XML Digital Signature
XML
Digital Signature 1.0 provides integrity, message authentication, and/or signer authentication services for data of any
type, whether located within the XML that includes the signature or
elsewhere.
XML Security Library supports all MUST/SHOULD/MAY
features and algorithms
described in the W3C standard and provides API to sign prepared
document templates,
add signature(s) to a document "on-the-fly" or verify the signature(s)
in the document.
XML Digital
Signature
Online Verifier is an example of a real application based on XML
Security Library. Using this tool you can verify any XML Signature
and get detailed report on what and how was signed.
XML Security Library Interoperability Report
XML Digital Signature 1.0 (RFC 3275)
Features and algorithms |
XMLSec with OpenSSL |
XMLSec with GnuTLS |
XMLSec with GCrypt |
XMLSec with NSS |
XMLSec with MSCrypto |
XMLSec with MSCNG |
Detached Signature |
Y |
Y |
Y |
Y |
Y |
Y |
Enveloping Signature:
same document reference with fragment (URI="#Object1") |
Y |
Y |
Y |
Y |
Y |
Y |
Enveloped Signature:
same document reference (URI="") with Enveloped Signature Transform |
Y |
Y |
Y |
Y |
Y |
Y |
SignatureValue
generation/validation |
Y |
Y |
Y |
Y |
Y |
Y |
Manifest DigestValue
generation/valdiation |
Y |
Y |
Y |
Y |
Y |
Y |
Laxly schema valid Signature
element generation |
Y |
Y |
Y |
Y |
Y |
Y |
XPointers '#xpointer(/)' |
Y |
Y |
Y |
Y |
Y |
Y |
XPointers '#xpointer(id("ID"))' |
Y |
Y |
Y |
Y |
Y |
Y |
XPointers: full suppport |
Y |
Y |
Y |
Y |
Y |
Y |
XPath |
Y |
Y |
Y |
Y |
Y |
Y |
the dsig XPath 'here()'
function (can be used to implement enveloped signature) |
Y |
Y |
Y |
Y |
Y |
Y |
XSLT transform |
Y |
Y |
Y |
Y |
Y |
Y |
RetrievalMethod
(e.g. X509Data) |
Y |
Y |
Y |
Y |
Y |
Y |
SHA1 |
Y |
Y |
Y |
Y |
Y |
Y |
Base64 |
Y |
Y |
Y |
Y |
Y |
Y |
HMAC-SHA1 |
Y |
Y |
Y |
Y |
Y |
Y |
DSA with SHA1 (DSS) (1)
|
Y |
Y |
Y |
Y |
Y |
Y |
RSA with SHA1 |
Y |
Y |
Y |
Y |
Y |
Y |
X509 support |
Y |
Y |
N |
Y |
Y |
Y |
X509 CRL support |
Y |
Y |
N |
N |
Y |
Y |
Minimal C14N (deprecated) |
N |
N |
N |
N |
N |
N |
Canonical XML 1.0
|
Y |
Y |
Y |
Y |
Y |
Y |
Exlusive Canonical XML 1.0
|
Y |
Y |
Y |
Y |
Y |
Y |
Canonical XML 1.1
|
Y |
Y |
Y |
Y |
Y |
Y |
Enveloped Signature |
Y |
Y |
Y |
Y |
Y |
Y |
Additional XML Security
Algorithms (RFC 4051)
Features and algorithms
|
XMLSec with OpenSSL |
XMLSec with GnuTLS |
XMLSec with GCrypt |
XMLSec with NSS |
XMLSec with MSCrypto |
XMLSec with MSCNG |
MD5 |
Y |
Y |
Y |
Y |
Y |
Y |
SHA224 |
Y |
N |
N |
N |
N |
N |
SHA256 |
Y |
Y |
Y |
Y |
Y |
Y |
SHA384 |
Y |
Y |
Y |
Y |
Y |
Y |
SHA512 |
Y |
Y |
Y |
Y |
Y |
Y |
HMAC-MD5 |
Y |
Y |
Y |
Y |
Y |
Y |
HMAC-SHA224 |
Y |
N |
N |
N |
N |
N |
HMAC-SHA256 |
Y |
Y |
Y |
Y |
Y |
Y |
HMAC-SHA384 |
Y |
Y |
Y |
Y |
Y |
Y |
HMAC-SHA512 |
Y |
Y |
Y |
Y |
Y |
Y |
HMAC-RIPEMD160 |
Y |
Y |
Y |
Y |
N |
N |
RSA-MD5 |
Y |
Y |
Y |
N |
Y |
Y |
RSA-SHA224 |
Y |
N |
N |
N |
N |
N |
RSA-SHA256 |
Y |
Y |
Y |
Y |
Y |
Y |
RSA-SHA384 |
Y |
Y |
Y |
Y |
Y |
Y |
RSA-SHA512 |
Y |
Y |
Y |
Y |
Y |
Y |
RSA-RIPEMD160 |
Y |
Y |
Y |
N |
N |
N |
ECDSA-SHA1 |
Y |
N |
N |
N |
N |
Y |
ECDSA-SHA224 |
Y |
N |
N |
N |
N |
Y |
ECDSA-SHA256 |
Y |
N |
N |
N |
N |
Y |
ECDSA-SHA384 |
Y |
N |
N |
N |
N |
Y |
ECDSA-SHA512 |
Y |
N |
N |
N |
N |
Y |
ESIGN-SHA1 |
N |
N |
N |
N |
N |
N |
ESIGN-SHA224 |
N |
N |
N |
N |
N |
N |
ESIGN-SHA256 |
N |
N |
N |
N |
N |
N |
ESIGN-SHA384 |
N |
N |
N |
N |
N |
N |
ESIGN-SHA512 |
N |
N |
N |
N |
N |
N |
Minimal C14N (deprecated) |
N |
N |
N |
N |
N |
N |
XPointer transform |
Y |
Y |
Y |
Y |
Y |
Y |
ARCFOUR Encryption |
N |
N |
N |
N |
N |
N |
Camellia Block Encryption 128 |
N |
N |
N |
N |
N |
N |
Camellia Block Encryption 192 |
N |
N |
N |
N |
N |
N |
Camellia Block Encryption 256 |
N |
N |
N |
N |
N |
N |
Camellia Key Wrap 128 |
N |
N |
N |
N |
N |
N |
Camellia Key Wrap 192 |
N |
N |
N |
N |
N |
N |
Camellia Key Wrap 256 |
N |
N |
N |
N |
N |
N |
PSEC-KEM |
N |
N |
N |
N |
N |
N |
|