def encrypt_file(xml_file, key_file):
assert(xml_file)
assert(key_file)
# Load template
if not check_filename(xml_file):
return -1
doc = libxml2.parseFile(xml_file)
if doc is None or doc.getRootElement() is None:
print "Error: unable to parse file \"%s\"" % xml_file
return cleanup(doc)
# Create encryption template to encrypt XML file and replace
# its content with encryption result
enc_data_node = xmlsec.TmplEncData(doc, xmlsec.transformDes3CbcId(),
None, xmlsec.TypeEncElement, None, None)
if enc_data_node is None:
print "Error: failed to create encryption template"
cleanup(doc)
# We want to put encrypted data in the <enc:CipherValue/> node
if enc_data_node.ensureCipherValue() is None:
print "Error: failed to add CipherValue node"
cleanup(doc, enc_data_node)
# add <dsig:KeyInfo/> and <dsig:KeyName/> nodes to put key name in the
# signed document
key_info_node = enc_data_node.ensureKeyInfo(None)
if key_info_node is None:
print "Error: failed to add key info"
cleanup(doc, enc_data_node)
if key_info_node.addKeyName(None) is None:
print "Error: failed to add key name"
cleanup(doc, enc_data_node)
# Create encryption context, we don't need keys manager in this example
enc_ctx = xmlsec.EncCtx(None)
if enc_ctx is None:
print "Error: failed to create encryption context"
cleanup(doc, enc_data_node)
# Load DES key, assuming that there is not password
if not check_filename(key_file):
cleanup(doc, enc_data_node, enc_ctx)
key = xmlsec.keyReadBinaryFile(xmlsec.keyDataDesId(), key_file)
if key is None:
print "Error failed to load DES key from binary file \"%s\"" % key_file
return cleanup(doc, enc_data_node, enc_ctx)
# Set key name to the file name, this is just an example!
if key.setName(key_file) < 0:
print "Error: failed to set key name for key from \"%s\"" % key_file
return cleanup(doc, enc_data_node, enc_ctx)
enc_ctx.encKey = key
# Encrypt the data
if enc_ctx.xmlEncrypt(enc_data_node, doc.getRootElement()) < 0:
print "Error: encryption failed"
return cleanup(doc, enc_data_node, enc_ctx)
doc.dump("-")
# Success
return cleanup(doc, None, enc_ctx, 1)
def encrypt_file(xml_file, key_file):
assert (xml_file)
assert (key_file)
# Load template
if not check_filename(xml_file):
return -1
doc = libxml2.parseFile(xml_file)
if doc is None or doc.getRootElement() is None:
print "Error: unable to parse file \"%s\"" % xml_file
return cleanup(doc)
# Create encryption template to encrypt XML file and replace
# its content with encryption result
enc_data_node = xmlsec.TmplEncData(doc, xmlsec.transformDes3CbcId(), None,
xmlsec.TypeEncElement, None, None)
if enc_data_node is None:
print "Error: failed to create encryption template"
cleanup(doc)
# We want to put encrypted data in the <enc:CipherValue/> node
if enc_data_node.ensureCipherValue() is None:
print "Error: failed to add CipherValue node"
cleanup(doc, enc_data_node)
# add <dsig:KeyInfo/> and <dsig:KeyName/> nodes to put key name in the
# signed document
key_info_node = enc_data_node.ensureKeyInfo(None)
if key_info_node is None:
print "Error: failed to add key info"
cleanup(doc, enc_data_node)
if key_info_node.addKeyName(None) is None:
print "Error: failed to add key name"
cleanup(doc, enc_data_node)
# Create encryption context, we don't need keys manager in this example
enc_ctx = xmlsec.EncCtx(None)
if enc_ctx is None:
print "Error: failed to create encryption context"
cleanup(doc, enc_data_node)
# Load DES key, assuming that there is not password
if not check_filename(key_file):
cleanup(doc, enc_data_node, enc_ctx)
key = xmlsec.keyReadBinaryFile(xmlsec.keyDataDesId(), key_file)
if key is None:
print "Error failed to load DES key from binary file \"%s\"" % key_file
return cleanup(doc, enc_data_node, enc_ctx)
# Set key name to the file name, this is just an example!
if key.setName(key_file) < 0:
print "Error: failed to set key name for key from \"%s\"" % key_file
return cleanup(doc, enc_data_node, enc_ctx)
enc_ctx.encKey = key
# Encrypt the data
if enc_ctx.xmlEncrypt(enc_data_node, doc.getRootElement()) < 0:
print "Error: encryption failed"
return cleanup(doc, enc_data_node, enc_ctx)
doc.dump("-")
# Success
return cleanup(doc, None, enc_ctx, 1)
def _determine_transform_format(formatstring):
"""Translates strings to all transform methods of the pyXMLsec library.
This should actually sort out which value could be used where, but for
now, it works :-).
"""
if formatstring == 'aes128-cbc':
result = xmlsec.transformAes128CbcId()
elif formatstring == 'aes192-cbc':
result = xmlsec.transformAes192CbcId()
elif formatstring == 'aes256-cbc':
result = xmlsec.transformAes256CbcId()
elif formatstring == 'kw-aes128':
result = xmlsec.transformKWAes128Id()
elif formatstring == 'kw-aes192':
result = xmlsec.transformKWAes192Id()
elif formatstring == 'kw-aes256':
result = xmlsec.transformKWAes256Id()
elif formatstring == 'des3-cbc':
result = xmlsec.transformDes3CbcId()
elif formatstring == 'kw-des3':
result = xmlsec.transformKWDes3Id()
elif formatstring == 'dsa-sha1':
result = xmlsec.transformDsaSha1Id()
elif formatstring == 'hmac-md5':
result = xmlsec.transformHmacMd5Id()
elif formatstring == 'hmac-ripemd160':
result = xmlsec.transformHmacRipemd160Id()
elif formatstring == 'hmac-sha1':
result = xmlsec.transformHmacSha1Id()
elif formatstring == 'hmac-sha224':
result = xmlsec.transformHmacSha224Id()
elif formatstring == 'hmac-sha256':
result = xmlsec.transformHmacSha256Id()
elif formatstring == 'hmac-sha384':
result = xmlsec.transformHmacSha384Id()
elif formatstring == 'hmac-sha512':
result = xmlsec.transformHmacSha512Id()
elif formatstring == 'hmac-md5':
result = xmlsec.transformMd5Id()
elif formatstring == 'ripemd160':
result = xmlsec.transformRipemd160Id()
elif formatstring == 'rsa-md5':
result = xmlsec.transformRsaMd5Id()
elif formatstring == 'rsa-ripemd160':
result = xmlsec.transformRsaRipemd160Id()
elif formatstring == 'rsa-sha1':
result = xmlsec.transformRsaSha1Id()
elif formatstring == 'rsa-sha224':
result = xmlsec.transformRsaSha224Id()
elif formatstring == 'rsa-sha256':
result = xmlsec.transformRsaSha256Id()
elif formatstring == 'rsa-sha384':
result = xmlsec.transformRsaSha384Id()
elif formatstring == 'rsa-sha512':
result = xmlsec.transformRsaSha512Id()
elif formatstring == 'rsa-pkcs1':
result = xmlsec.transformRsaPkcs1Id()
elif formatstring == 'rsa-oaep':
result = xmlsec.transformRsaOaepId()
elif formatstring == 'sha1':
result = xmlsec.transformSha1Id()
elif formatstring == 'sha224':
result = xmlsec.transformSha224Id()
elif formatstring == 'sha256':
result = xmlsec.transformSha256Id()
elif formatstring == 'sha384':
result = xmlsec.transformSha384Id()
elif formatstring == 'sha512':
result = xmlsec.transformSha512Id()
elif formatstring == 'base64':
result = xmlsec.transformBase64Id()
elif formatstring == 'inc-c14n':
result = xmlsec.transformInclC14NId()
elif formatstring == 'inc-c14n-with-comments':
result = xmlsec.transformInclC14NWithCommentsId()
elif formatstring == 'exc-c14n':
result = xmlsec.transformExclC14NId()
elif formatstring == 'exc-c14n-with-comments':
result = xmlsec.transformExclC14NWithCommentsId()
elif formatstring in ('enveloped', 'enveloped-signature'):
result = xmlsec.transformEnvelopedId()
elif formatstring in ('xpath', 'xpath-19991116', 'xmldsig-filter'):
result = xmlsec.transformXPathId()
elif formatstring in ('xpath2', 'xmldsig-filter2'):
result = xmlsec.transformXPath2Id()
elif formatstring == 'xpointer':
result = xmlsec.transformXPointerId()
elif formatstring in ('xslt', 'xslt-19991116'):
result = xmlsec.transformXsltId()
elif formatstring == 'remove-xml-tags-transform':
result = xmlsec.transformRemoveXmlTagsC14NId()
elif formatstring == 'visa3d-hack':
result = xmlsec.transformVisa3DHackId()
else:
raise DSigError('Unknown transform: %s' % formatstring)
if result is None:
raise DSigError('Transform %s not available' % formatstring)
else:
return result
def encrypt_file(mngr, xml_file, key_name):
assert(mngr)
assert(xml_file)
assert(key_name)
# Load template
if not check_filename(xml_file):
return -1
doc = libxml2.parseFile(xml_file)
if doc is None or doc.getRootElement() is None:
print "Error: unable to parse file \"%s\"" % xml_file
return cleanup(doc)
# Create encryption template to encrypt XML file and replace
# its content with encryption result
enc_data_node = xmlsec.TmplEncData(doc, xmlsec.transformDes3CbcId(),
None, xmlsec.TypeEncElement, None, None)
if enc_data_node is None:
print "Error: failed to create encryption template"
cleanup(doc)
# We want to put encrypted data in the <enc:CipherValue/> node
if enc_data_node.ensureCipherValue() is None:
print "Error: failed to add CipherValue node"
cleanup(doc, enc_data_node)
# add <dsig:KeyInfo/>
key_info_node = enc_data_node.ensureKeyInfo(None)
if key_info_node is None:
print "Error: failed to add key info"
cleanup(doc, enc_data_node)
# Add <enc:EncryptedKey/> to store the encrypted session key
enc_key_node = key_info_node.addEncryptedKey(xmlsec.transformRsaOaepId(),
None, None, None)
if enc_key_node is None:
print "Error: failed to add key info"
cleanup(doc, enc_data_node)
# We want to put encrypted key in the <enc:CipherValue/> node
if enc_key_node.ensureCipherValue() is None:
print "Error: failed to add CipherValue node"
cleanup(doc, enc_data_node)
# Add <dsig:KeyInfo/> and <dsig:KeyName/> nodes to <enc:EncryptedKey/>
key_info_node2 = enc_key_node.ensureKeyInfo(None)
if key_info_node2 is None:
print "Error: failed to add key info"
cleanup(doc, enc_data_node)
# Set key name so we can lookup key when needed
if key_info_node2.addKeyName(key_name) is None:
print "Error: failed to add key name"
cleanup(doc, enc_data_node)
# Create encryption context
enc_ctx = xmlsec.EncCtx(mngr)
if enc_ctx is None:
print "Error: failed to create encryption context"
cleanup(doc, enc_data_node)
# Generate a Triple DES key
key = xmlsec.keyGenerate(xmlsec.keyDataDesId(), 192,
xmlsec.KeyDataTypeSession)
if key is None:
print "Error: failed to generate session DES key"
cleanup(doc, enc_data_node)
enc_ctx.encKey = key
# Encrypt the data
if enc_ctx.xmlEncrypt(enc_data_node, doc.getRootElement()) < 0:
print "Error: encryption failed"
return cleanup(doc, enc_data_node, enc_ctx)
doc.dump("-")
# Success
return cleanup(doc, None, enc_ctx, 1)
def encrypt_file(mngr, xml_file, key_name):
assert (mngr)
assert (xml_file)
assert (key_name)
# Load template
if not check_filename(xml_file):
return -1
doc = libxml2.parseFile(xml_file)
if doc is None or doc.getRootElement() is None:
print "Error: unable to parse file \"%s\"" % xml_file
return cleanup(doc)
# Create encryption template to encrypt XML file and replace
# its content with encryption result
enc_data_node = xmlsec.TmplEncData(doc, xmlsec.transformDes3CbcId(), None,
xmlsec.TypeEncElement, None, None)
if enc_data_node is None:
print "Error: failed to create encryption template"
cleanup(doc)
# We want to put encrypted data in the <enc:CipherValue/> node
if enc_data_node.ensureCipherValue() is None:
print "Error: failed to add CipherValue node"
cleanup(doc, enc_data_node)
# add <dsig:KeyInfo/>
key_info_node = enc_data_node.ensureKeyInfo(None)
if key_info_node is None:
print "Error: failed to add key info"
cleanup(doc, enc_data_node)
# Add <enc:EncryptedKey/> to store the encrypted session key
enc_key_node = key_info_node.addEncryptedKey(xmlsec.transformRsaOaepId(),
None, None, None)
if enc_key_node is None:
print "Error: failed to add key info"
cleanup(doc, enc_data_node)
# We want to put encrypted key in the <enc:CipherValue/> node
if enc_key_node.ensureCipherValue() is None:
print "Error: failed to add CipherValue node"
cleanup(doc, enc_data_node)
# Add <dsig:KeyInfo/> and <dsig:KeyName/> nodes to <enc:EncryptedKey/>
key_info_node2 = enc_key_node.ensureKeyInfo(None)
if key_info_node2 is None:
print "Error: failed to add key info"
cleanup(doc, enc_data_node)
# Set key name so we can lookup key when needed
if key_info_node2.addKeyName(key_name) is None:
print "Error: failed to add key name"
cleanup(doc, enc_data_node)
# Create encryption context
enc_ctx = xmlsec.EncCtx(mngr)
if enc_ctx is None:
print "Error: failed to create encryption context"
cleanup(doc, enc_data_node)
# Generate a Triple DES key
key = xmlsec.keyGenerate(xmlsec.keyDataDesId(), 192,
xmlsec.KeyDataTypeSession)
if key is None:
print "Error: failed to generate session DES key"
cleanup(doc, enc_data_node)
enc_ctx.encKey = key
# Encrypt the data
if enc_ctx.xmlEncrypt(enc_data_node, doc.getRootElement()) < 0:
print "Error: encryption failed"
return cleanup(doc, enc_data_node, enc_ctx)
doc.dump("-")
# Success
return cleanup(doc, None, enc_ctx, 1)
def _determine_transform_format(formatstring):
"""Translates strings to all transform methods of the pyXMLsec library.
This should actually sort out which value could be used where, but for
now, it works :-).
"""
if formatstring == 'aes128-cbc':
result = xmlsec.transformAes128CbcId()
elif formatstring == 'aes192-cbc':
result = xmlsec.transformAes192CbcId()
elif formatstring == 'aes256-cbc':
result = xmlsec.transformAes256CbcId()
elif formatstring == 'kw-aes128':
result = xmlsec.transformKWAes128Id()
elif formatstring == 'kw-aes192':
result = xmlsec.transformKWAes192Id()
elif formatstring == 'kw-aes256':
result = xmlsec.transformKWAes256Id()
elif formatstring == 'des3-cbc':
result = xmlsec.transformDes3CbcId()
elif formatstring == 'kw-des3':
result = xmlsec.transformKWDes3Id()
elif formatstring == 'dsa-sha1':
result = xmlsec.transformDsaSha1Id()
elif formatstring == 'hmac-md5':
result = xmlsec.transformHmacMd5Id()
elif formatstring == 'hmac-ripemd160':
result = xmlsec.transformHmacRipemd160Id()
elif formatstring == 'hmac-sha1':
result = xmlsec.transformHmacSha1Id()
elif formatstring == 'hmac-sha224':
result = xmlsec.transformHmacSha224Id()
elif formatstring == 'hmac-sha256':
result = xmlsec.transformHmacSha256Id()
elif formatstring == 'hmac-sha384':
result = xmlsec.transformHmacSha384Id()
elif formatstring == 'hmac-sha512':
result = xmlsec.transformHmacSha512Id()
elif formatstring == 'hmac-md5':
result = xmlsec.transformMd5Id()
elif formatstring == 'ripemd160':
result = xmlsec.transformRipemd160Id()
elif formatstring == 'rsa-md5':
result = xmlsec.transformRsaMd5Id()
elif formatstring == 'rsa-ripemd160':
result = xmlsec.transformRsaRipemd160Id()
elif formatstring == 'rsa-sha1':
result = xmlsec.transformRsaSha1Id()
elif formatstring == 'rsa-sha224':
result = xmlsec.transformRsaSha224Id()
elif formatstring == 'rsa-sha256':
result = xmlsec.transformRsaSha256Id()
elif formatstring == 'rsa-sha384':
result = xmlsec.transformRsaSha384Id()
elif formatstring == 'rsa-sha512':
result = xmlsec.transformRsaSha512Id()
elif formatstring == 'rsa-pkcs1':
result = xmlsec.transformRsaPkcs1Id()
elif formatstring == 'rsa-oaep':
result = xmlsec.transformRsaOaepId()
elif formatstring == 'sha1':
result = xmlsec.transformSha1Id()
elif formatstring == 'sha224':
result = xmlsec.transformSha224Id()
elif formatstring == 'sha256':
result = xmlsec.transformSha256Id()
elif formatstring == 'sha384':
result = xmlsec.transformSha384Id()
elif formatstring == 'sha512':
result = xmlsec.transformSha512Id()
elif formatstring == 'base64':
result = xmlsec.transformBase64Id()
elif formatstring == 'inc-c14n':
result = xmlsec.transformInclC14NId()
elif formatstring == 'inc-c14n-with-comments':
result = xmlsec.transformInclC14NWithCommentsId()
elif formatstring == 'exc-c14n':
result = xmlsec.transformExclC14NId()
elif formatstring == 'exc-c14n-with-comments':
result = xmlsec.transformExclC14NWithCommentsId()
elif formatstring in ('enveloped', 'enveloped-signature'):
result = xmlsec.transformEnvelopedId()
elif formatstring in ('xpath', 'xpath-19991116', 'xmldsig-filter'):
result = xmlsec.transformXPathId()
elif formatstring in ('xpath2', 'xmldsig-filter2'):
result = xmlsec.transformXPath2Id()
elif formatstring == 'xpointer':
result = xmlsec.transformXPointerId()
elif formatstring in ('xslt', 'xslt-19991116'):
result = xmlsec.transformXsltId()
elif formatstring == 'remove-xml-tags-transform':
result = xmlsec.transformRemoveXmlTagsC14NId()
elif formatstring == 'visa3d-hack':
result = xmlsec.transformVisa3DHackId()
else:
raise XMLDSIGError('Unknown transform: %s' % formatstring)
if result is None:
raise XMLDSIGError('Transform %s not available' % formatstring)
else:
return result
