Suggestion: a developer friendly, secure API

Question

Suggestion: a developer friendly, secure API

Opened this issue 3 years ago · 4 comments

Hi! 👋

I'd like to thank everyone who has ever worked on this library, as it has helped me build things I wouldn't have built otherwise.

After years of using it, I understood XML Signatures better and I noticed some issues which I believe could be avoided if the API was simpler.

I'd like to propose adding a high-level API that makes our apps harder to hack. Here's how it'd look:

$node = getTheOnlySignedNodeOrNull($xml, $publicKey);

and

$nodesArray = getSignedNodes($xml, $publicKey);

You can read the rationale behind it in this blog post - Your XML security library is sabotaging your work. Here's what you can do about it. It's evident verifying signatures poses a real challenge. An example is described in a post titled Are XML Signatures secure?.

The current, low-level API doesn't have to be removed, so everything can be backward-compatible.

The new, safer API can be built on top of the existing one.

Should we help developers deliver secure solutions?

Answer 1 · 2021-12-30T15:44:24.000Z

Hi @lukaszmakuch ! I don't mean to hijack this topic to self-promote here, but I've been working on something like this for a while and I'm curious to know what you think about this library. The signature-part is done, the encryption-part is a WIP. It's API is made so it has zero-to-no room for mis-use.

Answer 2 · 2022-05-20T01:30:55.000Z

Hi @lukaszmakuch ! I don't mean to hijack this topic to self-promote here, but I've been working on something like this for a while and I'm curious to know what you think about this library. The signature-part is done, the encryption-part is a WIP. It's API is made so it has zero-to-no room for mis-use.

(Disclaimer: not a PHP developer.)

It appears that the library you linked to requires some custom trait implementations. If I were implementing XML-DSIG, the API I would provide is basically the high-level API @lukaszmakuch mentioned, with whatever restrictions make sense for a given use-case.

Answer 3 · 2022-05-20T08:54:30.000Z

@DemiMarie This is not true. What trait implementations are you referring to? Have you read the README?
I don't see how things can get more high level than feeding the library with a key, an algorithm and the XML that has to be signed..

Answer 4 · 2022-05-20T14:12:18.000Z

@DemiMarie This is not true. What trait implementations are you referring to? Have you read the README? I don't see how things can get more high level than feeding the library with a key, an algorithm and the XML that has to be signed..

I did read the README, but I think the getId() method combined with the lack of an example that took only strings as input confused me. As I said, I am not a PHP developer, though I know the basic syntax of the language.