signxml 0.3.0

Python XML Signature library

SignXML is an implementation of the W3C XML Signature standard (RFC 3275) in Python (both “Second Edition” and Version 1.1). This standard (also known as XMLDSig) is used to provide payload security in SAML 2.0, among other uses. SignXML implements all of the required components of the standard, and most recommended ones. Its features are:

• Use of defusedxml.lxml to defend against common XML-based attacks when verifying signatures

• Extensions to allow signing with and verifying X.509 certificate chains, including hostname/CN validation

• Modern Python compatibility (2.7-3.4+ and PyPy)

• Well-supported and reliable dependencies: lxml, defusedxml, cryptography, eight, pyOpenSSL

• Comprehensive testing (including the XMLDSig interoperability suite) and continuous integration

• Simple interface with useful defaults

• Compactness, readability, and extensibility

Installation

pip install signxml

Synopsis

from signxml import xmldsig

cert = open("example.pem").read()
key = open("example.key").read()
root = ElementTree.fromstring(signature_data)
xmldsig(root).sign(key=key, cert=cert)
xmldsig(root).verify()

Using a SAML metadata file:

from signxml import xmldsig

with open("metadata.xml", "rb") as fh:
    cert = etree.parse(fh).find("//ds:X509Certificate").text

root = ElementTree.fromstring(signature_data)
xmldsig(root).verify(x509_cert=cert)

See the API documentation for more.

Authors

• Andrey Kislyuk

Links

• Project home page (GitHub)

• Documentation (Read the Docs)

• Package distribution (PyPI)

• W3C Recommendation: XML Signature Syntax and Processing (Second Edition)

• W3C Recommendation: XML Signature Syntax and Processing Version 1.1

• W3C Working Group Note: XML Signature Syntax and Processing Version 2.0

• XML-Signature Interoperability

• Test Cases for C14N 1.1 and XMLDSig Interoperability

Bugs

Please report bugs, issues, feature requests, etc. on GitHub.

License

Licensed under the terms of the Apache License, Version 2.0.