= xmlsec =
 * https://www.aleksey.com/xmlsec/index.html

XML Security Library is a C library based on LibXML2. The library supports major XML security standards: 
 * https://users.dcc.uchile.cl/~pcamacho/tutorial/web/xmlsec/xmlsec.html

== Slackbuild ==
{{{#!highlight bash
wget https://slackbuilds.org/slackbuilds/14.2/libraries/xmlsec.tar.gz
tar xvzf xmlsec.tar.gz 
cd xmlsec
wget https://www.aleksey.com/xmlsec/download/xmlsec1-1.2.29.tar.gz
./xmlsec.SlackBuild 
installpkg  /tmp/xmlsec-1.2.29-i586-1_SBo.tgz
}}}


== Sign with certificate test.xml ==
 * openssl req -new -x509 -days 3650 -nodes -out cert.pem -keyout privkey.pem
 * xmlsec1 --sign --privkey-pem privkey.pem  --output test_signed.xml test.xml 
 * xmlsec1 --verify test_signed.xml 

=== test.xml ===
{{{#!highlight xml
<a>
        <b Id="tosign">
                <c>test</c>
        </b>
<!-- signature template -->
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
  <SignedInfo>
   <CanonicalizationMethod Algorithm=
    "http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
   <SignatureMethod Algorithm=
    "http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
   <Reference URI="">
    <Transforms>
     <Transform Algorithm=
      "http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
    </Transforms>
    <DigestMethod Algorithm=
      "http://www.w3.org/2000/09/xmldsig#sha1"/>
    <DigestValue></DigestValue>
   </Reference>
  </SignedInfo>
  <SignatureValue />
  <KeyInfo>
   <X509Data >
    <X509SubjectName/>
    <X509IssuerSerial/>
    <X509Certificate/>
   </X509Data>
   <KeyValue />
  </KeyInfo>
 </Signature>
</a>
}}}

=== test_rsa_sha256.xml ===
 * xmlsec1 --sign --privkey-pem privkey.pem,cert.pem  --output test_rsa_sha256_signed.xml test_rsa_sha256.xml
 * xmlsec1 --verify --insecure test_rsa_sha256_signed.xml # self-signed certificate
{{{#!highlight xml
<a>
        <b Id="tosign">
                <c>test</c>
        </b>
<!-- signature template -->
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
  <SignedInfo>
   <CanonicalizationMethod Algorithm=
    "http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
   <SignatureMethod Algorithm=
    "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
   <Reference URI="">
    <Transforms>
     <Transform Algorithm=
      "http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
    </Transforms>
    <DigestMethod Algorithm=
      "http://www.w3.org/2001/04/xmlenc#sha256"/>
    <DigestValue></DigestValue>
   </Reference>
  </SignedInfo>
  <SignatureValue />
  <KeyInfo>
   <X509Data >
    <X509SubjectName/>
    <X509IssuerSerial/>
    <X509Certificate/>
   </X509Data>
   <KeyValue />
  </KeyInfo>
 </Signature>
</a>
}}}

=== test_rsa_sha256_uri.xml ===
 * xmlsec1 --sign --id-attr:Id c --privkey-pem privkey.pem,cert.pem  --output test_rsa_sha256_uri_signed.xml test_rsa_sha256_uri.xml 
2019-10-21T22:47 vitor@nb200:/tmp
 * xmlsec1 --verify  --id-attr:Id c  --insecure test_rsa_sha256_uri_signed.xml 
{{{#!highlight xml
<a>
        <b>
                <c Id="tosign">test</c>
        </b>
<!-- signature template -->
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
  <SignedInfo>
   <CanonicalizationMethod Algorithm=
    "http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
   <SignatureMethod Algorithm=
    "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
   <Reference URI="#tosign">
    <Transforms>
     <Transform Algorithm=
      "http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
    </Transforms>
    <DigestMethod Algorithm=
      "http://www.w3.org/2001/04/xmlenc#sha256"/>
    <DigestValue></DigestValue>
   </Reference>
  </SignedInfo>
  <SignatureValue />
  <KeyInfo>
   <X509Data >
    <X509SubjectName/>
    <X509IssuerSerial/>
    <X509Certificate/>
   </X509Data>
  </KeyInfo>
 </Signature>
</a>
}}}

=== test_rsa_sha256_uri_ns.xml ===
 * xmlsec1 --sign --id-attr:Id c --privkey-pem privkey.pem,cert.pem  --output test_rsa_sha256_uri_ns_signed.xml test_rsa_sha256_uri_ns.xml 
 * xmlsec1 --verify  --id-attr:Id c  --insecure test_rsa_sha256_uri_ns_signed.xml 
{{{#!highlight xml
<bit:a xmlns:bit="http://bitarus.allowed.org/test">
        <bit:b>
                <bit:c Id="tosign">test</bit:c>
        </bit:b>
<!-- signature template -->
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
  <SignedInfo>
   <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
   <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
   <Reference URI="#tosign">
    <Transforms>
     <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
    </Transforms>
    <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
    <DigestValue />
   </Reference>
  </SignedInfo>
  <SignatureValue />
  <KeyInfo>
   <X509Data >
    <X509Certificate/>
   </X509Data>
  </KeyInfo>
 </Signature>
<!-- signature template -->
</bit:a>
}}}