Musings about Coding, Business and other Geek Stuff Live and Direct from somewhere on the planet
March 24, 2004
New release of NeuClear XMLSig for Dom4j

I am happy to announce the 0.12 release of NeuClear XMLSIG. Major new
features are:

  • Safer Application Oriented API
  • Improved verification of Reference Types
  • Simpler API
  • Support for X509 Certificates
  • Improved Interoperability

Also released is the 0.6 release of NeuClear Commons which is required by NeuClear XMLSig.

For a list of all changes see the 0.12 Release Notes on JIRA

NeuClear XMLSig is a java library that use the following libraries:

It is not designed for completeness. The features that we support are
generally features needed for NeuClear. If any one is interested in
implementing the missing features for full interopability please let me know.

For more information see NeuClear XMLSig

Example Sign XML Element

// First we'll create a KeyPair
KeyPair kp=CryptoTools.createTinyRSAKeyPair();

Document doc=DocumentHelper.parseText("<test><test2/></test>");
Element elem=doc.getRootElement();

EnvelopedSignature envsig=new EnvelopedSignature(kp,elem);
System.out.println(doc.asXML());

This will leave you with the Element looking like this:


<test><test2/><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference><ds:Transforms><ds:Transform ds:Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform ds:Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/></ds:Transforms>
<ds:DigestMethod ds:Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>
B/P2qMqBvrZCYSa5RDuKHY9s8j4=
</ds:DigestValue></ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>gIYL0CM6xeniLgqRqPqsFEFx7Rrv7vKvW/sBlgoCyn7BlX+OTizulwGOFmw3Q9H5vFcSfFjTO8Y1TJcnIMnKzg==</ds:SignatureValue>
<ds:KeyInfo><ds:KeyValue><ds:RSAKeyValue><ds:Modulus>
zi2oiVe/tXSsGe8U1zT6znn2kFG3FXwjZ+NW8l2GcTd9zt1Y3dpScbUzzvbeQqfUw0uzPetRrK6h
fhCeo4D0Uw==
</ds:Modulus>
<ds:Exponent>
AQAB
</ds:Exponent>
</ds:RSAKeyValue>
</ds:KeyValue>
</ds:KeyInfo>
</ds:Signature></test>

Verify Enveloped XML Element

It is very simple to verify a signature. Just feed the signed xml element to the constructor of EnvelopedSignature:

try {
     EnvelopedSignature verified=new EnvelopedSignature(elem);
} catch (InvalidSignatureException e) {
     System.err.println("Invalid Signature");
}

Philosophy

The XML Signature standard was designed very much as a low level standard. Most API’s reflect this and allow all manners of types of signatures, which could potentially lead to major security holes.

The NeuClear XMLSig library was developed for application developers and allows you to work with most major types of XML Signatures safely and without knowing the quite complex XML Signature Standard

For more examples on how to use it see the new Busy Developers Guide to NeuClear XMLSig


Related Entries about Crypto & Security:
Posted by pelleb at March 24, 2004 09:38 AM
This entry was posted in the following Categories: Crypto & Security , Java , Open Source , Web Services
Comments
Post a comment
Name:


Email Address:


URL:


Comments:


Remember info?