def load_des_keys(files, files_size):
assert(files)
assert(files_size > 0)
# Create and initialize keys manager, we use a simple list based
# keys manager, implement your own KeysStore klass if you need
# something more sophisticated
mngr = xmlsec.KeysMngr()
if mngr is None:
print "Error: failed to create keys manager."
return None
if xmlsec.cryptoAppDefaultKeysMngrInit(mngr) < 0:
print "Error: failed to initialize keys manager."
mngr.destroy()
return None
for file in files:
if not check_filename(file):
mngr.destroy()
return None
# Load DES key
key = xmlsec.keyReadBinaryFile(xmlsec.keyDataDesId(), file)
if key is None:
print "Error: failed to load des key from binary file \"%s\"" % file
mngr.destroy()
return None
# Add key to keys manager, from now on keys manager is responsible
# for destroying key
if xmlsec.cryptoAppDefaultKeysMngrAdoptKey(mngr, key) < 0:
print "Error: failed to add key from \"%s\" to keys manager" % file
key.destroy()
mngr.destroy()
return None
return mngr
def files_keys_store_find_key(store, name, keyInfoCtx):
assert (store)
assert (keyInfoCtx)
ctx = xmlsec.KeyInfoCtx(_obj=keyInfoCtx)
# It's possible to do not have the key name or desired key type
# but we could do nothing in this case
if name is None or ctx.keyReq.keyId == xmlsec.KeyDataIdUnknown:
print "Return None"
return None
if ctx.keyReq.keyId == xmlsec.keyDataDsaId(
) or ctx.keyReq.keyId == xmlsec.keyDataRsaId():
# Load key from a pem file, if key is not found then it's an error (is it?)
key = xmlsec.CryptoAppKeyLoad(name, xmlsec.KeyDataFormatPem, None,
None, None)
if key is None:
print "Error: failed to load public pem key from \"%s\"" % name
return None
else:
# Otherwise it's a binary key, if key is not found then it's an error (is it?)
key = xmlsec.keyReadBinaryFile(ctx.keyReq.keyId, name)
if key is None:
print "Error: failed to load key from binary file \"%s\"" % name
return None
# Set key name
if key.setName(name) < 0:
print "Error: failed to set key name for key from \"%s\"" % name
key.destroy()
return None
return key
def files_keys_store_find_key(store, name, keyInfoCtx):
assert(store)
assert(keyInfoCtx)
ctx = xmlsec.KeyInfoCtx(_obj=keyInfoCtx)
# It's possible to do not have the key name or desired key type
# but we could do nothing in this case
if name is None or ctx.keyReq.keyId == xmlsec.KeyDataIdUnknown:
print "Return None"
return None
if ctx.keyReq.keyId == xmlsec.keyDataDsaId() or ctx.keyReq.keyId == xmlsec.keyDataRsaId():
# Load key from a pem file, if key is not found then it's an error (is it?)
key = xmlsec.CryptoAppKeyLoad(name, xmlsec.KeyDataFormatPem, None, None, None)
if key is None:
print "Error: failed to load public pem key from \"%s\"" % name
return None
else:
# Otherwise it's a binary key, if key is not found then it's an error (is it?)
key = xmlsec.keyReadBinaryFile(ctx.keyReq.keyId, name)
if key is None:
print "Error: failed to load key from binary file \"%s\"" % name
return None
# Set key name
if key.setName(name) < 0:
print "Error: failed to set key name for key from \"%s\"" % name
key.destroy();
return None
return key
def load_des_keys(files, files_size):
assert (files)
assert (files_size > 0)
# Create and initialize keys manager, we use a simple list based
# keys manager, implement your own KeysStore klass if you need
# something more sophisticated
mngr = xmlsec.KeysMngr()
if mngr is None:
print "Error: failed to create keys manager."
return None
if xmlsec.cryptoAppDefaultKeysMngrInit(mngr) < 0:
print "Error: failed to initialize keys manager."
mngr.destroy()
return None
for file in files:
if not check_filename(file):
mngr.destroy()
return None
# Load DES key
key = xmlsec.keyReadBinaryFile(xmlsec.keyDataDesId(), file)
if key is None:
print "Error: failed to load des key from binary file \"%s\"" % file
mngr.destroy()
return None
# Add key to keys manager, from now on keys manager is responsible
# for destroying key
if xmlsec.cryptoAppDefaultKeysMngrAdoptKey(mngr, key) < 0:
print "Error: failed to add key from \"%s\" to keys manager" % file
key.destroy()
mngr.destroy()
return None
return mngr
def decrypt_file(enc_file, key_file):
assert(enc_file)
assert(key_file)
# Load template
doc = libxml2.parseFile(enc_file)
if doc is None or doc.getRootElement() is None:
print "Error: unable to parse file \"%s\"" % enc_file
return cleanup(doc)
# Find start node
node = xmlsec.findNode(doc.getRootElement(), xmlsec.NodeEncryptedData,
xmlsec.EncNs)
if node is None:
print "Error: start node not found in \"%s\"" % tmpl_file
return cleanup(doc)
# Create encryption context, we don't need keys manager in this example
enc_ctx = xmlsec.EncCtx(None)
if enc_ctx is None:
print "Error: failed to create encryption context"
return cleanup(doc)
# Load DES key
key = xmlsec.keyReadBinaryFile(xmlsec.keyDataDesId(), key_file)
if key is None:
print "Error failed to load DES key from binary file \"%s\"" % key_file
return cleanup(doc, enc_ctx)
# Set key name to the file name, this is just an example!
if key.setName(key_file) < 0:
print "Error: failed to set key name for key from \"%s\"" % key_file
return cleanup(doc, enc_ctx)
enc_ctx.encKey = key
# Decrypt the data
if enc_ctx.decrypt(node) < 0 or enc_ctx.result is None:
print "Error: decryption failed"
return cleanup(doc, enc_ctx)
# Print decrypted data to stdout
if enc_ctx.resultReplaced != 0:
print "Decrypted XML data:"
doc.dump("-")
else:
print "Decrypted binary data (%d bytes):" % enc_ctx.result.getSize()
print enc_ctx.result.getData()
# Success
return cleanup(doc, enc_ctx, 1)
def decrypt_file(enc_file, key_file):
assert (enc_file)
assert (key_file)
# Load template
doc = libxml2.parseFile(enc_file)
if doc is None or doc.getRootElement() is None:
print "Error: unable to parse file \"%s\"" % enc_file
return cleanup(doc)
# Find start node
node = xmlsec.findNode(doc.getRootElement(), xmlsec.NodeEncryptedData,
xmlsec.EncNs)
if node is None:
print "Error: start node not found in \"%s\"" % tmpl_file
return cleanup(doc)
# Create encryption context, we don't need keys manager in this example
enc_ctx = xmlsec.EncCtx(None)
if enc_ctx is None:
print "Error: failed to create encryption context"
return cleanup(doc)
# Load DES key
key = xmlsec.keyReadBinaryFile(xmlsec.keyDataDesId(), key_file)
if key is None:
print "Error failed to load DES key from binary file \"%s\"" % key_file
return cleanup(doc, enc_ctx)
# Set key name to the file name, this is just an example!
if key.setName(key_file) < 0:
print "Error: failed to set key name for key from \"%s\"" % key_file
return cleanup(doc, enc_ctx)
enc_ctx.encKey = key
# Decrypt the data
if enc_ctx.decrypt(node) < 0 or enc_ctx.result is None:
print "Error: decryption failed"
return cleanup(doc, enc_ctx)
# Print decrypted data to stdout
if enc_ctx.resultReplaced != 0:
print "Decrypted XML data:"
doc.dump("-")
else:
print "Decrypted binary data (%d bytes):" % enc_ctx.result.getSize()
print enc_ctx.result.getData()
# Success
return cleanup(doc, enc_ctx, 1)
def encrypt_file(tmpl_file, key_file, data, dataSize):
assert(tmpl_file)
assert(key_file)
assert(data)
# Load template
doc = libxml2.parseFile(tmpl_file)
if doc is None or doc.getRootElement() is None:
print "Error: unable to parse file \"%s\"" % tmpl_file
return cleanup(doc)
# Find start node
node = xmlsec.findNode(doc.getRootElement(), xmlsec.NodeEncryptedData,
xmlsec.EncNs)
if node is None:
print "Error: start node not found in \"%s\"" % tmpl_file
return cleanup(doc)
# Create encryption context, we don't need keys manager in this example
enc_ctx = xmlsec.EncCtx(None)
if enc_ctx is None:
print "Error: failed to create encryption context"
return cleanup(doc)
# Load DES key, assuming that there is not password
key = xmlsec.keyReadBinaryFile(xmlsec.keyDataDesId(), key_file)
if key is None:
print "Error failed to load DES key from binary file \"%s\"" % key_file
return cleanup(doc, enc_ctx)
# Set key name to the file name, this is just an example!
if key.setName(key_file) < 0:
print "Error: failed to set key name for key from \"%s\"" % key_file
return cleanup(doc, enc_ctx)
enc_ctx.encKey = key
# Encrypt the data
if enc_ctx.binaryEncrypt(node, data, dataSize) < 0:
print "Error: encryption failed"
return cleanup(doc, enc_ctx)
doc.dump("-")
# Success
return cleanup(doc, enc_ctx, 1)
def encrypt_file(xml_file, key_file):
assert(xml_file)
assert(key_file)
# Load template
if not check_filename(xml_file):
return -1
doc = libxml2.parseFile(xml_file)
if doc is None or doc.getRootElement() is None:
print "Error: unable to parse file \"%s\"" % xml_file
return cleanup(doc)
# Create encryption template to encrypt XML file and replace
# its content with encryption result
enc_data_node = xmlsec.TmplEncData(doc, xmlsec.transformDes3CbcId(),
None, xmlsec.TypeEncElement, None, None)
if enc_data_node is None:
print "Error: failed to create encryption template"
cleanup(doc)
# We want to put encrypted data in the <enc:CipherValue/> node
if enc_data_node.ensureCipherValue() is None:
print "Error: failed to add CipherValue node"
cleanup(doc, enc_data_node)
# add <dsig:KeyInfo/> and <dsig:KeyName/> nodes to put key name in the
# signed document
key_info_node = enc_data_node.ensureKeyInfo(None)
if key_info_node is None:
print "Error: failed to add key info"
cleanup(doc, enc_data_node)
if key_info_node.addKeyName(None) is None:
print "Error: failed to add key name"
cleanup(doc, enc_data_node)
# Create encryption context, we don't need keys manager in this example
enc_ctx = xmlsec.EncCtx(None)
if enc_ctx is None:
print "Error: failed to create encryption context"
cleanup(doc, enc_data_node)
# Load DES key, assuming that there is not password
if not check_filename(key_file):
cleanup(doc, enc_data_node, enc_ctx)
key = xmlsec.keyReadBinaryFile(xmlsec.keyDataDesId(), key_file)
if key is None:
print "Error failed to load DES key from binary file \"%s\"" % key_file
return cleanup(doc, enc_data_node, enc_ctx)
# Set key name to the file name, this is just an example!
if key.setName(key_file) < 0:
print "Error: failed to set key name for key from \"%s\"" % key_file
return cleanup(doc, enc_data_node, enc_ctx)
enc_ctx.encKey = key
# Encrypt the data
if enc_ctx.xmlEncrypt(enc_data_node, doc.getRootElement()) < 0:
print "Error: encryption failed"
return cleanup(doc, enc_data_node, enc_ctx)
doc.dump("-")
# Success
return cleanup(doc, None, enc_ctx, 1)
def encrypt_file(xml_file, key_file):
assert (xml_file)
assert (key_file)
# Load template
if not check_filename(xml_file):
return -1
doc = libxml2.parseFile(xml_file)
if doc is None or doc.getRootElement() is None:
print "Error: unable to parse file \"%s\"" % xml_file
return cleanup(doc)
# Create encryption template to encrypt XML file and replace
# its content with encryption result
enc_data_node = xmlsec.TmplEncData(doc, xmlsec.transformDes3CbcId(), None,
xmlsec.TypeEncElement, None, None)
if enc_data_node is None:
print "Error: failed to create encryption template"
cleanup(doc)
# We want to put encrypted data in the <enc:CipherValue/> node
if enc_data_node.ensureCipherValue() is None:
print "Error: failed to add CipherValue node"
cleanup(doc, enc_data_node)
# add <dsig:KeyInfo/> and <dsig:KeyName/> nodes to put key name in the
# signed document
key_info_node = enc_data_node.ensureKeyInfo(None)
if key_info_node is None:
print "Error: failed to add key info"
cleanup(doc, enc_data_node)
if key_info_node.addKeyName(None) is None:
print "Error: failed to add key name"
cleanup(doc, enc_data_node)
# Create encryption context, we don't need keys manager in this example
enc_ctx = xmlsec.EncCtx(None)
if enc_ctx is None:
print "Error: failed to create encryption context"
cleanup(doc, enc_data_node)
# Load DES key, assuming that there is not password
if not check_filename(key_file):
cleanup(doc, enc_data_node, enc_ctx)
key = xmlsec.keyReadBinaryFile(xmlsec.keyDataDesId(), key_file)
if key is None:
print "Error failed to load DES key from binary file \"%s\"" % key_file
return cleanup(doc, enc_data_node, enc_ctx)
# Set key name to the file name, this is just an example!
if key.setName(key_file) < 0:
print "Error: failed to set key name for key from \"%s\"" % key_file
return cleanup(doc, enc_data_node, enc_ctx)
enc_ctx.encKey = key
# Encrypt the data
if enc_ctx.xmlEncrypt(enc_data_node, doc.getRootElement()) < 0:
print "Error: encryption failed"
return cleanup(doc, enc_data_node, enc_ctx)
doc.dump("-")
# Success
return cleanup(doc, None, enc_ctx, 1)