peculiarventures / xadesjs Goto Github PK

A pure Typescript/Javascript implementation of XAdES based on XMLDSIGjs. (Keywords: WebCrypto, XMLDSIG, XADES, eIDAS, Trust List, X.509, CRL, OCSP)

Home Page: https://xadesjs.com

License: MIT License

TypeScript 98.58% JavaScript 1.42%

xmldsig ades xades-bes webcrypto javascript typescript electronic-signatures node-webcrypto-ossl web-crypto

xadesjs's Introduction

XAdESjs

XAdES is short for "XML Advanced Electronic Signatures", it is a superset of XMLDSIG. This library aims to provide an implementation of XAdES in Typescript/Javascript that is built on XMLDSIGjs.

Since it is based on XMLDSIGjs and that library uses Web Crypto for cryptographic operations it can be used both in browsers and in Node.js (when used with a polyfill like webcrypto, node-webcrypto-ossl or node-webcrypto-p11).

There are seven different profiles of XAdES, they are:

Basic Electronic Signature (XAdES-BES)
XAdES with Timestamp (XAdES-T)
XAdES with Complete Validation Data (XAdES-C)
XAdES with Extended Validation Data (XAdES-X)
XAdES with Extended Long Term Validation Data (XAdES-X-L)
XAdES with Archiving Validation Data (XAdES-A)
XAdES with Explicit policy electronic signatures (XAdES-EPES)

They differ slightly based on what is included in the signature:

	Provides Digital Signature	Includes Cryptographic Timestamp	Includes Revocation References	Includes Revocation Data	Allows Secure Timestamp Countersignature
XAdES-BES	Yes	No	No	No	No
XAdES-EPES	Yes	No	No	No	No
XAdES-T	Yes	Yes	No	No	No
XAdES-C	Yes	Yes	Yes	No	No
XAdES-X	Yes	Yes	Yes	No	No
XAdES-X-L	Yes	Yes	Yes	Yes	No
XAdES-A	Yes	Yes	Yes	Yes	Yes

Only XAdES-BES (in BOLD) is fully supported by XAdESjs. For the other variants can be created, decoded and verified but the caller must do the construction and policy to ensure compliant messages on their own.

INSTALLING

npm install xadesjs

The npm module has a dist folder with the following files:

Name	Size	Description
index.js	105 Kb	UMD module with external modules. Has comments
xades.js	803 Kb	UMD bundle module. Has comments
xades.min.js	296 Kb	minified UMD bundle module

There is also a lib folder with an ES2015 JS file which you can use with rollup bundler.

COMPATABILITY

CRYPTOGRAPHIC ALGORITHM SUPPORT

Name	SHA1	SHA2-256	SHA2-384	SHA2-512
RSASSA-PKCS1-v1_5	X	X	X	X
RSA-PSS	X	X	X	X
ECDSA	X	X	X	X
HMAC	X	X	X	X

CANONICALIZATION ALGORITHM SUPPORT

XmlDsigC14NTransform
XmlDsigC14NWithCommentsTransform
XmlDsigExcC14NTransform
XmlDsigExcC14NWithCommentsTransform
XmlDsigEnvelopedSignatureTransform
XmlDsigBase64Transform

PLATFORM SUPPORT

XAdESjs works with any browser that suppports Web Crypto. Since node does not have Web Crypto you will need a polyfill on this platform, for this reason the npm package includes webcrypto; browsers do not need this dependency and in those cases though it will be installed it will be ignored.

If you need to use a Hardware Security Module we have also created a polyfill for Web Crypto that supports PKCS #11. Our polyfill for this is node-webcrypto-p11.

To use node-webcrypto-ossl you need to specify you want to use it, that looks like this:

var xadesjs = require("./built/xades.js");
var { Crypto } = require("@peculiar/webcrypto");

xadesjs.Application.setEngine("NodeJS", new Crypto());

The node-webcrypto-p11 polyfill will work the same way. The only difference is that you have to specify the details about your PKCS #11 device when you instansiate it:

var xadesjs = require("./built/xades.js");
var WebCrypto = require("node-webcrypto-p11").WebCrypto;

xadesjs.Application.setEngine("PKCS11", new WebCrypto({
    library: "/path/to/pkcs11.so",
	name: "Name of PKCS11 lib",
	slot: 0,
    sessionFlags: 2 | 4, // RW_SESSION | SERIAL_SESSION
	pin: "token pin"
}));

WARNING

Using XMLDSIG is a bit like running with scissors, that said it is needed for interoperability with a number of systems, for this reason, we have done this implementation.

Usage

Sign

SignedXml.Sign(algorithm: Algorithm, key: CryptoKey, data: Document, options?: OptionsXAdES): PromiseLike<Signature>;

Parameters

Name	Description
algorithm	Signing Algorithm
key	Signing Key
data	XML document which must be signed
options	Additional options

Options

interface OptionsXAdES {
    /**
     * Public key for KeyInfo block
     */
    keyValue?: CryptoKey;
    /**
     * List of X509 Certificates
     */
    x509?: string[];
    /**
     * List of Reference
     * Default is Reference with hash alg SHA-256 and exc-c14n transform  
     */
    references?: OptionsSignReference[];

    // Signed signature properties

    signingCertificate?: string;
    signingTime?: OptionsSigningTime;
    policy?: OptionsPolicyId;
    productionPlace?: OptionsProductionPlace;
    signerRole?: OptionsSignerRole;
}

interface OptionsSignReference {
    /**
     * Id of Reference
     */
    id?: string;
    uri?: string;
    /**
     * Hash algorithm
     */
    hash: AlgorithmIdentifier;
    /**
     * List of transforms
     */
    transforms?: OptionsSignTransform[];
}

type OptionsSignTransform = "enveloped" | "c14n" | "exc-c14n" | "c14n-com" | "exc-c14n-com" | "base64";

interface OptionsSigningTime {
    value?: Date;
    format?: string;
}

interface OptionsSignerRole {
    claimed?: string[];
    certified?: string[];
}

interface OptionsProductionPlace {
    city?: string;
    state?: string;
    code?: string;
    country?: string;
}

interface OptionsPolicyId {
}

Verify

Verify(key?: CryptoKey): PromiseLike<boolean>;

Parameters

Name	Description
key	Verifying Key. Optional. If key not set it looks for keys in KeyInfo element of Signature.

EXAMPLES

Create XAdES-BES Signature

In Node

var xadesjs = require("xadesjs");
var { Crypto } = require("@peculiar/webcrypto");

xadesjs.Application.setEngine("NodeJS", new Crypto());

// Generate RSA key pair
var privateKey, publicKey;
xadesjs.Application.crypto.subtle.generateKey(
    {
        name: "RSASSA-PKCS1-v1_5",
        modulusLength: 1024, //can be 1024, 2048, or 4096,
        publicExponent: new Uint8Array([1, 0, 1]),
        hash: { name: "SHA-1" }, //can be "SHA-1", "SHA-256", "SHA-384", or "SHA-512"
    },
    false, //whether the key is extractable (i.e. can be used in exportKey)
    ["sign", "verify"] //can be any combination of "sign" and "verify"
)
    .then(function (keyPair) {
        // Push ganerated keys to global variable
        privateKey = keyPair.privateKey;
        publicKey = keyPair.publicKey;

        // Call sign function
        var xmlString = '<player bats="left" id="10012" throws="right">\n\t<!-- Here\'s a comment -->\n\t<name>Alfonso Soriano</name>\n\t<position>2B</position>\n\t<team>New York Yankees</team>\n</player>';
        return SignXml(xmlString, keyPair, { name: "RSASSA-PKCS1-v1_5", hash: { name: "SHA-1" } });
    })
    .then(function (signedDocument) {
        console.log("Signed document:\n\n", signedDocument);
    })
    .catch(function (e) {
        console.error(e);
    });


function SignXml(xmlString, keys, algorithm) {
    return Promise.resolve()
        .then(() => {
            var xmlDoc = xadesjs.Parse(xmlString);
            var signedXml = new xadesjs.SignedXml();

            return signedXml.Sign(               // Signing document
                algorithm,                              // algorithm
                keys.privateKey,                        // key
                xmlDoc,                                 // document
                {                                       // options
                    keyValue: keys.publicKey,
                    references: [
                        { hash: "SHA-256", transforms: ["enveloped"] }
                    ],
                    productionPlace: {
                        country: "Country",
                        state: "State",
                        city: "City",
                        code: "Code",
                    },
                    signingCertificate: "MIIGgTCCBGmgAwIBAgIUeaHFHm5f58zYv20JfspVJ3hossYwDQYJKoZIhvcNAQEFBQAwgZIxCzAJBgNVBAYTAk5MMSAwHgYDVQQKExdRdW9WYWRpcyBUcnVzdGxpbmsgQi5WLjEoMCYGA1UECxMfSXNzdWluZyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTE3MDUGA1UEAxMuUXVvVmFkaXMgRVUgSXNzdWluZyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBHMjAeFw0xMzEwMzAxMjI3MTFaFw0xNjEwMzAxMjI3MTFaMHoxCzAJBgNVBAYTAkJFMRAwDgYDVQQIEwdCcnVzc2VsMRIwEAYDVQQHEwlFdHRlcmJlZWsxHDAaBgNVBAoTE0V1cm9wZWFuIENvbW1pc3Npb24xFDASBgNVBAsTC0luZm9ybWF0aWNzMREwDwYDVQQDDAhFQ19ESUdJVDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJgkkqvJmZaknQC7c6H6LEr3dGtQ5IfOB3HAZZxOZbb8tdM1KMTO3sAifJC5HNFeIWd0727uZj+V5kBrUv36zEs+VxiN1yJBmcJznX4J2TCyPfLk2NRELGu65VwrK2Whp8cLLANc+6pQn/5wKh23ehZm21mLXcicZ8whksUGb/h8p6NDe1cElD6veNc9CwwK2QT0G0mQiEYchqjJkqyY8HEak8t+CbIC4Rrhyxh3HI1fCK0WKS9JjbPQFbvGmfpBZuLPYZYzP4UXIqfBVYctyodcSAnSfmy6tySMqpVSRhjRn4KP0EfHlq7Ec+H3nwuqxd0M4vTJlZm+XwYJBzEFzFsCAwEAAaOCAeQwggHgMFgGA1UdIARRME8wCAYGBACLMAECMEMGCisGAQQBvlgBgxAwNTAzBggrBgEFBQcCARYnaHR0cDovL3d3dy5xdW92YWRpc2dsb2JhbC5ubC9kb2N1bWVudGVuMCQGCCsGAQUFBwEDBBgwFjAKBggrBgEFBQcLAjAIBgYEAI5GAQEwdAYIKwYBBQUHAQEEaDBmMCoGCCsGAQUFBzABhh5odHRwOi8vb2NzcC5xdW92YWRpc2dsb2JhbC5jb20wOAYIKwYBBQUHMAKGLGh0dHA6Ly90cnVzdC5xdW92YWRpc2dsb2JhbC5jb20vcXZldWNhZzIuY3J0MEYGCiqGSIb3LwEBCQEEODA2AgEBhjFodHRwOi8vdHNhMDEucXVvdmFkaXNnbG9iYWwuY29tL1RTUy9IdHRwVHNwU2VydmVyMBMGCiqGSIb3LwEBCQIEBTADAgEBMA4GA1UdDwEB/wQEAwIGQDAfBgNVHSMEGDAWgBTg+A751LXyf0kjtsN5x6M1H4Z6iDA7BgNVHR8ENDAyMDCgLqAshipodHRwOi8vY3JsLnF1b3ZhZGlzZ2xvYmFsLmNvbS9xdmV1Y2FnMi5jcmwwHQYDVR0OBBYEFDc3hgIFJTDamDEeQczI7Lot4uaVMA0GCSqGSIb3DQEBBQUAA4ICAQAZ8EZ48RgPimWY6s4LjZf0M2MfVJmNh06Jzmf6fzwYtDtQLKzIDk8ZtosqYpNNBoZIFICMZguGRAP3kuxWvwANmrb5HqyCzXThZVPJTmKEzZNhsDtKu1almYBszqX1UV7IgZp+jBZ7FyXzXrXyF1tzXQxHGobDV3AEE8vdzEZtwDGpZJPnEPCBzifdY+lrrL2rDBjbv0VeildgOP1SIlL7dh1O9f0T6T4ioS6uSdMt6b/OWjqHadsSpKry0A6pqfOqJWAhDiueqgVB7vus6o6sSmfG4SW9EWW+BEZ510HjlQU/JL3PPmf+Xs8s00sm77LJ/T/1hMUuGp6TtDsJe+pPBpCYvpm6xu9GL20CsArFWUeQ2MSnE1jsrb00UniCKslcM63pU7I0VcnWMJQSNY28OmnFESPK6s6zqoN0ZMLhwCVnahi6pouBwTb10M9/Anla9xOT42qxiLr14S2lHy18aLiBSQ4zJKNLqKvIrkjewSfW+00VLBYbPTmtrHpZUWiCGiRS2SviuEmPVbdWvsBUaq7OMLIfBD4nin1FlmYnaG9TVmWkwVYDsFmQepwPDqjPs4efAxzkgUFHWn0gQFbqxRocKrCsOvCDHOHORA97UWcThmgvr0Jl7ipvP4Px//tRp08blfy4GMzYls5WF8f6JaMrNGmpfPasd9NbpBNp7A=="
                })
            })
            .then(signature => signature.toString());
}

In the browser

<!DOCTYPE html>
<html>

<head>
    <meta charset="utf-8" />
    <title>XADESJS Signature Sample</title>
</head>

<body>
    <pre id="signature"><code></code></pre>
    <script src="https://cdnjs.cloudflare.com/ajax/libs/babel-polyfill/7.7.0/polyfill.min.js"></script>
    <script src="https://cdnjs.cloudflare.com/ajax/libs/asmCrypto/2.3.2/asmcrypto.all.es5.min.js"></script>
    <script src="https://cdn.rawgit.com/indutny/elliptic/master/dist/elliptic.min.js"></script>
    <script src="https://unpkg.com/[email protected]/build/webcrypto-liner.shim.min.js"></script>
    <script src="https://unpkg.com/[email protected]/build/xades.js"></script>
    <script type="text/javascript">
        // Generate RSA key pair
        var privateKey, publicKey;
        window.crypto.subtle.generateKey(
            {
                name: "ECDSA",
                namedCurve: "P-256"
            },
            false, //whether the key is extractable (i.e. can be used in exportKey)
            ["sign", "verify"] //can be any combination of "sign" and "verify"
        )
            .then(function (keyPair) {
                // Push ganerated keys to global variable
                privateKey = keyPair.privateKey;
                publicKey = keyPair.publicKey;
                // Call sign function
                var xmlString = '<player bats="left" id="10012" throws="right">\n\t<!-- Here\'s a comment -->\n\t<name>Alfonso Soriano</name>\n\t<position>2B</position>\n\t<team>New York Yankees</team>\n</player>';
                return SignXml(xmlString, keyPair, { name: "ECDSA", hash: { name: "SHA-1" } });
            })
            .then(function (signedDocument) {
                document.getElementById("signature").textContent = signedDocument;
                console.log("Signed document:\n\n", signedDocument);
            })
            .catch(function (e) {
                console.error(e);
            });

        function SignXml(xmlString, keys, algorithm) {
            var signedXml;
            return Promise.resolve()
                .then(() => {
                    var xmlDoc = XAdES.Parse(xmlString);
                    signedXml = new XAdES.SignedXml();

                    return signedXml.Sign(               // Signing document
                        algorithm,                              // algorithm
                        keys.privateKey,                        // key
                        xmlDoc,                                 // document
                        {                                       // options
                            keyValue: keys.publicKey,
                            references: [
                                { hash: "SHA-256", transforms: ["enveloped"] }
                            ],
                            productionPlace: {
                                country: "Country",
                                state: "State",
                                city: "City",
                                code: "Code",
                            },
                            signerRole: {
                                claimed: ["Some role"]
                            }
                        })
                })
                .then(() => signedXml.toString());
        }
    </script>
</body>

</html>

Check XAdES-BES Signature

In Node

var XAdES = require("xadesjs");
var { Crypto } = require("@peculiar/webcrypto");

XAdES.Application.setEngine("NodeJS", new Crypto());

var fs = require("fs");
var xmlString = fs.readFileSync("some.xml","utf8");

var signedDocument = XAdES.Parse(xmlString, "application/xml");
var xmlSignature = signedDocument.getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", "Signature");

var signedXml = new xadesjs.SignedXml(signedDocument);
signedXml.LoadXml(xmlSignature[0]);
signedXml.Verify()
    .then(res => {
        console.log((res ? "Valid" : "Invalid") + " signature");
    })
    .catch(function (e) {
        console.error(e);
    });

In the browser

<!DOCTYPE html>
<html>

<head>
    <meta charset="utf-8" />
    <title>XADESJS Signature Sample</title>
</head>

<body>
    <pre id="signature"><code></code></pre>
    <script src="https://cdnjs.cloudflare.com/ajax/libs/babel-polyfill/7.7.0/polyfill.min.js"></script>
    <script src="https://cdnjs.cloudflare.com/ajax/libs/asmCrypto/2.3.2/asmcrypto.all.es5.min.js"></script>
    <script src="https://cdn.rawgit.com/indutny/elliptic/master/dist/elliptic.min.js"></script>
    <script src="https://unpkg.com/[email protected]/build/webcrypto-liner.shim.min.js"></script>
    <script src="https://unpkg.com/[email protected]/build/xades.js"></script>
    <script type="text/javascript">
        "use strict";
        fetch("https://cdn.rawgit.com/PeculiarVentures/xadesjs/master/test/static/valid_signature.xml")
            .then(response => response.text())
            .then(body => {
                var xmlString = body;

                var signedDocument = XAdES.Parse(xmlString);
                var xmlSignature = signedDocument.getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", "Signature");

                var signedXml = new xadesjs.SignedXml(signedDocument);
                signedXml.LoadXml(xmlSignature[0]);
                signedXml.Verify()
                    .then(function (signedDocument) {
                        alert((res ? "Valid" : "Invalid") + " signature");
                    })
                    .catch(function (e) {
                        alert(e.message);
                    });
            })
    </script>
</body>

</html>

XAdES-EPES signature

const fs = require("fs");
var { Crypto } = require("@peculiar/webcrypto");
const xadesjs = require("xadesjs");
const { XMLSerializer } = require("xmldom");


const crypto = new Crypto();
xadesjs.Application.setEngine("NodeJS", );

function preparePem(pem) {
    return pem
        // remove BEGIN/END
        .replace(/-----(BEGIN|END)[\w\d\s]+-----/g, "")
        // remove \r, \n
        .replace(/[\r\n]/g, "");
}

function pem2der(pem) {
    pem = preparePem(pem);
    // convert base64 to ArrayBuffer
    return new Uint8Array(Buffer.from(pem, "base64")).buffer;
}

async function main() {
    const hash = "SHA-256"
    const alg = {
        name: "RSASSA-PKCS1-v1_5",
        hash,
    }

    // Read cert
    const certPem = fs.readFileSync("cert.pem", { encoding: "utf8" });
    const certDer = pem2der(certPem);

    // Read key
    const keyPem = fs.readFileSync("key.pem", { encoding: "utf8" });
    const keyDer = pem2der(keyPem);
    const key = await crypto.subtle.importKey("pkcs8", keyDer, alg, false, ["sign"]);

    // XAdES-EPES
    var xmlString = `<Test><Document attr="Hello"/></Test>`;
    var xml = xadesjs.Parse(xmlString);

    var xadesXml = new xadesjs.SignedXml();
    const x509 = preparePem(certPem);
    const signature = await xadesXml.Sign(   // Signing document
        alg,                                    // algorithm
        key,                                    // key
        xml,                                    // document
        {                                       // options
            references: [
                { hash, transforms: ["c14n", "enveloped"] }
            ],
            policy: {
                hash,
                identifier: {
                    qualifier: "OIDAsURI",
                    value: "quilifier.uri",
                },
                qualifiers: [
                    {
                        noticeRef: {
                            organization: "PeculiarVentures",
                            noticeNumbers: [1, 2, 3, 4, 5]
                        }
                    }
                ]
            },
            productionPlace: {
                country: "Russia",
                state: "Marij El",
                city: "Yoshkar-Ola",
                code: "424000",
            },
            signingCertificate: x509
        });

    // append signature
    xml.documentElement.appendChild(signature.GetXml());

    // serialize XML
    const oSerializer = new XMLSerializer();
    const sXML = oSerializer.serializeToString(xml);
    console.log(sXML.toString())
}

main()
    .catch((err) => {
        console.error(err);
    });

TESTING

In NodeJS:

npm test

THANKS AND ACKNOWLEDGEMENT

This project takes inspiration (style, approach, design and code) from both the Mono System.Security.Cryptography.Xml implementation as well as xml-crypto.

xadesjs's People

Contributors

Stargazers

Watchers

xadesjs's Issues

Docs say "the npm package includes node-webcrypto-ossl;"

After npm install xadesjs, I don't see node-webcrypto-ossl in it's node_modules, is the Readme incorrect and I need to install it separately to use with node?

Update to PKIjs-es6

PFX File

Can I use PFX cert?
Have one example?

move server.js and html into test

Both serverjs and html probably belong in test

Add Tranforms class

Move Transforms from xadesjs.pro to xadesjs

Should we remove this comment block in signed_xml

https://github.com/PeculiarVentures/xadesjs/blob/master/src/signed_xml.ts#L444-L477

Make sure RSSA-PSS works as expected

Test 29 fails

Add coveralls

https://coveralls.io

Requires xml-core but not listed in package.json thereby not installed

Hey,

Giving Xades.js a try and noticed that Node immediately threw Error: Cannot find module 'xml-core' upon requiring it. I believe that's because the head of xadesjs/dist/index.js requires it, but it's not listed in package.json and therefore not installed.

Cheers

Any standalone browser example?

Hi. Can you provide any standalone browser example? I've seen HTML files in test directory but they don't seem to work because of file path or something. Thanks.

HMAC support really belongs in hmac_sign.ts and not rsa_sign.ts

https://github.com/PeculiarVentures/xadesjs/blob/master/src/algorithm/rsa_sign.ts#L56-L67

We should create a demo page

I have xadesjs.com pointed at our git repository here, I would like for us to build a demo application and host it on git.

Here is a proposal for what that might look like:
https://docs.google.com/document/d/1MIK7t7VHOz7OxzO7k0nOzlabjikdI4RkAkpedNU48JU/edit#heading=h.tb2kpesf0b6j

Add decorator for Xml objects

Add decorator for member of Xml objects which must switch flag for GetXml compilation

if object is filled from Xml it has internal member element. But if change objects's member value it must be recompiled on GetXml

Maybe it must be resolved in XmlJs layer

http://www.w3.org/TR/2001/REC-xml-c14n-20010315

Hi, @rmhrisk @microshine! I'm having some trouble validating signatures canonicalize by xml-c14n using xml-crypto lib. I know you build on top of it and added some features, among other c14n support. So maybe I could use you're help
I have this signature and i can't validate it. I'm sure the dif is in the canonicalization method

<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
  <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
  <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
  <Reference URI="">
    <Transforms>
      <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
      <Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
    </Transforms>
    <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
    <DigestValue>txO/Q5rCzp2FMT3FgOQfVzwCcFk=</DigestValue>
  </Reference>
</SignedInfo>
    <SignatureValue>wpnU9yX9RDxQsMYPAdiqR14EObYvsboXgXFatyPC7g3rcgSIT5VQdAdgKtUeKMpXi0hWDK/wyIsp53E0Jl9T46ooLFDZMuTYs7UAyiXX/MsvPGCYCmRK7uf0Cv3Wuu6bSCyzBgjQQ/sP130nYUGEXG9w4TxT7BAyanYhS4Fxl5A=</SignatureValue><KeyInfo><X509Data><X509IssuerSerial><X509IssuerName>CN=Correo Uruguayo - CA, OU=SERVICIOS ELECTRONICOS, O=ADMINISTRACION NACIONAL DE CORREOS, C=UY</X509IssuerName><X509SerialNumber>155761856642617054135126896023459966393</X509SerialNumber></X509IssuerSerial></X509Data></KeyInfo></Signature>

I can' t verify this signature! I think it have something to do with the canonicalization process. The cannonXml (excC14N) would be:

<SignedInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
  <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></CanonicalizationMethod>
  <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></SignatureMethod>
  <Reference URI="">
    <Transforms>
      <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></Transform>
      <Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></Transform>
    </Transforms>
    <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod>
    <DigestValue>txO/Q5rCzp2FMT3FgOQfVzwCcFk=</DigestValue>
  </Reference>
</SignedInfo>

Would c14N cannon be the same?

Thanks for any data, advice you could offer me

Add merlin and phaos tests to our regression suite

phaos-xmldsig-three.zip:
wget http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2003JulSep/att-0018/phaos-xmldsig-three.zip

merlin-xmldsig-twenty-three: 01-merlin-xmldsig-twenty-three.tar.gz
tar -zxf 01-merlin-xmldsig-twenty-three.tar.gz

01-merlin-xmldsig-twenty-three.tar.gz:
wget http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2002AprJun/att-0016/01-merlin-xmldsig-twenty-three.tar.gz

Error installing: remote invalid username or password when cloning repo

npm ERR! git clone --template=/home/dir/.npm/_git-remotes/_templates --mirror https://github.com/PeculiarVentures/asn1js-es6.git /home/dir/.npm/_git-remotes/git-https-github-com-PeculiarVentures-asn1js-es6-git-f4b3f41f: Cloning into bare repository '/home/dir/.npm/_git-remotes/git-https-github-com-PeculiarVentures-asn1js-es6-git-f4b3f41f'...

npm ERR! git clone --template=/home/dir/.npm/_git-remotes/_templates --mirror https://github.com/PeculiarVentures/asn1js-es6.git /home/dir/.npm/_git-remotes/git-https-github-com-PeculiarVentures-asn1js-es6-git-f4b3f41f: remote: Invalid username or password.

npm ERR! git clone --template=/home/dir/.npm/_git-remotes/_templates --mirror https://github.com/PeculiarVentures/asn1js-es6.git /home/dir/.npm/_git-remotes/git-https-github-com-PeculiarVentures-asn1js-es6-git-f4b3f41f: fatal: Authentication failed for 'https://github.com/PeculiarVentures/asn1js-es6.git/'

I get the above error when trying to install from npm (simply running npm install xadesjs), is there something I should change? Or is there a problem with the repo?

Add Collection<T> class

Move Collection class from xadesjs.pro to xadesjs

Ensure package.json is ready for publication

Should we have built include built documentation?

https://github.com/clenemt/docdash

xadesjs.com demo not work at mobile browsers

Hi.

xadesjs.com demo page seems not to work on mobile browsers such like mobile chrome, mobile firefox and mobile safari. Can you provide supported browser list for it?

Thanks.

make sure we can validate tp-ml.xml

Top demo doesn't work on Mobile Safari and Mobile Chrome

Hello. Top page demo (https://xadesjs.com/) doesn't seem to work on Mobile Safari(iOS 9.3.2 latest) and Mobile Chrome (50.0.2661.95 latest on iOS) as though WebCrypto signing and validation are supprted on them. Regards.

Add webcrypto polyfill to gh-pages

For the page to work on safari we will probably need to add a polyfill

Should we specify our xmldom as dependency

@microshine in this commit: 04e5101

You make use need to provide this package on their own, would it be better to specify our private copy as a dependency?

"git+ssh://github.com/PeculiarVentures/xmldom"

Make sure HMAC-SHA1 works as expected or remove from readme

Even though it wouldnt be supported in node-webcrypto-ossl configs we can support in browser, xml-crypto supports it, and the current code seems to. We should veryify it works.

Readme node example outdated or not tested?

I'm not sure at all how to use this package, the examples seem to be incorrect in the readme.
I ran
npm install xadesjs --save

to install the package. (there are no install instructions in the readme, I hope this is all that's required)

According to the readme the example code should just work since it doesn't say you need to separately install anything else, however the example code is a fail:

First line:
var xadesjs = require("xades");
Error: Cannot find module 'xades'
at Function.Module._resolveFilename (module.js:325:15)

I think this is probably a typo and should be xadesjs? I assumed so and changed it

var xadesjs = require("xadesjs");
var DOMParser = require("xmldom").DOMParser;

and then I get this:
Error: Cannot find module 'xmldom'
at Function.Module._resolveFilename (module.js:325:15)

But when I check under xadesjs in modules it contains xmldom in it's node_modules!?

And that's as far as I'm willing to waste time on this.

Is the example code just completely wrong and needs to be re-written or ....

clean up html example, create examples folder and put there.

Add example to readme showing how to verify tl-mp.xml

Multiple signers - how to?

I'm new to electronic signature and I'm interested on xadesjs.

I need an advice, or strategy recommendation.
Some documents require to be signed by two or more users. Maybe thousands.
What would be the right way to do this?
Perhaps I should generate a PDF file for up to 20 users and embed each user's signature in the same file?

Update package.json to refer to xmldom

Looks like our pull requests were accepted.

A new package has not yet been published but in theory we can update package.json to refer to:
https://github.com/jindw/xmldom.git

If we get a new xmldom package we can just specify the npm package again.

SigningCertificate

Old implementation:
https://github.com/PeculiarVentures/xadesjs-pro/blob/master/src/xades_signed_xml.ts#L565
W3 specification:
https://www.w3.org/TR/XAdES/#Syntax_for_XAdES_The_SigningCertificate_element

Doest it have to be a link to the first Certificate of Signature Certificates?

Error: IE doesn't have createNSResolver method

Add jsdoc comments

Use https://developer.xamarin.com/api/namespace/System.Security.Cryptography.Xml/ as base

X509Certificate::exportKey doesn't support EC

Support http://www.w3.org/2000/09/xmldsig#base64 transform

Specification

how to add custom KeyInfo clause?

in xml-crypto i can add a custom KeyInfo implementation to customize the output and it seems like in xadesjs it is supported too -> signedXml.KeyInfo.AddClause(keyInfoClause); is that correct? if so, do you have some guide how the implementation would look like?

Two C14N related test failures in travis

https://travis-ci.org/PeculiarVentures/xadesjs/jobs/152291928#L649-L650

Failing Travis builds on linux

It is unclear why on earth this is happening but Travis on linux insists on picking up xmldom vs xmldom-alpha which is what package.json says. OSX, on the other hand, does the right thing. I have a bug open with the xmldom author asking them to release a regular xmldom but it is unclear when/if that will happen.

If it doesnt happen soon maybe we just release our own npm of the xmldom package, I just would rather not do that due to creating confusion for others.

XADES-BES signing

Hi,
would you like to show example how to sign XML document using XADES-BES?
There is only XMLSIG example. I found xadesjs very useful but I don't know how to use it.

Thank you in advance for any help you can provide.

Move to es6 version of PKIjs

The es6 version of PKIjs is now officially v2, update dependencies:

    "asn1js": "[email protected]:PeculiarVentures/ASN1.js.git",
    "pkijs": "[email protected]:PeculiarVentures/PKI.js.git"

To Sign Existing Private Key using XADESJS

Hello,

How can I sign xml document with existing privatekey using xadesjs?

My smart card doesn't support KeyPairGen!

My smart card's mechanisms;

Thanks

Add documentation generation to package.info

We can add generation of derived documentation via tsdoc/typedoc or similar then apply fork of docdash: https://github.com/clenemt/docdash

"script": {
"generate-docs": "node_modules/.bin/jsdoc -c jsdoc.json"
}
This way we can have standalone documentation showing how to use the library.

how to add custom attributes to the signature node?

congrats for the release!

a minor question.. in xml-crypto i can specify custom attribute for the resulting <Signature />

example in xml-crypto:

signGenerator.computeSignature(xmlStr, {
    prefix: 'ds',
    attrs: {
      Id: 'customIdPerSignatureInMyApplication'
    },
    // .. other options here ..
  });

result -> <Signature Id="customIdPerSignatureInMyApplication"> </Signature>,

how this can be done in xadesjs?

// constructor(node: Element)
this.envdoc = new DOMParser().parseFromString(node.outerHTML, xadesjs.APPLICATION_XML);

throw error on NodeJs from DOMParser. It seems that xmldom node.outerHTML is ubdefined

Implement CheckSignature(trustedRoots, additionalCAs) that would make sure message signed by cert issued by an associated CA

error in node-webcrypto-ossl installation

As xadesjs npm page (https://www.npmjs.com/package/xadesjs) node-webcrypto-ossl installation as following:

npm install node-webcrypto-ossl

However this seems to raise error. My error log is following:

sudo npm install -g node-webcrypto-ossl
npm WARN deprecated [email protected]: Jade has been renamed to pug, please install the latest version of pug instead of jade
npm WARN deprecated [email protected]: graceful-fs v3.0.0 and before will fail on node releases >= v7.0. Please update to graceful-fs@^4.0.0 as soon as possible. Use 'npm ls graceful-fs' to find it in the tree.
/
> [email protected] install /opt/local/lib/node_modules/node-webcrypto-ossl
> tsd install && tsc && node-gyp rebuild

sh: tsd: command not found
npm ERR! Darwin 14.5.0
npm ERR! argv "/opt/local/bin/node" "/opt/local/bin/npm" "install" "-g" "node-webcrypto-ossl"
npm ERR! node v4.4.2
npm ERR! npm  v2.15.2
npm ERR! file sh
npm ERR! code ELIFECYCLE
npm ERR! errno ENOENT
npm ERR! syscall spawn

npm ERR! [email protected] install: `tsd install && tsc && node-gyp rebuild`
npm ERR! spawn ENOENT
npm ERR! 
npm ERR! Failed at the [email protected] install script 'tsd install && tsc && node-gyp rebuild'.
npm ERR! This is most likely a problem with the node-webcrypto-ossl package,
npm ERR! not with npm itself.
npm ERR! Tell the author that this fails on your system:
npm ERR!     tsd install && tsc && node-gyp rebuild
npm ERR! You can get information on how to open an issue for this project with:
npm ERR!     npm bugs node-webcrypto-ossl
npm ERR! Or if that isn't available, you can get their info via:
npm ERR! 
npm ERR!     npm owner ls node-webcrypto-ossl
npm ERR! There is likely additional logging output above.

npm ERR! Please include the following file with any support request:
npm ERR!     /Users/user1/z/npm-debug.log

As node-webcrypto-ossl npm page (https://www.npmjs.com/package/node-webcrypto-ossl), installation described as following:

git clone https://github.com/PeculiarVentures/node-webcrypto-ossl
cd node-webcrypto-ossl
npm install node-gyp -g
npm install typescript -g
npm install tsd -g
npm install mocha -g
npm install
tsd install
tsc
node-gyp configure build

How can I install node-webcrypto-ossl properly?

Thanks

demo page does not handle invalid verification corectly

Visit : xadesjs.com

Change text in text area, check console:

peculiarventures / xadesjs Goto Github PK

xadesjs's Introduction

XAdESjs

INSTALLING

COMPATABILITY

CRYPTOGRAPHIC ALGORITHM SUPPORT

CANONICALIZATION ALGORITHM SUPPORT

PLATFORM SUPPORT

WARNING

Usage

Sign

Options

Verify

EXAMPLES

Create XAdES-BES Signature

In Node

In the browser

Check XAdES-BES Signature

In Node

In the browser

XAdES-EPES signature

TESTING

In NodeJS:

THANKS AND ACKNOWLEDGEMENT

RELATED

xadesjs's People

Contributors

Stargazers

Watchers

Forkers

xadesjs's Issues

Recommend Projects

Recommend Topics

Recommend Org