No commit activity in last 3 years
No release in over 3 years
This gem is a (partial) implementation of the XMLDsig specification
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Dependencies

Runtime

 Project Readme

Build Status

Xmldsig

This gem is a (partial) implementation of the XMLDsig specification (http://www.w3.org/TR/xmldsig-core)

Installation

Add this line to your application's Gemfile:

gem 'xmldsig'

And then execute:

$ bundle

Or install it yourself as:

$ gem install xmldsig

Usage

unsigned_xml = <<-XML
<?xml version="1.0" encoding="UTF-8"?>
<foo:Foo ID="foo" xmlns:foo="http://example.com/foo#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#">
  <foo:Bar>bar</foo:Bar>
  <ds:Signature>
    <ds:SignedInfo>
      <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
      <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
      <ds:Reference URI="#foo">
        <ds:Transforms>
          <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
          <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
            <ec:InclusiveNamespaces PrefixList="foo"/>
          </ds:Transform>
        </ds:Transforms>
        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
        <ds:DigestValue></ds:DigestValue>
      </ds:Reference>
    </ds:SignedInfo>
    <ds:SignatureValue></ds:SignatureValue>
  </ds:Signature>
</foo:Foo>
XML

private_key = OpenSSL::PKey::RSA.new(File.read("key.pem"))
certificate = OpenSSL::X509::Certificate.new(File.read("certificate.cer"))

unsigned_document = Xmldsig::SignedDocument.new(unsigned_xml)
signed_xml = unsigned_document.sign(private_key)

# With block
signed_xml = unsigned_document.sign do |data|
  private_key.sign(OpenSSL::Digest::SHA256.new, data)
end

# Validation

signed_document = Xmldsig::SignedDocument.new(signed_xml)
signed_document.validate(certificate)

# With block
signed_document = Xmldsig::SignedDocument.new(signed_xml)
signed_document.validate do |signature_value, data|
  certificate.public_key.verify(OpenSSL::Digest::SHA256.new, signature_value, data)
end

Known issues

  1. Windows in app purchase verification requires extra whitespace removal: benoist#13

Contributing

  1. Fork it
  2. Create your feature branch (git checkout -b my-new-feature)
  3. Commit your changes (git commit -am 'Add some feature')
  4. Push to the branch (git push origin my-new-feature)
  5. Create new Pull Request