- See also
- - http://www.di-mgt.com.au/xmldsig.html
- https://www.bmt-online.org/geekisms/RSA_verify
- http://stackoverflow.com/questions/5576777/whats-the-difference-between-nid-sha-and-nid-sha1-in-openssl
This library deals with XMLDSIG, RSA signed XML documents.
- [det]xmld_signed_DOM(+DOM,
-SignedDOM, +Options)
- Translate an XML DOM structure in a signed version. Options:
- key_file(+File)
- File holding the private key needed to sign
- key_password(+Password)
- String holding the password to op the private key.
The SignedDOM must be emitted using xml_write/3
or
xml_write_canonical/3. If xml_write/3
is used, the option
layout(false) is needed to avoid changing the layout of the
SignedInfo element and the signed DOM, which
will cause the signature to be invalid.
- [det]xmld_verify_signature(+DOM,
+SignatureDOM, -Certificate, +Options)
- Confirm that an
ds:Signature element contains a valid
signature. Certificate is bound to the certificate that
appears in the element if the signature is valid. It is up to the caller
to determine if the certificate is trusted or not.
Note: The DOM and SignatureDOM must have
been obtained using the load_structure/3
option keep_prefix(true) otherwise it is impossible to
generate an identical document for checking the signature. See also xml_write_canonical/3.
