XML Digital Signature
XML
Digital Signature 1.0 provides integrity, message authentication, and/or signer authentication services for data of any
type, whether located within the XML that includes the signature or
elsewhere.
XML Security Library supports all MUST/SHOULD/MAY
features and algorithms
described in the W3C standard and provides API to sign prepared
document templates,
add signature(s) to a document "on-the-fly" or verify the signature(s)
in the document.
XML Digital
Signature
Online Verifier is an example of a real application based on XML
Security Library. Using this tool you can verify any XML Signature
and get detailed report on what and how was signed.
XML Security Library Interoperability Report
XML Digital Signature 1.0 (RFC 3275)
Features
and
algorithms
|
XMLSec with
OpenSSL |
XMLSec with GnuTLS |
XMLSec with NSS
|
XMLSec with
MSCrypto |
Detached
Signature
|
Y
|
Y
|
Y
|
Y
|
Enveloping
Signature: same document reference with fragment
(URI="#Object1")
|
Y
|
Y
|
Y
|
Y
|
Enveloped
Signature: same document reference (URI="") with Enveloped Signature
Transform .
|
Y
|
Y
|
Y
|
Y
|
SignatureValue
generation/validation
|
Y
|
Y
|
Y
|
Y
|
Manifest
DigestValue
generation/valdiation
|
Y
|
Y
|
Y
|
Y
|
Feature:
laxly schema
valid
Signature element generation
|
Y
|
Y
|
Y
|
Y
|
XPointers
'#xpointer(/)'
|
Y
|
Y
|
Y
|
Y
|
XPointers
'#xpointer(id("ID"))'
|
Y
|
Y
|
Y
|
Y
|
XPointers:
full suppport |
Y
|
Y
|
Y
|
Y
|
XPath
|
Y
|
Y
|
Y
|
Y
|
the
dsig XPath 'here()'
function (can be used to implement enveloped signature)
|
Y
|
Y
|
Y
|
Y
|
XSLT
(note, the child
XSLT
element of Transform has been deprecated.)
|
Y
|
Y
|
Y
|
Y
|
RetrievalMethod
(e.g.,
X509Data)
|
Y
|
Y
|
Y
|
Y
|
SHA1
|
Y
|
Y
|
Y
|
Y
|
Base64
|
Y
|
Y
|
Y
|
Y
|
HMAC-SHA1
|
Y
|
Y
|
Y
|
N
|
DSAwithSHA1
(DSS)
|
Y(1)
|
N
|
Y
|
Y
|
RSAwithSHA1
|
Y
|
N
|
Y
|
Y
|
X509 support
|
Y
|
N
|
Y
|
Y
|
Minimal
C14N (deprecated)
|
N
|
N
|
N
|
N
|
Canonical XML 1.0
|
Y
|
Y
|
Y
|
Y
|
Exlusive Canonical XML 1.0
|
Y
|
Y
|
Y
|
Y
|
Canonical XML 1.1
|
Y
|
Y
|
Y
|
Y
|
Enveloped
Signature
|
Y
|
Y
|
Y
|
|
Additional XML Security
Algorithms (RFC 4051)
Features
and
algorithms
|
XMLSec with
OpenSSL |
XMLSec with GnuTLS |
XMLSec with NSS
|
XMLSec with
MSCrypto |
MD5
|
Y
|
N
|
N
|
N
|
SHA224
|
Y
|
N
|
N
|
N
|
SHA256
|
Y
|
N
|
N
|
N
|
SHA384
|
Y
|
N
|
N
|
N
|
SHA512
|
Y
|
N
|
N
|
N
|
HMAC-MD5
|
Y
|
Y
|
Y
|
N
|
HMAC-SHA224
|
Y
|
N
|
N
|
N
|
HMAC-SHA256 |
Y
|
N
|
N
|
N
|
HMAC-SHA384 |
Y
|
N
|
N
|
N
|
HMAC-SHA512 |
Y
|
N
|
N
|
N
|
HMAC-RIPEMD160
|
Y
|
Y
|
N
|
N
|
RSA-MD5
|
Y
|
N
|
N
|
N
|
RSA-SHA224
|
Y
|
N
|
N
|
N
|
RSA-SHA256
|
Y
|
N
|
N
|
N
|
RSA-SHA384
|
Y
|
N
|
N
|
N
|
RSA-SHA512
|
Y
|
N
|
N
|
N
|
RSA-RIPEMD160 |
Y
|
N
|
N
|
N
|
ECDSA-SHA1
|
N
|
N
|
N
|
N
|
ECDSA-SHA224
|
N
|
N
|
N
|
N
|
ECDSA-SHA256 |
N
|
N
|
N
|
N
|
ECDSA-SHA384 |
N
|
N
|
N
|
N
|
ECDSA-SHA512 |
N
|
N
|
N
|
N
|
ESIGN-SHA1
|
N
|
N
|
N
|
N
|
ESIGN-SHA224 |
N
|
N
|
N
|
N
|
ESIGN-SHA256 |
N
|
N
|
N
|
N
|
ESIGN-SHA384 |
N
|
N
|
N
|
N
|
ESIGN-SHA512 |
N
|
N
|
N
|
N
|
Minimal
C14N (deprecated) |
N
|
N
|
N
|
N
|
XPointer
transform
|
Y
|
Y
|
Y
|
Y
|
ARCFOUR
Encryption
|
N
|
N
|
N
|
N
|
Camellia
Block
Encryption 128
|
N
|
N
|
N
|
N
|
Camellia
Block
Encryption 192 |
N
|
N
|
N
|
N
|
Camellia
Block
Encryption 256
|
N
|
N
|
N
|
N
|
Camellia
Key Wrap 128
|
N
|
N
|
N
|
N
|
Camellia
Key Wrap 192 |
N
|
N
|
N
|
N
|
Camellia
Key Wrap 256
|
N
|
N
|
N
|
N
|
PSEC-KEM
|
N
|
N
|
N
|
N
|
|