XAdES is short for "XML Advanced Electronic Signatures", it is a superset of XMLDSIG. This library aims to provide an implementation of XAdES in Typescript/Javascript that is built on XMLDSIGjs.
Since it is based on XMLDSIGjs and that library uses Web Crypto for cryptographic operations it can be used both in browsers and in Node.js (when used with a polyfill like webcrypto, node-webcrypto-ossl or node-webcrypto-p11).
There are seven different profiles of XAdES, they are:
Basic Electronic Signature (XAdES-BES)
XAdES with Timestamp (XAdES-T)
XAdES with Complete Validation Data (XAdES-C)
XAdES with Extended Validation Data (XAdES-X)
XAdES with Extended Long Term Validation Data (XAdES-X-L)
XAdES with Archiving Validation Data (XAdES-A)
XAdES with Explicit policy electronic signatures (XAdES-EPES)
They differ slightly based on what is included in the signature:
Provides Digital Signature
Includes Cryptographic Timestamp
Includes Revocation References
Includes Revocation Data
Allows Secure Timestamp Countersignature
XAdES-BES
Yes
No
No
No
No
XAdES-EPES
Yes
No
No
No
No
XAdES-T
Yes
Yes
No
No
No
XAdES-C
Yes
Yes
Yes
No
No
XAdES-X
Yes
Yes
Yes
No
No
XAdES-X-L
Yes
Yes
Yes
Yes
No
XAdES-A
Yes
Yes
Yes
Yes
Yes
Only XAdES-BES (in BOLD) is fully supported by XAdESjs. For the other variants can be created, decoded and verified but the caller must do the construction and policy to ensure compliant messages on their own.
INSTALLING
npm install xadesjs
The npm module has a dist folder with the following files:
Name
Size
Description
index.js
105 Kb
UMD module with external modules. Has comments
xades.js
803 Kb
UMD bundle module. Has comments
xades.min.js
296 Kb
minified UMD bundle module
There is also a lib folder with an ES2015 JS file which you can use with rollup bundler.
COMPATABILITY
CRYPTOGRAPHIC ALGORITHM SUPPORT
Name
SHA1
SHA2-256
SHA2-384
SHA2-512
RSASSA-PKCS1-v1_5
X
X
X
X
RSA-PSS
X
X
X
X
ECDSA
X
X
X
X
HMAC
X
X
X
X
CANONICALIZATION ALGORITHM SUPPORT
XmlDsigC14NTransform
XmlDsigC14NWithCommentsTransform
XmlDsigExcC14NTransform
XmlDsigExcC14NWithCommentsTransform
XmlDsigEnvelopedSignatureTransform
XmlDsigBase64Transform
PLATFORM SUPPORT
XAdESjs works with any browser that suppports Web Crypto. Since node does not have Web Crypto you will need a polyfill on this platform, for this reason the npm package includes webcrypto; browsers do not need this dependency and in those cases though it will be installed it will be ignored.
If you need to use a Hardware Security Module we have also created a polyfill for Web Crypto that supports PKCS #11. Our polyfill for this is node-webcrypto-p11.
To use node-webcrypto-ossl you need to specify you want to use it, that looks like this:
The node-webcrypto-p11 polyfill will work the same way. The only difference is that you have to specify the details about your PKCS #11 device when you instansiate it:
var xadesjs =require("./built/xades.js");
var WebCrypto =require("node-webcrypto-p11").WebCrypto;
Using XMLDSIG is a bit like running with scissors, that said it is needed for interoperability with a number of systems, for this reason, we have done this implementation.
hash:{ name:"SHA-1"},//can be "SHA-1", "SHA-256", "SHA-384", or "SHA-512"
},
false,//whether the key is extractable (i.e. can be used in exportKey)
["sign","verify"]//can be any combination of "sign" and "verify"
)
.then(function(keyPair){
// Push ganerated keys to global variable
privateKey =keyPair.privateKey;
publicKey =keyPair.publicKey;
// Call sign function
var xmlString ='<player bats="left" id="10012" throws="right">\n\t<!-- Here\'s a comment -->\n\t<name>Alfonso Soriano</name>\n\t<position>2B</position>\n\t<team>New York Yankees</team>\n</player>';
false,//whether the key is extractable (i.e. can be used in exportKey)
["sign","verify"]//can be any combination of "sign" and "verify"
)
.then(function(keyPair){
// Push ganerated keys to global variable
privateKey =keyPair.privateKey;
publicKey =keyPair.publicKey;
// Call sign function
var xmlString ='<player bats="left" id="10012" throws="right">\n\t<!-- Here\'s a comment -->\n\t<name>Alfonso Soriano</name>\n\t<position>2B</position>\n\t<team>New York Yankees</team>\n</player>';