pyXMLSecurity

pure Python XML Security

Project description

python XML Security

This is a python implementation of XML-Security - XML-DSIG only right now. There are no dependencies except lxml and pyca/cryptography currently.

This code was inspired by https://github.com/andrewdyates/xmldsig (this implementation is a refactor and extension of that implementation) and in former versions used to include a pure-python RSA implementation https://github.com/andrewdyates/rsa_x509_pem by and with permission from Andrew Yates. Cryptographic primitives are now provided by pyca/cryptography (https://cryptography.io).

In order to sign with a PKCS#11-module you need to install pykcs11 (http://www.bit4id.org/pykcs11/)

This package is available under the NORDUnet BSD license (cf LICENSE.txt)

Limitations:

only support for RSA-SHA1/256/512 signatures with PKCS1.5 padding
no encryption support

Some of those limitations might be addressed. Patches and pull-requests are most welcome!

News

0.1

Release date: UNRELEASED

This is the first unreleased version of the code
http://github.com/leifj/pyXMLSecurity

0.2

Release date: Mon Aug 27 12:42:45 CEST 2012

more rubust algorithm uri parsing
support for “#”-style IDs
partial support for <Transform/> elts with child-elements
make all exceptions an XMLSecException
first draft: sign
various cleanups

0.3

Release date: Tue Aug 28 09:46:47 CEST 2012

handle #-style references (remove top-level comments and PIs)
don’t unescape & < and >
don’t give empty inclusive ns prefix list to c14n
move exception to separate file
first version of the pkcs11 shim layer

0.4

Release date: Wed Aug 29 12:43:05 CEST 2012

starting on tests
cleanup pkcs11 layer
various bugfixes and cleanup

0.5

Release date: Wed Sep 5 11:52:58 CEST 2012

Fix bug when signing using non-p11 keys
More robust PEM-unfolding

0.6

Release date: Fri Nov 30 10:29:03 CET 2012

Allow Reference@URI to be passed as argument

0.7

Release date: Mon Feb 4 15:53:32 CET 2013

Minor fixes

0.8

Release date: Wed Apr 3 09:05:53 CEST 2013

Multiple bugfixes
More SAML and P11 testcases

0.9

Release date: Mon Jun 24 11:24:20 CEST 2013

Bugfixes
Protection against wrapping attacks (new API!)

0.10

Release date: Thu Sep 12 20:16:04 CEST 2013

fix PEM parser bug
switch to semantic versioning

0.11

Release date: Fri Oct 11 17:06:53 CEST 2013

better control over the position of the signature element

0.12

Release date: Wed Dec 4 15:00:29 CET 2013

use pyconfig to control configuration parameters
support sha2 algorithms
several bugfixes for c14n

0.13

Release date: lör 22 mar 2014 10:44:49 CET

various unicode fixes related to pkcs#11
skip certain tests unless opensc is installed
use existing SignatureValue if present
various fixes from Fredrik T and Maya W

0.14

Release date: Mon Dec 1 08:58:54 CET 2014

Add explicit call to C_Initialize
Various bugs fixed - from Fredrik T
Allow caller control over session close

0.15

Release date: mån 16 nov 2015 13:40:26 CET

xmlsign: a simple sign cmdline tool
optionally drop signatures when validating
avoid logging keysize in p11 case
put a lock around pyasn1 parser
make cert loading thread safe
bugfixes

0.16

Release ons 13 dec 2017 21:10:29 CET

crypto abstraction
switch to sha256 default
verify and sign cmdline tools
lots of bugfixes

0.17

Release tor 14 dec 2017 12:27:48 CET

fix base64 bug
fix bug in cmdline verify serialization

0.18

Release fre 25 maj 2018 19:43:54 CEST

fix verification bug affecting sha512

0.19

Release tis 22 jan 2019 13:53:49 CET

python3 compatibility
fix private key leak issue
P11 fixes
test improvements

0.20

Release tis 10 sep 2019 19:41:58 CEST

more p3 compat

0.21

Release ons 19 feb 2020 16:21:05 CET

add cmdline arg for setting position of signature in xmlsign tool

0.30

Release ons 28 Feb 2023 16:51:25 CET

add support for non-RSA and non-PKCS1 v1.5 padding
improved logging
drop python3
fix for mgf1 verification
avoid tripping up on missing fingerprints - validate over all signatures
correct import for MutableMapping

1.0.0

Release tor 24 aug 2023 14:08:17 CEST

support for PKIX chain validation for XML signatures
support for python 3.10
start using semantic versioning

Project details

Release history Release notifications | RSS feed

This version

1.0.0

Aug 24, 2023

0.30

Feb 28, 2023

0.21

Feb 19, 2020

0.20

Sep 10, 2019

0.19

Jan 22, 2019

0.18

May 25, 2018

0.17

Dec 14, 2017

0.16

Dec 13, 2017

0.15

Nov 16, 2015

0.14

Dec 1, 2014

0.13

Mar 22, 2014

0.12

Dec 4, 2013

0.11

Oct 11, 2013

0.10.0

Sep 12, 2013

0.9

Jun 24, 2013

0.8

Apr 3, 2013

0.7

Feb 4, 2013

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pyXMLSecurity-1.0.0.tar.gz (31.3 kB view details)

Uploaded Aug 24, 2023 Source

File details

Details for the file pyXMLSecurity-1.0.0.tar.gz.

File metadata

Download URL: pyXMLSecurity-1.0.0.tar.gz
Upload date: Aug 24, 2023
Size: 31.3 kB
Tags: Source
Uploaded using Trusted Publishing? No
Uploaded via: twine/4.0.2 CPython/3.10.12

File hashes

Hashes for pyXMLSecurity-1.0.0.tar.gz
Algorithm	Hash digest
SHA256	`03398d6c7eef462410c7133d0b8861d721f67678f6a66f45090aba26806d76a3`
MD5	`bf992eb86dbc169e5f7fa94115014008`
BLAKE2b-256	`4c37f1f50c2bb840d97490b45f3fb658ec489d5dacc4d7c9630b67bb380cb748`