XML encryption and digital signature are used for the security of XML documents. XML encryption and digital signature implementation exists for different programming languages. However, implementation of XML encryption and digital signature in C language is very comprehensive. It supports many functions and based on LibXML2 library. PyXMLSec is the Python implementation for XML security features however it does not support all function yet.The current version of library supports following XML security standards in Python.
a) XML Signature & Encryption
b) Canonical XML
Prerequisite for PyXMLsec Library
PyXMLSec library required following packages for installation.
1) Python 2.2 or greater
3) XML Security Library
Python is already install on Ubuntu distribution. LibXML can be installed by typing following command in the terminal which is shown in Figure
$sudo apt-get install python-libxml2
XML security library can be installed by using following command in the terminal. Installation of XML library is shown in following snapshot.
$sudo apt-get install libxmlsec1-dev
Installation of C development library is shown in following figure.
$sudo apt-get install libxml-security-c-dev
Python implementation of XML security is installed using below given terminal which is also shown in figure.
$sudo apt-get install xmlsec1
After installation of dependencies, download PyXMLSec recent version (0.3.1) using following command in the Downloads directory. Following figure showing the downloading process.
$cd Downloads $sudo wget labs.libre-entreprise.org/frs/download.php/897/pyxmlsec-0.3.1.tar.gz
We have to compile PyXMLSec from source package because deb packages (binary package) is not available. Extract the downloaded pyxmlsec-0.3.1.tar.gz package using following command in the terminal.
$sudo tar -xvzf pyxmlsec-0.3.1.tar.gz
Go inside the extracted directory using cd command which is shown in the figure.
Once get inside the root directory of package, run sudo setup.py in the terminal for the installation of PyxmlSec. Installation process of PyXMLSec are shown in following Figure. Select option 1 for building of PyXMLsec from source. PyXMLsec library supports OpenSSL, NSS and GnuTLS crypto engines. OpenSSL is well-known crypto engine which is normally installed in almost every linux distribution.
After completion of build step, again run the same command and select option 2 for the installation of library which is shown below.
Few examples are available on the PyXMLsec website under the documentation section. We have selected XML signature (sign3.py) and verification (verify3.py) examples for the demonstration purpose. Signature example requires the input file (in our case document.xml) in XML format, keys and certificates in PEM format. So first of all, key pair and self signed certificate required in signing process. OpenSSL is widely used utility for RSA key pair and certificate generation. Following command generates RSA key pair of 2048 bit size and stores in "key.pem" file. It also stores X509 certificate in cer.pem file.
#openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 365
After the generation of keys and certificate, next step is signing the input file. XML signature example takes arguments in following format from user.
#./sign.py <xml-doc> <key-file> <cert-file>
In our case, input file for the XML signature is document.xml and resultant file signature stored in output.xml file which is shown below.
#./sign.py document.xml key.pem cert.pem > output.xml
In this step, XML verification example takes output.xml file with certificates for the verification of XML signatures. XML verification example takes arguments in following format from user.
#./verify.py <signed-file> <trusted-cert-pem-file1> [<trusted-cert-pem-file2> [...]]
In our case, input file for the XML verification is output.xml and verifies it which is shown below.
#./verify.py output.xml cert.pem
Hope you enjoyed this article. To add , PyXMLsec is a python implementation of XML security which provides encryption and digital signature for XML documents. It supports open source Crypto engines such as OpenSSL,GnuTLS and NSS for symmetric and asymmetric algorithm.