python XML Security
===================
.. image:: https://img.shields.io/travis/IdentityPython/pyXMLSecurity.svg
:target: https://travis-ci.org/IdentityPython/pyXMLSecurity
:alt: Travis Build
.. image:: https://img.shields.io/coveralls/IdentityPython/pyXMLSecurity.svg
:target: https://coveralls.io/r/IdentityPython/pyXMLSecurity?branch=master
:alt: Coverage
.. image:: https://api.codeclimate.com/v1/badges/a99a88d28ad37a79dbf6/test_coverage
:target: https://codeclimate.com/github/codeclimate/codeclimate/test_coverage
:alt: Test Coverage
.. image:: https://api.codeclimate.com/v1/badges/a99a88d28ad37a79dbf6/maintainability
:target: https://codeclimate.com/github/codeclimate/codeclimate/maintainability
:alt: Maintainability
.. image:: https://img.shields.io/pypi/l/pyXMLSecurity.svg
:target: https://github.com/IdentityPython/pyXMLSecurity/blob/master/LICENSE.txt
:alt: License
.. image:: https://img.shields.io/pypi/format/pyXMLSecurity.svg
:target: https://pypi.python.org/pypi/pyXMLSecurity
:alt: Format
.. image:: https://img.shields.io/pypi/v/pyXMLSecurity.svg
:target: https://pypi.python.org/pypi/pyXMLSecurity
:alt: PyPI Version
This is a python implementation of XML-Security - XML-DSIG only right now. There are no
dependencies except lxml and pyca/cryptography currently.
This code was inspired by https://github.com/andrewdyates/xmldsig (this implementation is
a refactor and extension of that implementation) and in former versions used to include a
pure-python RSA implementation https://github.com/andrewdyates/rsa_x509_pem by and with
permission from Andrew Yates. Cryptographic primitives are now provided by
pyca/cryptography (https://cryptography.io).
In order to sign with a PKCS#11-module you need to install pykcs11 (http://www.bit4id.org/pykcs11/)
This package is available under the NORDUnet BSD license (cf LICENSE.txt)
Limitations:
- only support for RSA-SHA1/256/512 signatures with PKCS1.5 padding
- no encryption support
Some of those limitations might be addressed. Patches and pull-requests are most welcome!
News
====
0.1
---
*Release date: UNRELEASED*
* This is the first unreleased version of the code
* http://github.com/leifj/pyXMLSecurity
0.2
---
*Release date: Mon Aug 27 12:42:45 CEST 2012*
* more rubust algorithm uri parsing
* support for "#"-style IDs
* partial support for <Transform/> elts with child-elements
* make all exceptions an XMLSecException
* first draft: sign
* various cleanups
0.3
---
*Release date: Tue Aug 28 09:46:47 CEST 2012*
* handle #-style references (remove top-level comments and PIs)
* don't unescape & < and >
* don't give empty inclusive ns prefix list to c14n
* move exception to separate file
* first version of the pkcs11 shim layer
0.4
---
*Release date: Wed Aug 29 12:43:05 CEST 2012*
* starting on tests
* cleanup pkcs11 layer
* various bugfixes and cleanup
0.5
---
*Release date: Wed Sep 5 11:52:58 CEST 2012*
* Fix bug when signing using non-p11 keys
* More robust PEM-unfolding
0.6
---
*Release date: Fri Nov 30 10:29:03 CET 2012*
* Allow Reference@URI to be passed as argument
0.7
---
*Release date: Mon Feb 4 15:53:32 CET 2013*
* Minor fixes
0.8
---
*Release date: Wed Apr 3 09:05:53 CEST 2013*
* Multiple bugfixes
* More SAML and P11 testcases
0.9
---
*Release date: Mon Jun 24 11:24:20 CEST 2013*
* Bugfixes
* Protection against wrapping attacks (new API!)
0.10
------
*Release date: Thu Sep 12 20:16:04 CEST 2013*
* fix PEM parser bug
* switch to semantic versioning
0.11
------
*Release date: Fri Oct 11 17:06:53 CEST 2013*
* better control over the position of the signature element
0.12
----
*Release date: Wed Dec 4 15:00:29 CET 2013*
* use pyconfig to control configuration parameters
* support sha2 algorithms
* several bugfixes for c14n
0.13
----
*Release date: lör 22 mar 2014 10:44:49 CET*
* various unicode fixes related to pkcs#11
* skip certain tests unless opensc is installed
* use existing SignatureValue if present
* various fixes from Fredrik T and Maya W
0.14
----
*Release date: Mon Dec 1 08:58:54 CET 2014*
* Add explicit call to C_Initialize
* Various bugs fixed - from Fredrik T
* Allow caller control over session close
0.15
----
*Release date: mån 16 nov 2015 13:40:26 CET*
* xmlsign: a simple sign cmdline tool
* optionally drop signatures when validating
* avoid logging keysize in p11 case
* put a lock around pyasn1 parser
* make cert loading thread safe
* bugfixes
0.16
----
*Release ons 13 dec 2017 21:10:29 CET*
* crypto abstraction
* switch to sha256 default
* verify and sign cmdline tools
* lots of bugfixes
0.17
----
*Release tor 14 dec 2017 12:27:48 CET*
* fix base64 bug
* fix bug in cmdline verify serialization
0.18
----
*Release fre 25 maj 2018 19:43:54 CEST*
* fix verification bug affecting sha512
0.19
----
*Release tis 22 jan 2019 13:53:49 CET*
* python3 compatibility
* fix private key leak issue
* P11 fixes
* test improvements
0.20
----
*Release tis 10 sep 2019 19:41:58 CEST*
* more p3 compat
0.21
----
*Release ons 19 feb 2020 16:21:05 CET*
* add cmdline arg for setting position of signature in xmlsign tool
0.30
----
*Release ons 28 Feb 2023 16:51:25 CET*
* add support for non-RSA and non-PKCS1 v1.5 padding
* improved logging
* drop python3
* fix for mgf1 verification
* avoid tripping up on missing fingerprints - validate over all signatures
* correct import for MutableMapping
1.0.0
-----
*Release tor 24 aug 2023 14:08:17 CEST*
* support for PKIX chain validation for XML signatures
* support for python 3.10
* start using semantic versioning
Raw data
{
"_id": null,
"home_page": "http://blogs.mnt.se",
"name": "pyXMLSecurity",
"maintainer": "",
"docs_url": null,
"requires_python": "",
"maintainer_email": "",
"keywords": "xml xml-dsig security digital signature rsa",
"author": "Leif Johansson",
"author_email": "leifj@sunet.se",
"download_url": "https://files.pythonhosted.org/packages/4c/37/f1f50c2bb840d97490b45f3fb658ec489d5dacc4d7c9630b67bb380cb748/pyXMLSecurity-1.0.0.tar.gz",
"platform": null,
"description": "python XML Security\n===================\n\n.. image:: https://img.shields.io/travis/IdentityPython/pyXMLSecurity.svg\n :target: https://travis-ci.org/IdentityPython/pyXMLSecurity\n :alt: Travis Build\n.. image:: https://img.shields.io/coveralls/IdentityPython/pyXMLSecurity.svg\n :target: https://coveralls.io/r/IdentityPython/pyXMLSecurity?branch=master\n :alt: Coverage\n.. image:: https://api.codeclimate.com/v1/badges/a99a88d28ad37a79dbf6/test_coverage\n :target: https://codeclimate.com/github/codeclimate/codeclimate/test_coverage\n :alt: Test Coverage\n.. image:: https://api.codeclimate.com/v1/badges/a99a88d28ad37a79dbf6/maintainability\n :target: https://codeclimate.com/github/codeclimate/codeclimate/maintainability\n :alt: Maintainability\n.. image:: https://img.shields.io/pypi/l/pyXMLSecurity.svg\n :target: https://github.com/IdentityPython/pyXMLSecurity/blob/master/LICENSE.txt\n :alt: License\n.. image:: https://img.shields.io/pypi/format/pyXMLSecurity.svg\n :target: https://pypi.python.org/pypi/pyXMLSecurity\n :alt: Format\n.. image:: https://img.shields.io/pypi/v/pyXMLSecurity.svg\n :target: https://pypi.python.org/pypi/pyXMLSecurity\n :alt: PyPI Version\n\nThis is a python implementation of XML-Security - XML-DSIG only right now. There are no\ndependencies except lxml and pyca/cryptography currently.\n\nThis code was inspired by https://github.com/andrewdyates/xmldsig (this implementation is\na refactor and extension of that implementation) and in former versions used to include a\npure-python RSA implementation https://github.com/andrewdyates/rsa_x509_pem by and with\npermission from Andrew Yates. Cryptographic primitives are now provided by\npyca/cryptography (https://cryptography.io).\n\nIn order to sign with a PKCS#11-module you need to install pykcs11 (http://www.bit4id.org/pykcs11/)\n\nThis package is available under the NORDUnet BSD license (cf LICENSE.txt)\n\nLimitations:\n\n- only support for RSA-SHA1/256/512 signatures with PKCS1.5 padding\n- no encryption support\n\nSome of those limitations might be addressed. Patches and pull-requests are most welcome!\n\n\nNews\n====\n\n0.1\n---\n\n*Release date: UNRELEASED*\n\n* This is the first unreleased version of the code\n* http://github.com/leifj/pyXMLSecurity\n\n0.2\n---\n\n*Release date: Mon Aug 27 12:42:45 CEST 2012*\n\n* more rubust algorithm uri parsing\n* support for \"#\"-style IDs\n* partial support for <Transform/> elts with child-elements\n* make all exceptions an XMLSecException\n* first draft: sign\n* various cleanups\n\n0.3\n---\n\n*Release date: Tue Aug 28 09:46:47 CEST 2012*\n\n* handle #-style references (remove top-level comments and PIs)\n* don't unescape & < and >\n* don't give empty inclusive ns prefix list to c14n\n* move exception to separate file\n* first version of the pkcs11 shim layer\n\n0.4\n---\n\n*Release date: Wed Aug 29 12:43:05 CEST 2012*\n\n* starting on tests\n* cleanup pkcs11 layer\n* various bugfixes and cleanup\n\n0.5\n---\n\n*Release date: Wed Sep 5 11:52:58 CEST 2012*\n\n* Fix bug when signing using non-p11 keys\n* More robust PEM-unfolding\n\n0.6\n---\n\n*Release date: Fri Nov 30 10:29:03 CET 2012*\n\n* Allow Reference@URI to be passed as argument\n\n0.7\n---\n\n*Release date: Mon Feb 4 15:53:32 CET 2013*\n\n* Minor fixes\n\n0.8\n---\n\n*Release date: Wed Apr 3 09:05:53 CEST 2013*\n\n* Multiple bugfixes\n* More SAML and P11 testcases\n\n0.9\n---\n\n*Release date: Mon Jun 24 11:24:20 CEST 2013*\n\n* Bugfixes\n* Protection against wrapping attacks (new API!)\n\n0.10\n------\n\n*Release date: Thu Sep 12 20:16:04 CEST 2013*\n\n* fix PEM parser bug\n* switch to semantic versioning\n\n0.11\n------\n\n*Release date: Fri Oct 11 17:06:53 CEST 2013*\n\n* better control over the position of the signature element\n\n0.12\n----\n\n*Release date: Wed Dec 4 15:00:29 CET 2013*\n\n* use pyconfig to control configuration parameters\n* support sha2 algorithms\n* several bugfixes for c14n\n\n0.13\n----\n\n*Release date: l\u00f6r 22 mar 2014 10:44:49 CET*\n\n* various unicode fixes related to pkcs#11\n* skip certain tests unless opensc is installed\n* use existing SignatureValue if present\n* various fixes from Fredrik T and Maya W\n\n0.14\n----\n\n*Release date: Mon Dec 1 08:58:54 CET 2014*\n\n* Add explicit call to C_Initialize\n* Various bugs fixed - from Fredrik T\n* Allow caller control over session close\n\n0.15\n----\n\n*Release date: m\u00e5n 16 nov 2015 13:40:26 CET*\n\n* xmlsign: a simple sign cmdline tool\n* optionally drop signatures when validating\n* avoid logging keysize in p11 case\n* put a lock around pyasn1 parser\n* make cert loading thread safe\n* bugfixes\n\n0.16\n----\n\n*Release ons 13 dec 2017 21:10:29 CET*\n\n* crypto abstraction\n* switch to sha256 default\n* verify and sign cmdline tools\n* lots of bugfixes\n\n0.17\n----\n\n*Release tor 14 dec 2017 12:27:48 CET*\n\n* fix base64 bug\n* fix bug in cmdline verify serialization\n\n0.18\n----\n\n*Release fre 25 maj 2018 19:43:54 CEST*\n\n* fix verification bug affecting sha512\n\n0.19\n----\n\n*Release tis 22 jan 2019 13:53:49 CET*\n\n* python3 compatibility\n* fix private key leak issue\n* P11 fixes\n* test improvements\n\n0.20\n----\n*Release tis 10 sep 2019 19:41:58 CEST*\n\n* more p3 compat\n\n0.21\n----\n*Release ons 19 feb 2020 16:21:05 CET*\n\n* add cmdline arg for setting position of signature in xmlsign tool\n\n0.30\n----\n*Release ons 28 Feb 2023 16:51:25 CET*\n\n* add support for non-RSA and non-PKCS1 v1.5 padding\n* improved logging\n* drop python3\n* fix for mgf1 verification\n* avoid tripping up on missing fingerprints - validate over all signatures\n* correct import for MutableMapping\n\n1.0.0\n-----\n*Release tor 24 aug 2023 14:08:17 CEST*\n\n* support for PKIX chain validation for XML signatures\n* support for python 3.10\n* start using semantic versioning\n\n\n",
"bugtrack_url": null,
"license": "BSD",
"summary": "pure Python XML Security",
"version": "1.0.0",
"project_urls": {
"Homepage": "http://blogs.mnt.se"
},
"split_keywords": [
"xml",
"xml-dsig",
"security",
"digital",
"signature",
"rsa"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "4c37f1f50c2bb840d97490b45f3fb658ec489d5dacc4d7c9630b67bb380cb748",
"md5": "bf992eb86dbc169e5f7fa94115014008",
"sha256": "03398d6c7eef462410c7133d0b8861d721f67678f6a66f45090aba26806d76a3"
},
"downloads": -1,
"filename": "pyXMLSecurity-1.0.0.tar.gz",
"has_sig": false,
"md5_digest": "bf992eb86dbc169e5f7fa94115014008",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 31342,
"upload_time": "2023-08-24T12:13:01",
"upload_time_iso_8601": "2023-08-24T12:13:01.230759Z",
"url": "https://files.pythonhosted.org/packages/4c/37/f1f50c2bb840d97490b45f3fb658ec489d5dacc4d7c9630b67bb380cb748/pyXMLSecurity-1.0.0.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2023-08-24 12:13:01",
"github": false,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"lcname": "pyxmlsecurity"
}
JSON