xml_write/3 is used, the option layout(false) is needed to avoid changing the layout of the SignedInfo element and the signed DOM, which will cause the signature to be invalid.

Source dom_hash(+DOM, -ODOM, -Hash, +Options) is det[private]
Compute the digest for DOM.
Arguments:
Hash- is the base64 encoded version of the selected SHA algorithm.
Source signed_info(+Hash, -Signature, -SDOM, -KeyDOM, +Options)[private]
Source signed_info_dom(+Hash, -SDOM, +Options) is det[private]
True when SDOM is the xmldsign:Signature DOM for an object with the given Hash.
Source rsa_signature(+SignedInfo:string, -Signature, -KeyDOM, +Options)[private]
Source rsa_key_dom(+Key, -DOM) is det[private]
Produce the KeyInfo node from the private key.
Source key_info(+Key, -Info) is det[private]
Extract the RSA modulus and exponent from a private key. These are the first end second field of the rsa term. They are represented as hexadecimal encoded bytes. We must recode this to base64.
To be done
- Provide better support from library(ssl).
Source xmld_verify_signature(+DOM, +SignatureDOM, -Certificate, +Options) is det
Confirm that an ds:Signature element contains a valid signature. Certificate is bound to the certificate that appears in the element if the signature is valid. It is up to the caller to determine if the certificate is trusted or not.

Note: The DOM and SignatureDOM must have been obtained using the load_structure/3 option keep_prefix(true) otherwise it is impossible to generate an identical document for checking the signature. See also xml_write_canonical/3.