Install pyxmlsec - Python XML Security Library on Ubuntu

February 13, 2015 | By
| Reply More

XML encryption and digital signature are used for the security of XML documents. XML encryption and digital signature implementation exists for different programming languages. However, implementation of XML encryption and digital signature in C language is very comprehensive. It supports many functions and based on LibXML2 library. PyXMLSec is the Python implementation for XML security features however it does not support all function yet.The current version of library supports following XML security standards in Python.

a) XML Signature & Encryption
b) Canonical XML

Prerequisite for PyXMLsec Library

PyXMLSec library required following packages for installation.

1) Python 2.2 or greater

2) LibXML

3) XML Security Library

Python is already install on Ubuntu distribution. LibXML can be installed by typing following command in the terminal which is shown in Figure

$sudo apt-get install python-libxml2

Library

XML security library can be installed by using following command in the terminal. Installation of XML library is shown in  following snapshot.

 $sudo apt-get install libxmlsec1-dev

Development PackageInstallation of C development library is shown in following figure.

$sudo apt-get install libxml-security-c-dev

XML library of CPython implementation of XML security is installed using below given terminal which is also shown in figure.

$sudo apt-get install xmlsec1

xml security libarry

After installation of dependencies, download PyXMLSec recent version (0.3.1) using following command in the Downloads directory. Following figure showing the downloading process.

 $cd Downloads

$sudo wget labs.libre-entreprise.org/frs/download.php/897/pyxmlsec-0.3.1.tar.gz

Downloading PyXMLsec LibraryWe have to compile PyXMLSec from source package because deb packages  (binary package) is not available. Extract the downloaded pyxmlsec-0.3.1.tar.gz package using following command in the terminal.

$sudo tar -xvzf pyxmlsec-0.3.1.tar.gz

Tar command for ExtractionGo inside the extracted directory using cd command which is shown in the figure.

$cd pyxmlsec0.13.1

pyxmlsecOnce get inside the root directory of package, run sudo setup.py in the terminal for the installation of PyxmlSec. Installation process of PyXMLSec are shown in following Figure. Select option 1 for building of PyXMLsec from source. PyXMLsec library supports OpenSSL, NSS and GnuTLS crypto engines. OpenSSL is well-known crypto engine which is normally installed in almost every linux distribution.

 $sudo ./setup.py

Building of PyXMLsec

After completion of build step, again run the same command and select option 2 for the installation of library which is shown below.

Installation of PyXMLsec

Example

Few examples are available on the PyXMLsec website under the documentation section. We have selected XML signature (sign3.py) and verification (verify3.py) examples for the demonstration purpose. Signature example requires the input file (in our case document.xml) in XML format,  keys and certificates in PEM format. So first of all, key pair and self signed certificate required in signing process. OpenSSL is widely used utility for RSA key pair and certificate generation.  Following command generates RSA key pair of 2048 bit size and stores in "key.pem" file. It also stores X509 certificate in cer.pem file.

#openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 365

Key Generation and Certificates

XML signature

After the generation of keys and certificate, next step is signing the input file. XML signature example takes arguments in following format from user.

#./sign.py <xml-doc> <key-file> <cert-file>

In our case, input file for the XML signature is document.xml and resultant file signature stored in output.xml file which is shown below.

#./sign.py document.xml key.pem cert.pem > output.xml

signing process of PyXMLsec library

XML Verification

In this step, XML verification example takes output.xml file with certificates for the verification of XML signatures. XML verification example takes arguments in following format from user.

#./verify.py <signed-file> <trusted-cert-pem-file1> [<trusted-cert-pem-file2> [...]]

In our case, input file for the XML verification is output.xml and verifies it which is shown below.

#./verify.py output.xml cert.pem

PyXMLsec verification

Conclusion

Hope you enjoyed this article. To add , PyXMLsec is a python implementation of XML security which provides encryption and digital signature for XML documents. It supports open source Crypto engines such as OpenSSL,GnuTLS and NSS for symmetric and asymmetric algorithm.

Filed Under : OPENSOURCE, PROGRAMMING, SECURITY

Free Linux Ebook to Download

Leave a Reply

Commenting Policy:
Promotion of your products ? Comment gets deleted.
All comments are subject to moderation.