Skip to main content

pure Python XML Security

Project description

python XML Security

Travis Build Coverage Test Coverage Maintainability License Format PyPI Version

This is a python implementation of XML-Security - XML-DSIG only right now. There are no dependencies except lxml and pyca/cryptography currently.

This code was inspired by https://github.com/andrewdyates/xmldsig (this implementation is a refactor and extension of that implementation) and in former versions used to include a pure-python RSA implementation https://github.com/andrewdyates/rsa_x509_pem by and with permission from Andrew Yates. Cryptographic primitives are now provided by pyca/cryptography (https://cryptography.io).

In order to sign with a PKCS#11-module you need to install pykcs11 (http://www.bit4id.org/pykcs11/)

This package is available under the NORDUnet BSD license (cf LICENSE.txt)

Limitations:

  • only support for RSA-SHA1/256/512 signatures with PKCS1.5 padding

  • no encryption support

Some of those limitations might be addressed. Patches and pull-requests are most welcome!

News

0.1

Release date: UNRELEASED

0.2

Release date: Mon Aug 27 12:42:45 CEST 2012

  • more rubust algorithm uri parsing

  • support for “#”-style IDs

  • partial support for <Transform/> elts with child-elements

  • make all exceptions an XMLSecException

  • first draft: sign

  • various cleanups

0.3

Release date: Tue Aug 28 09:46:47 CEST 2012

  • handle #-style references (remove top-level comments and PIs)

  • don’t unescape &amp; &lt; and &gt;

  • don’t give empty inclusive ns prefix list to c14n

  • move exception to separate file

  • first version of the pkcs11 shim layer

0.4

Release date: Wed Aug 29 12:43:05 CEST 2012

  • starting on tests

  • cleanup pkcs11 layer

  • various bugfixes and cleanup

0.5

Release date: Wed Sep 5 11:52:58 CEST 2012

  • Fix bug when signing using non-p11 keys

  • More robust PEM-unfolding

0.6

Release date: Fri Nov 30 10:29:03 CET 2012

0.7

Release date: Mon Feb 4 15:53:32 CET 2013

  • Minor fixes

0.8

Release date: Wed Apr 3 09:05:53 CEST 2013

  • Multiple bugfixes

  • More SAML and P11 testcases

0.9

Release date: Mon Jun 24 11:24:20 CEST 2013

  • Bugfixes

  • Protection against wrapping attacks (new API!)

0.10

Release date: Thu Sep 12 20:16:04 CEST 2013

  • fix PEM parser bug

  • switch to semantic versioning

0.11

Release date: Fri Oct 11 17:06:53 CEST 2013

  • better control over the position of the signature element

0.12

Release date: Wed Dec 4 15:00:29 CET 2013

  • use pyconfig to control configuration parameters

  • support sha2 algorithms

  • several bugfixes for c14n

0.13

Release date: lör 22 mar 2014 10:44:49 CET

  • various unicode fixes related to pkcs#11

  • skip certain tests unless opensc is installed

  • use existing SignatureValue if present

  • various fixes from Fredrik T and Maya W

0.14

Release date: Mon Dec 1 08:58:54 CET 2014

  • Add explicit call to C_Initialize

  • Various bugs fixed - from Fredrik T

  • Allow caller control over session close

0.15

Release date: mån 16 nov 2015 13:40:26 CET

  • xmlsign: a simple sign cmdline tool

  • optionally drop signatures when validating

  • avoid logging keysize in p11 case

  • put a lock around pyasn1 parser

  • make cert loading thread safe

  • bugfixes

0.16

Release ons 13 dec 2017 21:10:29 CET

  • crypto abstraction

  • switch to sha256 default

  • verify and sign cmdline tools

  • lots of bugfixes

0.17

Release tor 14 dec 2017 12:27:48 CET

  • fix base64 bug

  • fix bug in cmdline verify serialization

0.18

Release fre 25 maj 2018 19:43:54 CEST

  • fix verification bug affecting sha512

0.19

Release tis 22 jan 2019 13:53:49 CET

  • python3 compatibility

  • fix private key leak issue

  • P11 fixes

  • test improvements

0.20

Release tis 10 sep 2019 19:41:58 CEST

  • more p3 compat

0.21

Release ons 19 feb 2020 16:21:05 CET

  • add cmdline arg for setting position of signature in xmlsign tool

0.30

Release ons 28 Feb 2023 16:51:25 CET

  • add support for non-RSA and non-PKCS1 v1.5 padding

  • improved logging

  • drop python3

  • fix for mgf1 verification

  • avoid tripping up on missing fingerprints - validate over all signatures

  • correct import for MutableMapping

1.0.0

Release tor 24 aug 2023 14:08:17 CEST

  • support for PKIX chain validation for XML signatures

  • support for python 3.10

  • start using semantic versioning

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pyXMLSecurity-1.0.0.tar.gz (31.3 kB view details)

Uploaded Source

File details

Details for the file pyXMLSecurity-1.0.0.tar.gz.

File metadata

  • Download URL: pyXMLSecurity-1.0.0.tar.gz
  • Upload date:
  • Size: 31.3 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.2 CPython/3.10.12

File hashes

Hashes for pyXMLSecurity-1.0.0.tar.gz
Algorithm Hash digest
SHA256 03398d6c7eef462410c7133d0b8861d721f67678f6a66f45090aba26806d76a3
MD5 bf992eb86dbc169e5f7fa94115014008
BLAKE2b-256 4c37f1f50c2bb840d97490b45f3fb658ec489d5dacc4d7c9630b67bb380cb748

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page