Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ sha1 = { version = "0.11", features = ["oid"], optional = true }
sha2 = { version = "0.11", features = ["oid"], optional = true }
p256 = { version = "0.14", features = ["ecdsa"], optional = true }
p384 = { version = "0.14", features = ["ecdsa"], optional = true }
p521 = { version = "0.14.0-rc.15", features = ["ecdsa"], optional = true }
p521 = { version = "0.14", features = ["ecdsa"], optional = true }
signature = { version = "3", optional = true }
subtle = { version = "2", optional = true }
getrandom = { version = "0.4", features = ["sys_rng"], optional = true }
Expand Down
5 changes: 3 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ Pure Rust XML Security library. Drop-in replacement for libxmlsec1.
## Features

- **C14N** — XML Canonicalization (inclusive + exclusive, W3C compliant)
- **XMLDSig** — XML Digital Signatures (verify pipeline + template signing implemented; broader signing interop in progress)
- **XMLDSig** — XML Digital Signatures (verify pipeline + template signing with X.509 KeyInfo implemented; broader signing interop in progress)
- **XMLEnc** — XML Encryption (symmetric + asymmetric)
- **X.509** — Certificate-based key extraction and validation

Expand All @@ -40,14 +40,15 @@ Currently implemented (core paths):
- XMLDSig parsing, same-document URI dereference, transform chains, and digest verification
- XMLDSig full verify pipeline (`SignedInfo` canonicalization + `SignatureValue` verification)
- XMLDSig template signing pipeline (`DigestValue` fill + `SignedInfo` canonicalization + `SignatureValue` fill)
- XMLDSig signing KeyInfo writer for embedded X.509 certificates
- Built-in verification-key resolution from embedded X.509/DER/`KeyValue` sources and configured `KeyName`, X.509 subject, issuer/serial, SKI, or digest selectors
- RSA PKCS#1 v1.5 verification helpers for SHA-1 / SHA-256 / SHA-384 / SHA-512
- ECDSA verification helpers for P-256/SHA-256 and P-384/SHA-384
- RSA PKCS#1 v1.5 and ECDSA P-256/P-384 signing from PKCS#8 private keys
- Opt-in X.509 certificate-chain validation with explicit trust anchors, validity checks, CA constraints, and CRLs

Still in progress:
- XMLDSig signing KeyInfo writer, examples, and broader donor/CLI interop coverage
- XMLDSig signing examples and broader donor/CLI interop coverage
- XMLEnc encryption/decryption pipeline

Current toolchain target: latest stable Rust.
Expand Down
5 changes: 3 additions & 2 deletions src/xmldsig/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -30,8 +30,9 @@ pub use parse::{
X509DataInfo, find_signature_node, parse_key_info, parse_signed_info,
};
pub use sign::{
ComputedReferenceDigest, EcdsaP256SigningKey, EcdsaP384SigningKey, RsaSigningKey, SignContext,
SigningDigestError, SigningError, SigningKey, SigningKeyError, compute_reference_digest_values,
ComputedReferenceDigest, EcdsaP256SigningKey, EcdsaP384SigningKey, KeyInfoWriteError,
KeyInfoWriter, RsaSigningKey, SignContext, SigningDigestError, SigningError, SigningKey,
SigningKeyError, X509CertificateKeyInfoWriter, compute_reference_digest_values,
fill_reference_digest_values,
};
pub use signature::{
Expand Down
Loading