This fork has one small but very important change in XMLSecurityDSig class. order to make signatures verifiable on C#.
Adding of signatures is done via predefined template string constant which contains whitespaces. If signed xml should not contain whitespaces - this will break signature and it won't validate (on eg. c#).
To fix this, constructor now accepts optional parameters $preserveWhiteSpace and $formatOutput which now default both to false.
/**
* Added preserveWhiteSpace = false since validating signature in C# fails because
* signature base template contains & inserts whitespaces on it's own
* @param string $prefix
* @param boolean $preserveWhiteSpace
* @param boolean $formatOutput
*/
public function __construct($prefix='ds', $preserveWhiteSpace = false, $formatOutput = false)
{
...
$sigdoc = new DOMDocument();
$sigdoc->preserveWhiteSpace = $preserveWhiteSpace;
$sigdoc->formatOutput = $formatOutput;
$sigdoc->loadXML($template);
$this->sigNode = $sigdoc->documentElement;
}
#xmlseclibs
xmlseclibs is a library written in PHP for working with XML Encryption and Signatures.
The author of xmlseclibs is Rob Richards.
Master is currently the only actively maintained branch.
- master/3.1: Added AES-GCM support requiring 7.1+
- 3.0: Removes mcrypt usage requiring 5.4+ (5.6.24+ recommended for security reasons)
- 2.0: Contains namespace support requiring 5.3+
- 1.4: Contains auto-loader support while also maintaining backwards compatiblity with the older 1.3 version using the xmlseclibs.php file. Supports PHP 5.2+
xmlseclibs requires PHP version 5.4 or greater. 5.6.24+ recommended for security reasons
Install with composer.phar.
php composer.phar require "robrichards/xmlseclibs"xmlseclibs is being used in many different software.
The example below shows basic usage of xmlseclibs, with a SHA-256 signature.
use RobRichards\XMLSecLibs\XMLSecurityDSig;
use RobRichards\XMLSecLibs\XMLSecurityKey;
// Load the XML to be signed
$doc = new DOMDocument();
$doc->load('./path/to/file/tobesigned.xml');
// Create a new Security object
$objDSig = new XMLSecurityDSig();
// Use the c14n exclusive canonicalization
$objDSig->setCanonicalMethod(XMLSecurityDSig::EXC_C14N);
// Sign using SHA-256
$objDSig->addReference(
$doc,
XMLSecurityDSig::SHA256,
array('http://www.w3.org/2000/09/xmldsig#enveloped-signature')
);
// Create a new (private) Security key
$objKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA256, array('type'=>'private'));
/*
If key has a passphrase, set it using
$objKey->passphrase = '<passphrase>';
*/
// Load the private key
$objKey->loadKey('./path/to/privatekey.pem', TRUE);
// Sign the XML file
$objDSig->sign($objKey);
// Add the associated public key to the signature
$objDSig->add509Cert(file_get_contents('./path/to/file/mycert.pem'));
// Append the signature to the XML
$objDSig->appendSignature($doc->documentElement);
// Save the signed XML
$doc->save('./path/to/signed.xml');Mailing List: https://groups.google.com/forum/#!forum/xmlseclibs