XMLDSIGjs
XMLDSIG is short for "XML Digital Signature". This library aims to provide an implementation of XMLDSIG in Typescript/Javascript that uses Web Crypto for cryptographic operations so it can be used both in browsers and in Node.js (when used with a polyfill like node-webcrypto-ossl or node-webcrypto-p11).
COMPATABILITY
CRYPTOGRAPHIC ALGORITHM SUPPORT
SHA1 | SHA2-256 | SHA2-384 | SHA2-512 | |
---|---|---|---|---|
RSASSA-PKCS1-v1_5 | X | X | X | X |
RSA-PSS | X | X | X | X |
ECDSA | X | X | X | X |
HMAC | X | X | X | X |
CANONICALIZATION ALGORITHM SUPPORT
- XmlDsigC14NTransform
- XmlDsigC14NWithCommentsTransform
- XmlDsigExcC14NTransform
- XmlDsigExcC14NWithCommentsTransform
- XmlDsigEnvelopedSignatureTransform
- XmlDsigBase64Transform
PLATFORM SUPPORT
XMLDSIGjs works with any browser that suppports Web Crypto. Since node does not have Web Crypto you will need a polyfill on this platform, for this reason the npm package includes node-webcrypto-ossl; browsers do not need this dependency and in those cases though it will be installed it will be ignored.
If you need to use a Hardware Security Module we have also created a polyfill for Web Crypto that supports PKCS #11. Our polyfill for this is node-webcrypto-p11.
To use node-webcrypto-ossl you need to specify you want to use it, that looks like this:
var xmldsigjs = ;var WebCrypto = ; xmldsigjsApplication;
The node-webcrypto-p11 polyfill will work the same way. The only difference is that you have to specify the details about your PKCS #11 device when you instansiate it:
var xmldsigjs = ;var WebCrypto = ; xmldsigjsApplication;
WARNING
Using XMLDSIG is a bit like running with scissors so use it cautiously. That said it is needed for interoperability with a number of systems, for this reason, we have done this implementation.
Usage
Sign
SignedXml.Signalgorithm: Algorithm, key: CryptoKey, data: Document, options?: OptionsSign: PromiseLike<Signature>;
Parameters
Name | Description |
---|---|
algorithm | Signing Algorithm |
key | Signing Key |
data | XML document which must be signed |
options | Additional options |
Options
;
Verify
Verifykey?: CryptoKey: PromiseLike<boolean>;
Parameters
Name | Description |
---|---|
key | Verifying Key. Optional. If key not set it looks for keys in KeyInfo element of Signature. |
EXAMPLES
For Sign/Verify operations you need to use CryptoKey. You can use examples for it
Initiating in NodeJs
"use strict"; const WebCrypto = ;const crypto = ;const XmlCore = ;const XmlDSigJs = ; XmlDSigJsApplication;
Initiating in Browser
Creating a XMLDSIG Signature
"use strict"; let signature = ; signature ;
Checking a XMLDSIG Signature
"use strict"; let doc = XmlCoreXmlObject;let signature = doc; let signedXml = doc;signedXml; signedXml ;
Browser Verify Example
XMLDSIGjs Verify Sample
TESTING
In NodeJS:
npm test
In the browser
To run the browser test you need to run the server, from the test directory run:
npm start
And the then browse to `http://localhost:3000'.
THANKS AND ACKNOWLEDGEMENT
This project takes inspiration (style, approach, design and code) from both the Mono System.Security.Cryptography.Xml implementation as well as xml-crypto.