XML Security Library performs signature or encryption by processing input xml or binary data and a template that specifies a signature or encryption skeleton: the transforms, algorithms, the key selection process. A template has the same structure as the desired result but some of the nodes are empty. XML Security Library gets the key for signature/encryption from keys managers using the information from the template, does necessary computations and puts the results in the template. Signature or encryption context controls the whole process and stores the required temporary data.

The typical siganture process includes following steps: Prepare data for signature. Create or load signature template and select start <dsig:Signature/> node. Create signature context xmlSecDSigCtx using xmlSecDSigCtxCreate or xmlSecDSigCtxInitialize functions. Load signature key in keys manager or generate a session key and set it in the signature context (signKey member of xmlSecDSigCtx structure). Sign data by calling xmlSecDSigCtxSign function. Check returned value and consume signed data. Destroy signature context xmlSecDSigCtx using xmlSecDSigCtxDestroy or xmlSecDSigCtxFinalize functions. signKey = xmlSecCryptoAppKeyLoad(key_file, xmlSecKeyDataFormatPem, NULL, NULL, NULL); if(dsigCtx->signKey == NULL) { fprintf(stderr,"Error: failed to load private pem key from \"%s\"\n", key_file); goto done; } /* set key name to the file name, this is just an example! */ if(xmlSecKeySetName(dsigCtx->signKey, key_file) < 0) { fprintf(stderr,"Error: failed to set key name for key from \"%s\"\n", key_file); goto done; } /* sign the template */ if(xmlSecDSigCtxSign(dsigCtx, node) < 0) { fprintf(stderr,"Error: signature failed\n"); goto done; } /* print signed document to stdout */ xmlDocDump(stdout, doc); /* success */ res = 0; done: /* cleanup */ if(dsigCtx != NULL) { xmlSecDSigCtxDestroy(dsigCtx); } if(doc != NULL) { xmlFreeDoc(doc); } return(res); } ]]> Full program listing Simple signature template file The typical encryption process includes following steps: Prepare data for encryption. Create or load encryption template and select start <enc:EncryptedData/> node. Create encryption context xmlSecEncCtx using xmlSecEncCtxCreate or xmlSecEncCtxInitialize functions. Load encryption key in keys manager or generate a session key and set it in the encryption context (encKey member of xmlSecEncCtx structure). Encrypt data by calling one of the following functions: xmlSecEncCtxBinaryEncrypt xmlSecEncCtxXmlEncrypt xmlSecEncCtxUriEncrypt Check returned value and if necessary consume encrypted data. Destroy encryption context xmlSecEncCtx using xmlSecEncCtxDestroy or xmlSecEncCtxFinalize functions. encKey = xmlSecKeyReadBinaryFile(xmlSecKeyDataDesId, key_file); if(encCtx->encKey == NULL) { fprintf(stderr,"Error: failed to load des key from binary file \"%s\"\n", key_file); goto done; } /* set key name to the file name, this is just an example! */ if(xmlSecKeySetName(encCtx->encKey, key_file) < 0) { fprintf(stderr,"Error: failed to set key name for key from \"%s\"\n", key_file); goto done; } /* encrypt the data */ if(xmlSecEncCtxBinaryEncrypt(encCtx, node, data, dataSize) < 0) { fprintf(stderr,"Error: encryption failed\n"); goto done; } /* print encrypted data with document to stdout */ xmlDocDump(stdout, doc); /* success */ res = 0; done: /* cleanup */ if(encCtx != NULL) { xmlSecEncCtxDestroy(encCtx); } if(doc != NULL) { xmlFreeDoc(doc); } return(res); } ]]> Full program listing Simple encryption template file