3 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
4 <title>XML Security Library: XML Digital Signature</title>
6 <body><table witdh="100%" valign="top"><tr valign="top">
7 <td valign="top" align="left" width="210">
8 <img src="images/logo.gif" alt="XML Security Library" border="0"><p></p>
10 <li><a href="index.html">Home</a></li>
11 <li><a href="download.html">Download</a></li>
12 <li><a href="news.html">News</a></li>
13 <li><a href="documentation.html">Documentation</a></li>
15 <li><a href="faq.html">FAQ</a></li>
16 <li><a href="api/xmlsec-notes.html">Tutorial</a></li>
17 <li><a href="api/xmlsec-reference.html">API reference</a></li>
18 <li><a href="api/xmlsec-examples.html">Examples</a></li>
20 <li><a href="xmldsig.html">XML Digital Signature</a></li>
21 <ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
22 <li><a href="xmlenc.html">XML Encryption</a></li>
23 <li><a href="c14n.html">XML Canonicalization</a></li>
24 <li><a href="bugs.html">Reporting Bugs</a></li>
25 <li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
26 <li><a href="related.html">Related</a></li>
27 <li><a href="authors.html">Authors</a></li>
32 <td><a href="http://xmlsoft.org/"><img src="images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
36 <td><a href="http://xmlsoft.org/XSLT"><img src="images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
40 <td><a href="http://www.openssl.org/"><img src="images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
42 <!--Links - start--><!--Links - end-->
45 <td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
47 <h2>XML Digital Signature</h2>
49 <p> <a href="http://www.w3.org/TR/xmldsig-core">XML
50 Digital Signature 1.0</a> provides <a href="http://www.w3.org/TR/xmldsig-core/#def-Integrity" class="link-def">integrity,</a> <a href="http://www.w3.org/TR/xmldsig-core/#def-AuthenticationMessage" class="link-def">message authentication,</a> and/or <a href="http://www.w3.org/TR/xmldsig-core/#def-AuthenticationSigner" class="link-def">signer authentication</a> services for data of any
51 type, whether located within the XML that includes the signature or
53 <p> XML Security Library supports all MUST/SHOULD/MAY
54 features and algorithms
55 described in the W3C standard and provides API to sign prepared
57 add signature(s) to a document "on-the-fly" or verify the signature(s)
59 <p> <a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">XML Digital
61 Online Verifier</a> is an example of a real application based on XML
62 Security Library. Using this tool you can verify any XML Signature
63 and get detailed report on what and how was signed. </p>
65 <h3>XML Security Library Interoperability Report</h3>
67 <h4 style="text-align: center;">XML Digital Signature 1.0 (<a href="http://www.ietf.org/rfc/rfc3275.txt">RFC 3275</a>)</h4>
69 <table style="width: 85%;" border="1" cellpadding="2" cellspacing="2"><tbody>
71 <td style="width: 40%;" align="left" valign="top"><b>Features
73 algorithms<br></b></td>
74 <td align="left" valign="top"> <b>XMLSec with
76 <td style="vertical-align: top;"><b>XMLSec with GnuTLS</b></td>
77 <td style="vertical-align: top;"> <b>XMLSec with NSS</b>
79 <td style="vertical-align: top;"> <b>XMLSec with
83 <td style="width: 40%;" align="left" valign="top"> <span class="link-def">Detached</span>
86 <td align="left" valign="top">Y<br>
88 <td style="vertical-align: top;">Y<br>
90 <td style="vertical-align: top;">Y<br>
92 <td style="vertical-align: top;">Y<br>
96 <td style="width: 40%;" align="left" valign="top"> <span class="link-def">Enveloping</span>
97 Signature: same document reference with fragment
100 <td align="left" valign="top">Y<br>
102 <td style="vertical-align: top;">Y<br>
104 <td style="vertical-align: top;">Y<br>
106 <td style="vertical-align: top;">Y<br>
110 <td style="width: 40%;" align="left" valign="top"> <span class="link-def">Enveloped</span>
111 Signature: same document reference (URI="") with Enveloped Signature
114 <td align="left" valign="top">Y<br>
116 <td style="vertical-align: top;">Y<br>
118 <td style="vertical-align: top;">Y<br>
120 <td style="vertical-align: top;">Y<br>
124 <td style="width: 40%;" align="left" valign="top">SignatureValue
125 generation/validation<br>
127 <td align="left" valign="top">Y<br>
129 <td style="vertical-align: top;">Y<br>
131 <td style="vertical-align: top;">Y<br>
133 <td style="vertical-align: top;">Y<br>
137 <td style="width: 40%;" align="left" valign="top">Manifest
139 generation/valdiation<br>
141 <td align="left" valign="top">Y<br>
143 <td style="vertical-align: top;">Y<br>
145 <td style="vertical-align: top;">Y<br>
147 <td style="vertical-align: top;">Y<br>
151 <td style="width: 40%;" align="left" valign="top">Feature:
154 Signature element generation<br>
156 <td align="left" valign="top">Y<br>
158 <td style="vertical-align: top;">Y<br>
160 <td style="vertical-align: top;">Y<br>
162 <td style="vertical-align: top;">Y<br>
166 <td style="width: 40%;" align="left" valign="top">XPointers
169 <td align="left" valign="top">Y<br>
171 <td style="vertical-align: top;">Y<br>
173 <td style="vertical-align: top;">Y<br>
175 <td style="vertical-align: top;">Y<br>
179 <td style="width: 40%;" align="left" valign="top">XPointers
180 '#xpointer(id("<em>ID</em>"))'<br>
182 <td align="left" valign="top">Y<br>
184 <td style="vertical-align: top;">Y<br>
186 <td style="vertical-align: top;">Y<br>
188 <td style="vertical-align: top;">Y<br>
192 <td style="width: 40%;" align="left" valign="top">XPointers:
194 <td align="left" valign="top">Y<br>
196 <td style="vertical-align: top;">Y<br>
198 <td style="vertical-align: top;">Y<br>
200 <td style="vertical-align: top;">Y<br>
204 <td style="width: 40%;" align="left" valign="top">XPath
207 <td align="left" valign="top">Y<br>
209 <td style="vertical-align: top;">Y<br>
211 <td style="vertical-align: top;">Y<br>
213 <td style="vertical-align: top;">Y<br>
217 <td style="width: 40%;" align="left" valign="top">the
219 function (can be used to implement enveloped signature)<br>
221 <td align="left" valign="top">Y<br>
223 <td style="vertical-align: top;">Y<br>
225 <td style="vertical-align: top;">Y<br>
227 <td style="vertical-align: top;">Y<br>
231 <td style="width: 40%;" align="left" valign="top">XSLT
232 (note, the child <code>
234 element of Transform has been deprecated.)<br>
236 <td align="left" valign="top">Y<br>
238 <td style="vertical-align: top;">Y<br>
240 <td style="vertical-align: top;">Y<br>
242 <td style="vertical-align: top;">Y<br>
246 <td style="width: 40%;" align="left" valign="top">RetrievalMethod
250 <td align="left" valign="top">Y<br>
252 <td style="vertical-align: top;">Y<br>
254 <td style="vertical-align: top;">Y<br>
256 <td style="vertical-align: top;">Y<br>
260 <td style="width: 40%;" align="left" valign="top">SHA1
263 <td align="left" valign="top">Y<br>
265 <td style="vertical-align: top;">Y<br>
267 <td style="vertical-align: top;">Y<br>
269 <td style="vertical-align: top;">Y<br>
273 <td style="width: 40%;" align="left" valign="top">Base64
276 <td align="left" valign="top">Y<br>
278 <td style="vertical-align: top;">Y<br>
280 <td style="vertical-align: top;">Y<br>
282 <td style="vertical-align: top;">Y<br>
286 <td style="width: 40%;" align="left" valign="top">HMAC-SHA1
289 <td align="left" valign="top">Y<br>
291 <td style="vertical-align: top;">Y<br>
293 <td style="vertical-align: top;">Y<br>
295 <td style="vertical-align: top;">N<br>
299 <td style="width: 40%;" align="left" valign="top">DSAwithSHA1<br>
302 <td align="left" valign="top">Y<a href="#dsa-sha1"><sup>(1)</sup></a>
305 <td style="vertical-align: top;">N<br>
307 <td style="vertical-align: top;">Y<br>
309 <td style="vertical-align: top;">Y<br>
313 <td style="width: 40%;" align="left" valign="top">RSAwithSHA1
316 <td align="left" valign="top">Y<br>
318 <td style="vertical-align: top;">N<br>
320 <td style="vertical-align: top;">Y<br>
322 <td style="vertical-align: top;">Y<br>
326 <td style="width: 40%;" valign="top">X509 support<br>
328 <td valign="top">Y<br>
330 <td style="vertical-align: top;">N<br>
332 <td style="vertical-align: top;">Y<br>
334 <td style="vertical-align: top;">Y<br>
338 <td style="width: 40%;" align="left" valign="top">Minimal
339 C14N (deprecated)<br>
341 <td align="left" valign="top">N<br>
343 <td style="vertical-align: top;">N<br>
345 <td style="vertical-align: top;">N<br>
347 <td style="vertical-align: top;">N<br>
351 <td style="width: 40%;" align="left" valign="top">
352 <a href="http://www.w3.org/TR/xml-c14n">Canonical XML 1.0</a>
354 <td align="left" valign="top">Y<br>
356 <td style="vertical-align: top;">Y<br>
358 <td style="vertical-align: top;">Y<br>
360 <td style="vertical-align: top;">Y<br>
364 <td style="width: 40%;" align="left" valign="top">
365 <a href="http://www.w3.org/TR/xml-exc-c14n">Exlusive Canonical XML 1.0</a>
367 <td align="left" valign="top">Y<br>
369 <td style="vertical-align: top;">Y<br>
371 <td style="vertical-align: top;">Y<br>
373 <td style="vertical-align: top;">Y<br>
377 <td style="width: 40%;" align="left" valign="top">
378 <a href="http://www.w3.org/TR/xml-c14n11/">Canonical XML 1.1</a>
380 <td align="left" valign="top">Y<br>
382 <td style="vertical-align: top;">Y<br>
384 <td style="vertical-align: top;">Y<br>
386 <td style="vertical-align: top;">Y<br>
390 <td style="width: 40%;" align="left" valign="top">Enveloped
393 <td align="left" valign="top">Y<br>
395 <td style="vertical-align: top;">Y<br>
397 <td style="vertical-align: top;">Y<br>
399 <td style="vertical-align: top;"><br></td>
402 <div align="left"> <br><h4 style="text-align: center;">Additional XML Security
403 Algorithms (<a href="http://www.ietf.org/rfc/rfc4051.txt">RFC 4051</a>)</h4>
404 <table style="width: 85%; text-align: left; margin-left: auto; margin-right: auto;" border="1" cellpadding="2" cellspacing="2"><tbody>
406 <td style="width: 40%;" align="left" valign="top"><b>Features
408 algorithms<br></b></td>
409 <td align="left" valign="top"> <b>XMLSec with
411 <td style="vertical-align: top;"><b>XMLSec with GnuTLS</b></td>
412 <td style="vertical-align: top;"> <b>XMLSec with NSS</b>
414 <td style="vertical-align: top;"> <b>XMLSec with
418 <td style="vertical-align: top; width: 40%;">MD5<br>
420 <td style="vertical-align: top;">Y<br>
422 <td style="vertical-align: top;">N<br>
424 <td style="vertical-align: top;">N<br>
426 <td style="vertical-align: top;">N<br>
430 <td style="vertical-align: top; width: 40%;">SHA224<br>
432 <td style="vertical-align: top;">Y<br>
434 <td style="vertical-align: top;">N<br>
436 <td style="vertical-align: top;">N<br>
438 <td style="vertical-align: top;">N<br>
442 <td style="vertical-align: top; width: 40%;">SHA256<br>
444 <td style="vertical-align: top;">Y<br>
446 <td style="vertical-align: top;">N<br>
448 <td style="vertical-align: top;">N<br>
450 <td style="vertical-align: top;">N<br>
454 <td style="vertical-align: top; width: 40%;">SHA384<br>
456 <td style="vertical-align: top;">Y<br>
458 <td style="vertical-align: top;">N<br>
460 <td style="vertical-align: top;">N<br>
462 <td style="vertical-align: top;">N<br>
466 <td style="vertical-align: top; width: 40%;">SHA512<br>
468 <td style="vertical-align: top;">Y<br>
470 <td style="vertical-align: top;">N<br>
472 <td style="vertical-align: top;">N<br>
474 <td style="vertical-align: top;">N<br>
478 <td style="width: 40%;" align="left" valign="top">HMAC-MD5<br>
480 <td align="left" valign="top">Y <br>
482 <td style="vertical-align: top;">Y<br>
484 <td style="vertical-align: top;">Y<br>
486 <td style="vertical-align: top;">N<br>
490 <td style="vertical-align: top; width: 40%;">HMAC-SHA224<br>
492 <td style="vertical-align: top;">Y<br>
494 <td style="vertical-align: top;">N<br>
496 <td style="vertical-align: top;">N<br>
498 <td style="vertical-align: top;">N<br>
502 <td style="vertical-align: top; width: 40%;">HMAC-SHA256</td>
503 <td style="vertical-align: top;">Y<br>
505 <td style="vertical-align: top;">N<br>
507 <td style="vertical-align: top;">N<br>
509 <td style="vertical-align: top;">N<br>
513 <td style="vertical-align: top; width: 40%;">HMAC-SHA384</td>
514 <td style="vertical-align: top;">Y<br>
516 <td style="vertical-align: top;">N<br>
518 <td style="vertical-align: top;">N<br>
520 <td style="vertical-align: top;">N<br>
524 <td style="width: 40%;" align="left" valign="top">HMAC-SHA512</td>
525 <td align="left" valign="top">Y<br>
527 <td style="vertical-align: top;">N<br>
529 <td style="vertical-align: top;">N<br>
531 <td style="vertical-align: top;">N<br>
535 <td style="width: 40%;" valign="top">HMAC-RIPEMD160<br>
537 <td valign="top">Y<br>
539 <td style="vertical-align: top;">Y<br>
541 <td style="vertical-align: top;">N<br>
543 <td style="vertical-align: top;">N<br>
547 <td style="vertical-align: top; width: 40%;">RSA-MD5<br>
549 <td style="vertical-align: top;">Y<br>
551 <td style="vertical-align: top;">N<br>
553 <td style="vertical-align: top;">N<br>
555 <td style="vertical-align: top;">N<br>
559 <td style="vertical-align: top; width: 40%;">RSA-SHA224<br>
561 <td style="vertical-align: top;">Y<br>
563 <td style="vertical-align: top;">N<br>
565 <td style="vertical-align: top;">N<br>
567 <td style="vertical-align: top;">N<br>
571 <td style="vertical-align: top; width: 40%;">RSA-SHA256<br>
573 <td style="vertical-align: top;">Y<br>
575 <td style="vertical-align: top;">N<br>
577 <td style="vertical-align: top;">N<br>
579 <td style="vertical-align: top;">N<br>
583 <td style="vertical-align: top; width: 40%;">RSA-SHA384<br>
585 <td style="vertical-align: top;">Y<br>
587 <td style="vertical-align: top;">N<br>
589 <td style="vertical-align: top;">N<br>
591 <td style="vertical-align: top;">N<br>
595 <td style="vertical-align: top; width: 40%;">RSA-SHA512<br>
597 <td style="vertical-align: top;">Y<br>
599 <td style="vertical-align: top;">N<br>
601 <td style="vertical-align: top;">N<br>
603 <td style="vertical-align: top;">N<br>
607 <td style="vertical-align: top; width: 40%;">RSA-RIPEMD160</td>
608 <td style="vertical-align: top;">Y<br>
610 <td style="vertical-align: top;">N<br>
612 <td style="vertical-align: top;">N<br>
614 <td style="vertical-align: top;">N<br>
618 <td style="vertical-align: top; width: 40%;">ECDSA-SHA1<br>
620 <td style="vertical-align: top;">N<br>
622 <td style="vertical-align: top;">N<br>
624 <td style="vertical-align: top;">N<br>
626 <td style="vertical-align: top;">N<br>
630 <td style="vertical-align: top; width: 40%;">ECDSA-SHA224<br>
632 <td style="vertical-align: top;">N<br>
634 <td style="vertical-align: top;">N<br>
636 <td style="vertical-align: top;">N<br>
638 <td style="vertical-align: top;">N<br>
642 <td style="vertical-align: top; width: 40%;">ECDSA-SHA256</td>
643 <td style="vertical-align: top;">N<br>
645 <td style="vertical-align: top;">N<br>
647 <td style="vertical-align: top;">N<br>
649 <td style="vertical-align: top;">N<br>
653 <td style="vertical-align: top; width: 40%;">ECDSA-SHA384</td>
654 <td style="vertical-align: top;">N<br>
656 <td style="vertical-align: top;">N<br>
658 <td style="vertical-align: top;">N<br>
660 <td style="vertical-align: top;">N<br>
664 <td style="vertical-align: top; width: 40%;">ECDSA-SHA512</td>
665 <td style="vertical-align: top;">N<br>
667 <td style="vertical-align: top;">N<br>
669 <td style="vertical-align: top;">N<br>
671 <td style="vertical-align: top;">N<br>
675 <td style="vertical-align: top; width: 40%;">ESIGN-SHA1<br>
677 <td style="vertical-align: top;">N<br>
679 <td style="vertical-align: top;">N<br>
681 <td style="vertical-align: top;">N<br>
683 <td style="vertical-align: top;">N<br>
687 <td style="vertical-align: top; width: 40%;">ESIGN-SHA224</td>
688 <td style="vertical-align: top;">N<br>
690 <td style="vertical-align: top;">N<br>
692 <td style="vertical-align: top;">N<br>
694 <td style="vertical-align: top;">N<br>
698 <td style="vertical-align: top; width: 40%;">ESIGN-SHA256</td>
699 <td style="vertical-align: top;">N<br>
701 <td style="vertical-align: top;">N<br>
703 <td style="vertical-align: top;">N<br>
705 <td style="vertical-align: top;">N<br>
709 <td style="vertical-align: top; width: 40%;">ESIGN-SHA384</td>
710 <td style="vertical-align: top;">N<br>
712 <td style="vertical-align: top;">N<br>
714 <td style="vertical-align: top;">N<br>
716 <td style="vertical-align: top;">N<br>
720 <td style="vertical-align: top; width: 40%;">ESIGN-SHA512</td>
721 <td style="vertical-align: top;">N<br>
723 <td style="vertical-align: top;">N<br>
725 <td style="vertical-align: top;">N<br>
727 <td style="vertical-align: top;">N<br>
731 <td style="vertical-align: top; width: 40%;">Minimal
732 C14N (deprecated) </td>
733 <td style="vertical-align: top;">N<br>
735 <td style="vertical-align: top;">N<br>
737 <td style="vertical-align: top;">N<br>
739 <td style="vertical-align: top;">N<br>
743 <td style="width: 40%;" align="left" valign="top">XPointer
746 <td align="left" valign="top">Y <br>
748 <td style="vertical-align: top;">Y<br>
750 <td style="vertical-align: top;">Y<br>
752 <td style="vertical-align: top;">Y<br>
756 <td style="vertical-align: top; width: 40%;">ARCFOUR
759 <td style="vertical-align: top;">N<br>
761 <td style="vertical-align: top;">N<br>
763 <td style="vertical-align: top;">N<br>
765 <td style="vertical-align: top;">N<br>
769 <td style="vertical-align: top; width: 40%;">Camellia
773 <td style="vertical-align: top;">N<br>
775 <td style="vertical-align: top;">N<br>
777 <td style="vertical-align: top;">N<br>
779 <td style="vertical-align: top;">N<br>
783 <td style="vertical-align: top; width: 40%;">Camellia
786 <td style="vertical-align: top;">N<br>
788 <td style="vertical-align: top;">N<br>
790 <td style="vertical-align: top;">N<br>
792 <td style="vertical-align: top;">N<br>
796 <td style="vertical-align: top; width: 40%;">Camellia
800 <td style="vertical-align: top;">N<br>
802 <td style="vertical-align: top;">N<br>
804 <td style="vertical-align: top;">N<br>
806 <td style="vertical-align: top;">N<br>
810 <td style="vertical-align: top; width: 40%;">Camellia
813 <td style="vertical-align: top;">N<br>
815 <td style="vertical-align: top;">N<br>
817 <td style="vertical-align: top;">N<br>
819 <td style="vertical-align: top;">N<br>
823 <td style="vertical-align: top; width: 40%;">Camellia
825 <td style="vertical-align: top;">N<br>
827 <td style="vertical-align: top;">N<br>
829 <td style="vertical-align: top;">N<br>
831 <td style="vertical-align: top;">N<br>
835 <td style="vertical-align: top; width: 40%;">Camellia
838 <td style="vertical-align: top;">N<br>
840 <td style="vertical-align: top;">N<br>
842 <td style="vertical-align: top;">N<br>
844 <td style="vertical-align: top;">N<br>
848 <td style="vertical-align: top; width: 40%;">PSEC-KEM<br>
850 <td style="vertical-align: top;">N<br>
852 <td style="vertical-align: top;">N<br>
854 <td style="vertical-align: top;">N<br>
856 <td style="vertical-align: top;">N<br>
860 <div align="left"> <br><h4 style="text-align: center;">Other algorithms</h4>
861 <table style="width: 85%; text-align: left; margin-left: auto; margin-right: auto;" border="1" cellpadding="2" cellspacing="2"><tbody>
863 <td style="width: 40%;" align="left" valign="top"><b>Features
865 algorithms<br></b></td>
866 <td align="left" valign="top"> <b>XMLSec with
868 <td style="vertical-align: top;"><b>XMLSec with GnuTLS</b></td>
869 <td style="vertical-align: top;"> <b>XMLSec with NSS</b>
871 <td style="vertical-align: top;"> <b>XMLSec with
875 <td style="vertical-align: top; width: 40%;">GOST94 digests<br>
877 <td style="vertical-align: top;">N<br>
879 <td style="vertical-align: top;">N<br>
881 <td style="vertical-align: top;">N<br>
883 <td style="vertical-align: top;">Y<a href="#gost-mscrypto"><sup>(2)</sup></a><br>
887 <td style="vertical-align: top; width: 40%;">GOST2001 signatures<br>
889 <td style="vertical-align: top;">N<br>
891 <td style="vertical-align: top;">N<br>
893 <td style="vertical-align: top;">N<br>
895 <td style="vertical-align: top;">Y<a href="#gost-mscrypto"><sup>(2)</sup></a><br>
899 <br><br><a name="dsa-sha1"></a><sup>(1)</sup> Defining <a href="http://www.w3.org/TR/xmldsig-core/#sec-DSAKeyValue"> DSA key</a>
900 with Seed and PgenCounter is not supported.
901 <br><a name="gost-mscrypto"></a><sup>(2)</sup> Requires install of a CSP
902 providing these algorithms.<br><p>Test vectors (from <a href="http://www.w3.org/Signature/2001/04/05-xmldsig-interop.html">IETF/W3C
903 XML Signature WG: XML Signature Interoperability page</a>): <br><a href="http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2002AprJun/att-0016/01-merlin-xmldsig-twenty-three.tar.gz">merlin-xmldsig-twenty-three.tar.gz</a>
904 <br><a href="http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2001AprJun/att-00%2033/01-merlin-xmldsig-sixteen.tar.gz">merlin-xmldsig-sixteen.tar.gz</a>
905 (features, deprecated)<br><a href="http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2001JanMar/att-0155/04-merlin-xmldsig-fifteen.tar.gz">merlin-xmldsig-fifteen.tar.gz</a>
906 (algorithms, deprecated)<br></p>
910 </td></tr></table></td>