<html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <title>XML Security Library: XML Digital Signature</title> </head> <body><table witdh="100%" valign="top"><tr valign="top"> <td valign="top" align="left" width="210"> <img src="images/logo.gif" alt="XML Security Library" border="0"><p></p> <ul> <li><a href="index.html">Home</a></li> <li><a href="download.html">Download</a></li> <li><a href="news.html">News</a></li> <li><a href="documentation.html">Documentation</a></li> <ul> <li><a href="faq.html">FAQ</a></li> <li><a href="api/xmlsec-notes.html">Tutorial</a></li> <li><a href="api/xmlsec-reference.html">API reference</a></li> <li><a href="api/xmlsec-examples.html">Examples</a></li> </ul> <li><a href="xmldsig.html">XML Digital Signature</a></li> <ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul> <li><a href="xmlenc.html">XML Encryption</a></li> <li><a href="c14n.html">XML Canonicalization</a></li> <li><a href="bugs.html">Reporting Bugs</a></li> <li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li> <li><a href="related.html">Related</a></li> <li><a href="authors.html">Authors</a></li> </ul> <table width="100%"> <tr> <td width="15"></td> <td><a href="http://xmlsoft.org/"><img src="images/libxml2-logo.png" alt="LibXML2" border="0"></a></td> </tr> <tr> <td width="15"></td> <td><a href="http://xmlsoft.org/XSLT"><img src="images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td> </tr> <tr> <td width="15"></td> <td><a href="http://www.openssl.org/"><img src="images/openssl-logo.png" alt="OpenSSL" border="0"></a></td> </tr> <!--Sponsored links - start--><!--Sponsored links - end--> </table> </td> <td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent"> <div align="center"> <h2>XML Digital Signature</h2> </div> <p> <a href="http://www.w3.org/TR/xmldsig-core">XML Digital Signature</a> provides <a href="http://www.w3.org/TR/xmldsig-core/#def-Integrity" class="link-def">integrity,</a> <a href="http://www.w3.org/TR/xmldsig-core/#def-AuthenticationMessage" class="link-def">message authentication,</a> and/or <a href="http://www.w3.org/TR/xmldsig-core/#def-AuthenticationSigner" class="link-def">signer authentication</a> services for data of any type, whether located within the XML that includes the signature or elsewhere. </p> <p> XML Security Library supports all MUST/SHOULD/MAY features and algorithms described in the W3C standard and provides API to sign prepared document templates, add signature(s) to a document "on-the-fly" or verify the signature(s) in the document. </p> <p> <a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">XML Digital Signature Online Verifier</a> is an example of a real application based on XML Security Library. Using this tool you can verify any XML Signature and get detailed report on what and how was signed. </p> <div align="center"> <h3>XML Security Library Interoperability Report</h3> </div> <h4 style="text-align: center;">XML Signature (<a href="http://www.ietf.org/rfc/rfc3275.txt">RFC 3275</a>)</h4> <div align="center"> <table style="width: 85%;" border="1" cellpadding="2" cellspacing="2"><tbody> <tr> <td style="width: 40%;" align="left" valign="top"><b>Features and algorithms<br></b></td> <td align="left" valign="top"> <b>XMLSec with OpenSSL </b> </td> <td style="vertical-align: top;"><b>XMLSec with GnuTLS</b></td> <td style="vertical-align: top;"> <b>XMLSec with NSS</b> </td> <td style="vertical-align: top;"> <b>XMLSec with MSCrypto</b> </td> </tr> <tr> <td style="width: 40%;" align="left" valign="top"> <span class="link-def">Detached</span> Signature<br> </td> <td align="left" valign="top">Y<br> </td> <td style="vertical-align: top;">Y<br> </td> <td style="vertical-align: top;">Y<br> </td> <td style="vertical-align: top;">Y<br> </td> </tr> <tr> <td style="width: 40%;" align="left" valign="top"> <span class="link-def">Enveloping</span> Signature: same document reference with fragment (URI="#Object1")<br> </td> <td align="left" valign="top">Y<br> </td> <td style="vertical-align: top;">Y<br> </td> <td style="vertical-align: top;">Y<br> </td> <td style="vertical-align: top;">Y<br> </td> </tr> <tr> <td style="width: 40%;" align="left" valign="top"> <span class="link-def">Enveloped</span> Signature: same document reference (URI="") with Enveloped Signature Transform .<br> </td> <td align="left" valign="top">Y<br> </td> <td style="vertical-align: top;">Y<br> </td> <td style="vertical-align: top;">Y<br> </td> <td style="vertical-align: top;">Y<br> </td> </tr> <tr> <td style="width: 40%;" align="left" valign="top">SignatureValue generation/validation<br> </td> <td align="left" valign="top">Y<br> </td> <td style="vertical-align: top;">Y<br> </td> <td style="vertical-align: top;">Y<br> </td> <td style="vertical-align: top;">Y<br> </td> </tr> <tr> <td style="width: 40%;" align="left" valign="top">Manifest DigestValue generation/valdiation<br> </td> <td align="left" valign="top">Y<br> </td> <td style="vertical-align: top;">Y<br> </td> <td style="vertical-align: top;">Y<br> </td> <td style="vertical-align: top;">Y<br> </td> </tr> <tr> <td style="width: 40%;" align="left" valign="top">Feature: laxly schema valid Signature element generation<br> </td> <td align="left" valign="top">Y<br> </td> <td style="vertical-align: top;">Y<br> </td> <td style="vertical-align: top;">Y<br> </td> <td style="vertical-align: top;">Y<br> </td> </tr> <tr> <td style="width: 40%;" align="left" valign="top">XPointers '#xpointer(/)'<br> </td> <td align="left" valign="top">Y<br> </td> <td style="vertical-align: top;">Y<br> </td> <td style="vertical-align: top;">Y<br> </td> <td style="vertical-align: top;">Y<br> </td> </tr> <tr> <td style="width: 40%;" align="left" valign="top">XPointers '#xpointer(id("<em>ID</em>"))'<br> </td> <td align="left" valign="top">Y<br> </td> <td style="vertical-align: top;">Y<br> </td> <td style="vertical-align: top;">Y<br> </td> <td style="vertical-align: top;">Y<br> </td> </tr> <tr> <td style="width: 40%;" align="left" valign="top">XPointers: full suppport </td> <td align="left" valign="top">Y<br> </td> <td style="vertical-align: top;">Y<br> </td> <td style="vertical-align: top;">Y<br> </td> <td style="vertical-align: top;">Y<br> </td> </tr> <tr> <td style="width: 40%;" align="left" valign="top">XPath <br> </td> <td align="left" valign="top">Y<br> </td> <td style="vertical-align: top;">Y<br> </td> <td style="vertical-align: top;">Y<br> </td> <td style="vertical-align: top;">Y<br> </td> </tr> <tr> <td style="width: 40%;" align="left" valign="top">the dsig XPath 'here()' function (can be used to implement enveloped signature)<br> </td> <td align="left" valign="top">Y<br> </td> <td style="vertical-align: top;">Y<br> </td> <td style="vertical-align: top;">Y<br> </td> <td style="vertical-align: top;">Y<br> </td> </tr> <tr> <td style="width: 40%;" align="left" valign="top">XSLT (note, the child <code> XSLT</code> element of Transform has been deprecated.)<br> </td> <td align="left" valign="top">Y<br> </td> <td style="vertical-align: top;">Y<br> </td> <td style="vertical-align: top;">Y<br> </td> <td style="vertical-align: top;">Y<br> </td> </tr> <tr> <td style="width: 40%;" align="left" valign="top">RetrievalMethod (e.g., X509Data)<br> </td> <td align="left" valign="top">Y<br> </td> <td style="vertical-align: top;">Y<br> </td> <td style="vertical-align: top;">Y<br> </td> <td style="vertical-align: top;">Y<br> </td> </tr> <tr> <td style="width: 40%;" align="left" valign="top">SHA1 <br> </td> <td align="left" valign="top">Y<br> </td> <td style="vertical-align: top;">Y<br> </td> <td style="vertical-align: top;">Y<br> </td> <td style="vertical-align: top;">Y<br> </td> </tr> <tr> <td style="width: 40%;" align="left" valign="top">Base64 <br> </td> <td align="left" valign="top">Y<br> </td> <td style="vertical-align: top;">Y<br> </td> <td style="vertical-align: top;">Y<br> </td> <td style="vertical-align: top;">Y<br> </td> </tr> <tr> <td style="width: 40%;" align="left" valign="top">HMAC-SHA1 <br> </td> <td align="left" valign="top">Y<br> </td> <td style="vertical-align: top;">Y<br> </td> <td style="vertical-align: top;">Y<br> </td> <td style="vertical-align: top;">N<br> </td> </tr> <tr> <td style="width: 40%;" align="left" valign="top">DSAwithSHA1<br> (DSS) <br> </td> <td align="left" valign="top">Y<a href="#dsa-sha1"><sup>(1)</sup></a> <br> </td> <td style="vertical-align: top;">N<br> </td> <td style="vertical-align: top;">Y<br> </td> <td style="vertical-align: top;">Y<br> </td> </tr> <tr> <td style="width: 40%;" align="left" valign="top">RSAwithSHA1 <br> </td> <td align="left" valign="top">Y<br> </td> <td style="vertical-align: top;">N<br> </td> <td style="vertical-align: top;">Y<br> </td> <td style="vertical-align: top;">Y<br> </td> </tr> <tr> <td style="width: 40%;" valign="top">X509 support<br> </td> <td valign="top">Y<br> </td> <td style="vertical-align: top;">N<br> </td> <td style="vertical-align: top;">Y<br> </td> <td style="vertical-align: top;">Y<br> </td> </tr> <tr> <td style="width: 40%;" align="left" valign="top">Minimal C14N (deprecated)<br> </td> <td align="left" valign="top">N<br> </td> <td style="vertical-align: top;">N<br> </td> <td style="vertical-align: top;">N<br> </td> <td style="vertical-align: top;">N<br> </td> </tr> <tr> <td style="width: 40%;" align="left" valign="top">Canonical XML (20010315)<br> </td> <td align="left" valign="top">Y<br> </td> <td style="vertical-align: top;">Y<br> </td> <td style="vertical-align: top;">Y<br> </td> <td style="vertical-align: top;">Y<br> </td> </tr> <tr> <td style="width: 40%;" align="left" valign="top">Canonical XML with comments<br> </td> <td align="left" valign="top">Y<br> </td> <td style="vertical-align: top;">Y<br> </td> <td style="vertical-align: top;">Y<br> </td> <td style="vertical-align: top;">Y<br> </td> </tr> <tr> <td style="width: 40%;" align="left" valign="top">Exlusive Canonical XML <br> </td> <td align="left" valign="top">Y<br> </td> <td style="vertical-align: top;">Y<br> </td> <td style="vertical-align: top;">Y<br> </td> <td style="vertical-align: top;">Y<br> </td> </tr> <tr> <td style="width: 40%;" align="left" valign="top">Exlusive Canonical XML with comments<br> </td> <td align="left" valign="top">Y<br> </td> <td style="vertical-align: top;">Y<br> </td> <td style="vertical-align: top;">Y<br> </td> <td style="vertical-align: top;">Y<br> </td> </tr> <tr> <td style="width: 40%;" align="left" valign="top">Enveloped Signature <br> </td> <td align="left" valign="top">Y<br> </td> <td style="vertical-align: top;">Y<br> </td> <td style="vertical-align: top;">Y<br> </td> <td style="vertical-align: top;"><br></td> </tr> </tbody></table> <div align="left"> <br><h4 style="text-align: center;">Additional XML Security Algorithms (<a href="http://www.ietf.org/rfc/rfc4051.txt">RFC 4051</a>)</h4> <table style="width: 85%; text-align: left; margin-left: auto; margin-right: auto;" border="1" cellpadding="2" cellspacing="2"><tbody> <tr> <td style="width: 40%;" align="left" valign="top"><b>Features and algorithms<br></b></td> <td align="left" valign="top"> <b>XMLSec with OpenSSL </b> </td> <td style="vertical-align: top;"><b>XMLSec with GnuTLS</b></td> <td style="vertical-align: top;"> <b>XMLSec with NSS</b> </td> <td style="vertical-align: top;"> <b>XMLSec with MSCrypto</b> </td> </tr> <tr> <td style="vertical-align: top; width: 40%;">MD5<br> </td> <td style="vertical-align: top;">Y<br> </td> <td style="vertical-align: top;">N<br> </td> <td style="vertical-align: top;">N<br> </td> <td style="vertical-align: top;">N<br> </td> </tr> <tr> <td style="vertical-align: top; width: 40%;">SHA224<br> </td> <td style="vertical-align: top;">Y<br> </td> <td style="vertical-align: top;">N<br> </td> <td style="vertical-align: top;">N<br> </td> <td style="vertical-align: top;">N<br> </td> </tr> <tr> <td style="vertical-align: top; width: 40%;">SHA256<br> </td> <td style="vertical-align: top;">Y<br> </td> <td style="vertical-align: top;">N<br> </td> <td style="vertical-align: top;">N<br> </td> <td style="vertical-align: top;">N<br> </td> </tr> <tr> <td style="vertical-align: top; width: 40%;">SHA384<br> </td> <td style="vertical-align: top;">Y<br> </td> <td style="vertical-align: top;">N<br> </td> <td style="vertical-align: top;">N<br> </td> <td style="vertical-align: top;">N<br> </td> </tr> <tr> <td style="vertical-align: top; width: 40%;">SHA512<br> </td> <td style="vertical-align: top;">Y<br> </td> <td style="vertical-align: top;">N<br> </td> <td style="vertical-align: top;">N<br> </td> <td style="vertical-align: top;">N<br> </td> </tr> <tr> <td style="width: 40%;" align="left" valign="top">HMAC-MD5<br> </td> <td align="left" valign="top">Y <br> </td> <td style="vertical-align: top;">Y<br> </td> <td style="vertical-align: top;">Y<br> </td> <td style="vertical-align: top;">N<br> </td> </tr> <tr> <td style="vertical-align: top; width: 40%;">HMAC-SHA224<br> </td> <td style="vertical-align: top;">Y<br> </td> <td style="vertical-align: top;">N<br> </td> <td style="vertical-align: top;">N<br> </td> <td style="vertical-align: top;">N<br> </td> </tr> <tr> <td style="vertical-align: top; width: 40%;">HMAC-SHA256</td> <td style="vertical-align: top;">Y<br> </td> <td style="vertical-align: top;">N<br> </td> <td style="vertical-align: top;">N<br> </td> <td style="vertical-align: top;">N<br> </td> </tr> <tr> <td style="vertical-align: top; width: 40%;">HMAC-SHA384</td> <td style="vertical-align: top;">Y<br> </td> <td style="vertical-align: top;">N<br> </td> <td style="vertical-align: top;">N<br> </td> <td style="vertical-align: top;">N<br> </td> </tr> <tr> <td style="width: 40%;" align="left" valign="top">HMAC-SHA512</td> <td align="left" valign="top">Y<br> </td> <td style="vertical-align: top;">N<br> </td> <td style="vertical-align: top;">N<br> </td> <td style="vertical-align: top;">N<br> </td> </tr> <tr> <td style="width: 40%;" valign="top">HMAC-RIPEMD160<br> </td> <td valign="top">Y<br> </td> <td style="vertical-align: top;">Y<br> </td> <td style="vertical-align: top;">N<br> </td> <td style="vertical-align: top;">N<br> </td> </tr> <tr> <td style="vertical-align: top; width: 40%;">RSA-MD5<br> </td> <td style="vertical-align: top;">Y<br> </td> <td style="vertical-align: top;">N<br> </td> <td style="vertical-align: top;">N<br> </td> <td style="vertical-align: top;">N<br> </td> </tr> <tr> <td style="vertical-align: top; width: 40%;">RSA-SHA224<br> </td> <td style="vertical-align: top;">Y<br> </td> <td style="vertical-align: top;">N<br> </td> <td style="vertical-align: top;">N<br> </td> <td style="vertical-align: top;">N<br> </td> </tr> <tr> <td style="vertical-align: top; width: 40%;">RSA-SHA256<br> </td> <td style="vertical-align: top;">Y<br> </td> <td style="vertical-align: top;">N<br> </td> <td style="vertical-align: top;">N<br> </td> <td style="vertical-align: top;">N<br> </td> </tr> <tr> <td style="vertical-align: top; width: 40%;">RSA-SHA384<br> </td> <td style="vertical-align: top;">Y<br> </td> <td style="vertical-align: top;">N<br> </td> <td style="vertical-align: top;">N<br> </td> <td style="vertical-align: top;">N<br> </td> </tr> <tr> <td style="vertical-align: top; width: 40%;">RSA-SHA512<br> </td> <td style="vertical-align: top;">Y<br> </td> <td style="vertical-align: top;">N<br> </td> <td style="vertical-align: top;">N<br> </td> <td style="vertical-align: top;">N<br> </td> </tr> <tr> <td style="vertical-align: top; width: 40%;">RSA-RIPEMD160</td> <td style="vertical-align: top;">Y<br> </td> <td style="vertical-align: top;">N<br> </td> <td style="vertical-align: top;">N<br> </td> <td style="vertical-align: top;">N<br> </td> </tr> <tr> <td style="vertical-align: top; width: 40%;">ECDSA-SHA1<br> </td> <td style="vertical-align: top;">N<br> </td> <td style="vertical-align: top;">N<br> </td> <td style="vertical-align: top;">N<br> </td> <td style="vertical-align: top;">N<br> </td> </tr> <tr> <td style="vertical-align: top; width: 40%;">ECDSA-SHA224<br> </td> <td style="vertical-align: top;">N<br> </td> <td style="vertical-align: top;">N<br> </td> <td style="vertical-align: top;">N<br> </td> <td style="vertical-align: top;">N<br> </td> </tr> <tr> <td style="vertical-align: top; width: 40%;">ECDSA-SHA256</td> <td style="vertical-align: top;">N<br> </td> <td style="vertical-align: top;">N<br> </td> <td style="vertical-align: top;">N<br> </td> <td style="vertical-align: top;">N<br> </td> </tr> <tr> <td style="vertical-align: top; width: 40%;">ECDSA-SHA384</td> <td style="vertical-align: top;">N<br> </td> <td style="vertical-align: top;">N<br> </td> <td style="vertical-align: top;">N<br> </td> <td style="vertical-align: top;">N<br> </td> </tr> <tr> <td style="vertical-align: top; width: 40%;">ECDSA-SHA512</td> <td style="vertical-align: top;">N<br> </td> <td style="vertical-align: top;">N<br> </td> <td style="vertical-align: top;">N<br> </td> <td style="vertical-align: top;">N<br> </td> </tr> <tr> <td style="vertical-align: top; width: 40%;">ESIGN-SHA1<br> </td> <td style="vertical-align: top;">N<br> </td> <td style="vertical-align: top;">N<br> </td> <td style="vertical-align: top;">N<br> </td> <td style="vertical-align: top;">N<br> </td> </tr> <tr> <td style="vertical-align: top; width: 40%;">ESIGN-SHA224</td> <td style="vertical-align: top;">N<br> </td> <td style="vertical-align: top;">N<br> </td> <td style="vertical-align: top;">N<br> </td> <td style="vertical-align: top;">N<br> </td> </tr> <tr> <td style="vertical-align: top; width: 40%;">ESIGN-SHA256</td> <td style="vertical-align: top;">N<br> </td> <td style="vertical-align: top;">N<br> </td> <td style="vertical-align: top;">N<br> </td> <td style="vertical-align: top;">N<br> </td> </tr> <tr> <td style="vertical-align: top; width: 40%;">ESIGN-SHA384</td> <td style="vertical-align: top;">N<br> </td> <td style="vertical-align: top;">N<br> </td> <td style="vertical-align: top;">N<br> </td> <td style="vertical-align: top;">N<br> </td> </tr> <tr> <td style="vertical-align: top; width: 40%;">ESIGN-SHA512</td> <td style="vertical-align: top;">N<br> </td> <td style="vertical-align: top;">N<br> </td> <td style="vertical-align: top;">N<br> </td> <td style="vertical-align: top;">N<br> </td> </tr> <tr> <td style="vertical-align: top; width: 40%;">Minimal C14N (deprecated) </td> <td style="vertical-align: top;">N<br> </td> <td style="vertical-align: top;">N<br> </td> <td style="vertical-align: top;">N<br> </td> <td style="vertical-align: top;">N<br> </td> </tr> <tr> <td style="width: 40%;" align="left" valign="top">XPointer transform<br> </td> <td align="left" valign="top">Y <br> </td> <td style="vertical-align: top;">Y<br> </td> <td style="vertical-align: top;">Y<br> </td> <td style="vertical-align: top;">Y<br> </td> </tr> <tr> <td style="vertical-align: top; width: 40%;">ARCFOUR Encryption<br> </td> <td style="vertical-align: top;">N<br> </td> <td style="vertical-align: top;">N<br> </td> <td style="vertical-align: top;">N<br> </td> <td style="vertical-align: top;">N<br> </td> </tr> <tr> <td style="vertical-align: top; width: 40%;">Camellia Block Encryption 128<br> </td> <td style="vertical-align: top;">N<br> </td> <td style="vertical-align: top;">N<br> </td> <td style="vertical-align: top;">N<br> </td> <td style="vertical-align: top;">N<br> </td> </tr> <tr> <td style="vertical-align: top; width: 40%;">Camellia Block Encryption 192</td> <td style="vertical-align: top;">N<br> </td> <td style="vertical-align: top;">N<br> </td> <td style="vertical-align: top;">N<br> </td> <td style="vertical-align: top;">N<br> </td> </tr> <tr> <td style="vertical-align: top; width: 40%;">Camellia Block Encryption 256<br> </td> <td style="vertical-align: top;">N<br> </td> <td style="vertical-align: top;">N<br> </td> <td style="vertical-align: top;">N<br> </td> <td style="vertical-align: top;">N<br> </td> </tr> <tr> <td style="vertical-align: top; width: 40%;">Camellia Key Wrap 128<br> </td> <td style="vertical-align: top;">N<br> </td> <td style="vertical-align: top;">N<br> </td> <td style="vertical-align: top;">N<br> </td> <td style="vertical-align: top;">N<br> </td> </tr> <tr> <td style="vertical-align: top; width: 40%;">Camellia Key Wrap 192</td> <td style="vertical-align: top;">N<br> </td> <td style="vertical-align: top;">N<br> </td> <td style="vertical-align: top;">N<br> </td> <td style="vertical-align: top;">N<br> </td> </tr> <tr> <td style="vertical-align: top; width: 40%;">Camellia Key Wrap 256<br> </td> <td style="vertical-align: top;">N<br> </td> <td style="vertical-align: top;">N<br> </td> <td style="vertical-align: top;">N<br> </td> <td style="vertical-align: top;">N<br> </td> </tr> <tr> <td style="vertical-align: top; width: 40%;">PSEC-KEM<br> </td> <td style="vertical-align: top;">N<br> </td> <td style="vertical-align: top;">N<br> </td> <td style="vertical-align: top;">N<br> </td> <td style="vertical-align: top;">N<br> </td> </tr> </tbody></table> <br><br><a name="dsa-sha1"></a><sup>(1)</sup> Defining <a href="http://www.w3.org/TR/xmldsig-core/#sec-DSAKeyValue"> DSA key</a> with Seed and PgenCounter is not supported.<br><p>Test vectors (from <a href="http://www.w3.org/Signature/2001/04/05-xmldsig-interop.html">IETF/W3C XML Signature WG: XML Signature Interoperability page</a>): <br><a href="http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2002AprJun/att-0016/01-merlin-xmldsig-twenty-three.tar.gz">merlin-xmldsig-twenty-three.tar.gz</a> <br><a href="http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2001AprJun/att-00%2033/01-merlin-xmldsig-sixteen.tar.gz">merlin-xmldsig-sixteen.tar.gz</a> (features, deprecated)<br><a href="http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2001JanMar/att-0155/04-merlin-xmldsig-fifteen.tar.gz">merlin-xmldsig-fifteen.tar.gz</a> (algorithms, deprecated)<br></p> </div> </div> </td></tr></table></td> </tr></table></body> </html>