SignedXml

SignedXml is a Ruby implementation of XML Signatures.

Dependencies

SignedXml requires and is in love with Nokogiri.

Limitations

They are legion. Allowed transformations are enveloped-signature and c14n. Only same-document Reference URIs are supported, and of those only the null URI (URI="", i.e. the whole document) and fragment URIs which specify a literal ID are supported. XPointer expressions are not supported.

SignedXml can also sign documents which contain certain required placeholder elements. For an example, see the file saml_response_template.xml in spec/resources.

Installation

Add this line to your application's Gemfile:

gem 'signed_xml'

And then execute:

bundle

Or install it yourself as:

gem install signed_xml

Usage

require 'signed_xml'

# Verification
# using certificate in document
signed_doc = SignedXml::Document(File.read 'some_signed_doc.xml')
signed_doc.is_verified?

# using certificate provided by caller
certificate = OpenSSL::X509::Certificate.new(File.read 'certificate.pem')
signed_doc.is_verified? certificate

# using certificate which matches the one in the document
# (and failing if it doesn't)
cert_fingerprint = Digest::SHA1.hexdigest(certificate.to_der)
certificate_store = {cert_fingerprint => certificate}
signed_doc.is_verified? certificate_store

# Signing
doc = SignedXml::Document(File.read 'doc_with_placeholder_elems.xml')
private_key = OpenSSL::PKey::RSA.new(File.new 'private_key.pem')
certificate = OpenSSL::X509::Certificate.new(File.read 'certificate.pem')
doc.sign(private_key, certificate)
File.open('signed_doc.xml', 'w') { |file| file.puts doc.to_xml }

Contributing

Fork it
Create your feature branch (git checkout -b my-new-feature)
Commit your changes (git commit -am 'Add some feature')
Push to the branch (git push origin my-new-feature)
Create new Pull Request

signed_xml

Development