def encrypt_file(xml_file, key_file): assert(xml_file) assert(key_file) # Load template if not check_filename(xml_file): return -1 doc = libxml2.parseFile(xml_file) if doc is None or doc.getRootElement() is None: print "Error: unable to parse file \"%s\"" % xml_file return cleanup(doc) # Create encryption template to encrypt XML file and replace # its content with encryption result enc_data_node = xmlsec.TmplEncData(doc, xmlsec.transformDes3CbcId(), None, xmlsec.TypeEncElement, None, None) if enc_data_node is None: print "Error: failed to create encryption template" cleanup(doc) # We want to put encrypted data in the <enc:CipherValue/> node if enc_data_node.ensureCipherValue() is None: print "Error: failed to add CipherValue node" cleanup(doc, enc_data_node) # add <dsig:KeyInfo/> and <dsig:KeyName/> nodes to put key name in the # signed document key_info_node = enc_data_node.ensureKeyInfo(None) if key_info_node is None: print "Error: failed to add key info" cleanup(doc, enc_data_node) if key_info_node.addKeyName(None) is None: print "Error: failed to add key name" cleanup(doc, enc_data_node) # Create encryption context, we don't need keys manager in this example enc_ctx = xmlsec.EncCtx(None) if enc_ctx is None: print "Error: failed to create encryption context" cleanup(doc, enc_data_node) # Load DES key, assuming that there is not password if not check_filename(key_file): cleanup(doc, enc_data_node, enc_ctx) key = xmlsec.keyReadBinaryFile(xmlsec.keyDataDesId(), key_file) if key is None: print "Error failed to load DES key from binary file \"%s\"" % key_file return cleanup(doc, enc_data_node, enc_ctx) # Set key name to the file name, this is just an example! if key.setName(key_file) < 0: print "Error: failed to set key name for key from \"%s\"" % key_file return cleanup(doc, enc_data_node, enc_ctx) enc_ctx.encKey = key # Encrypt the data if enc_ctx.xmlEncrypt(enc_data_node, doc.getRootElement()) < 0: print "Error: encryption failed" return cleanup(doc, enc_data_node, enc_ctx) doc.dump("-") # Success return cleanup(doc, None, enc_ctx, 1)
def encrypt_file(xml_file, key_file): assert (xml_file) assert (key_file) # Load template if not check_filename(xml_file): return -1 doc = libxml2.parseFile(xml_file) if doc is None or doc.getRootElement() is None: print "Error: unable to parse file \"%s\"" % xml_file return cleanup(doc) # Create encryption template to encrypt XML file and replace # its content with encryption result enc_data_node = xmlsec.TmplEncData(doc, xmlsec.transformDes3CbcId(), None, xmlsec.TypeEncElement, None, None) if enc_data_node is None: print "Error: failed to create encryption template" cleanup(doc) # We want to put encrypted data in the <enc:CipherValue/> node if enc_data_node.ensureCipherValue() is None: print "Error: failed to add CipherValue node" cleanup(doc, enc_data_node) # add <dsig:KeyInfo/> and <dsig:KeyName/> nodes to put key name in the # signed document key_info_node = enc_data_node.ensureKeyInfo(None) if key_info_node is None: print "Error: failed to add key info" cleanup(doc, enc_data_node) if key_info_node.addKeyName(None) is None: print "Error: failed to add key name" cleanup(doc, enc_data_node) # Create encryption context, we don't need keys manager in this example enc_ctx = xmlsec.EncCtx(None) if enc_ctx is None: print "Error: failed to create encryption context" cleanup(doc, enc_data_node) # Load DES key, assuming that there is not password if not check_filename(key_file): cleanup(doc, enc_data_node, enc_ctx) key = xmlsec.keyReadBinaryFile(xmlsec.keyDataDesId(), key_file) if key is None: print "Error failed to load DES key from binary file \"%s\"" % key_file return cleanup(doc, enc_data_node, enc_ctx) # Set key name to the file name, this is just an example! if key.setName(key_file) < 0: print "Error: failed to set key name for key from \"%s\"" % key_file return cleanup(doc, enc_data_node, enc_ctx) enc_ctx.encKey = key # Encrypt the data if enc_ctx.xmlEncrypt(enc_data_node, doc.getRootElement()) < 0: print "Error: encryption failed" return cleanup(doc, enc_data_node, enc_ctx) doc.dump("-") # Success return cleanup(doc, None, enc_ctx, 1)
def _determine_transform_format(formatstring): """Translates strings to all transform methods of the pyXMLsec library. This should actually sort out which value could be used where, but for now, it works :-). """ if formatstring == 'aes128-cbc': result = xmlsec.transformAes128CbcId() elif formatstring == 'aes192-cbc': result = xmlsec.transformAes192CbcId() elif formatstring == 'aes256-cbc': result = xmlsec.transformAes256CbcId() elif formatstring == 'kw-aes128': result = xmlsec.transformKWAes128Id() elif formatstring == 'kw-aes192': result = xmlsec.transformKWAes192Id() elif formatstring == 'kw-aes256': result = xmlsec.transformKWAes256Id() elif formatstring == 'des3-cbc': result = xmlsec.transformDes3CbcId() elif formatstring == 'kw-des3': result = xmlsec.transformKWDes3Id() elif formatstring == 'dsa-sha1': result = xmlsec.transformDsaSha1Id() elif formatstring == 'hmac-md5': result = xmlsec.transformHmacMd5Id() elif formatstring == 'hmac-ripemd160': result = xmlsec.transformHmacRipemd160Id() elif formatstring == 'hmac-sha1': result = xmlsec.transformHmacSha1Id() elif formatstring == 'hmac-sha224': result = xmlsec.transformHmacSha224Id() elif formatstring == 'hmac-sha256': result = xmlsec.transformHmacSha256Id() elif formatstring == 'hmac-sha384': result = xmlsec.transformHmacSha384Id() elif formatstring == 'hmac-sha512': result = xmlsec.transformHmacSha512Id() elif formatstring == 'hmac-md5': result = xmlsec.transformMd5Id() elif formatstring == 'ripemd160': result = xmlsec.transformRipemd160Id() elif formatstring == 'rsa-md5': result = xmlsec.transformRsaMd5Id() elif formatstring == 'rsa-ripemd160': result = xmlsec.transformRsaRipemd160Id() elif formatstring == 'rsa-sha1': result = xmlsec.transformRsaSha1Id() elif formatstring == 'rsa-sha224': result = xmlsec.transformRsaSha224Id() elif formatstring == 'rsa-sha256': result = xmlsec.transformRsaSha256Id() elif formatstring == 'rsa-sha384': result = xmlsec.transformRsaSha384Id() elif formatstring == 'rsa-sha512': result = xmlsec.transformRsaSha512Id() elif formatstring == 'rsa-pkcs1': result = xmlsec.transformRsaPkcs1Id() elif formatstring == 'rsa-oaep': result = xmlsec.transformRsaOaepId() elif formatstring == 'sha1': result = xmlsec.transformSha1Id() elif formatstring == 'sha224': result = xmlsec.transformSha224Id() elif formatstring == 'sha256': result = xmlsec.transformSha256Id() elif formatstring == 'sha384': result = xmlsec.transformSha384Id() elif formatstring == 'sha512': result = xmlsec.transformSha512Id() elif formatstring == 'base64': result = xmlsec.transformBase64Id() elif formatstring == 'inc-c14n': result = xmlsec.transformInclC14NId() elif formatstring == 'inc-c14n-with-comments': result = xmlsec.transformInclC14NWithCommentsId() elif formatstring == 'exc-c14n': result = xmlsec.transformExclC14NId() elif formatstring == 'exc-c14n-with-comments': result = xmlsec.transformExclC14NWithCommentsId() elif formatstring in ('enveloped', 'enveloped-signature'): result = xmlsec.transformEnvelopedId() elif formatstring in ('xpath', 'xpath-19991116', 'xmldsig-filter'): result = xmlsec.transformXPathId() elif formatstring in ('xpath2', 'xmldsig-filter2'): result = xmlsec.transformXPath2Id() elif formatstring == 'xpointer': result = xmlsec.transformXPointerId() elif formatstring in ('xslt', 'xslt-19991116'): result = xmlsec.transformXsltId() elif formatstring == 'remove-xml-tags-transform': result = xmlsec.transformRemoveXmlTagsC14NId() elif formatstring == 'visa3d-hack': result = xmlsec.transformVisa3DHackId() else: raise DSigError('Unknown transform: %s' % formatstring) if result is None: raise DSigError('Transform %s not available' % formatstring) else: return result
def encrypt_file(mngr, xml_file, key_name): assert(mngr) assert(xml_file) assert(key_name) # Load template if not check_filename(xml_file): return -1 doc = libxml2.parseFile(xml_file) if doc is None or doc.getRootElement() is None: print "Error: unable to parse file \"%s\"" % xml_file return cleanup(doc) # Create encryption template to encrypt XML file and replace # its content with encryption result enc_data_node = xmlsec.TmplEncData(doc, xmlsec.transformDes3CbcId(), None, xmlsec.TypeEncElement, None, None) if enc_data_node is None: print "Error: failed to create encryption template" cleanup(doc) # We want to put encrypted data in the <enc:CipherValue/> node if enc_data_node.ensureCipherValue() is None: print "Error: failed to add CipherValue node" cleanup(doc, enc_data_node) # add <dsig:KeyInfo/> key_info_node = enc_data_node.ensureKeyInfo(None) if key_info_node is None: print "Error: failed to add key info" cleanup(doc, enc_data_node) # Add <enc:EncryptedKey/> to store the encrypted session key enc_key_node = key_info_node.addEncryptedKey(xmlsec.transformRsaOaepId(), None, None, None) if enc_key_node is None: print "Error: failed to add key info" cleanup(doc, enc_data_node) # We want to put encrypted key in the <enc:CipherValue/> node if enc_key_node.ensureCipherValue() is None: print "Error: failed to add CipherValue node" cleanup(doc, enc_data_node) # Add <dsig:KeyInfo/> and <dsig:KeyName/> nodes to <enc:EncryptedKey/> key_info_node2 = enc_key_node.ensureKeyInfo(None) if key_info_node2 is None: print "Error: failed to add key info" cleanup(doc, enc_data_node) # Set key name so we can lookup key when needed if key_info_node2.addKeyName(key_name) is None: print "Error: failed to add key name" cleanup(doc, enc_data_node) # Create encryption context enc_ctx = xmlsec.EncCtx(mngr) if enc_ctx is None: print "Error: failed to create encryption context" cleanup(doc, enc_data_node) # Generate a Triple DES key key = xmlsec.keyGenerate(xmlsec.keyDataDesId(), 192, xmlsec.KeyDataTypeSession) if key is None: print "Error: failed to generate session DES key" cleanup(doc, enc_data_node) enc_ctx.encKey = key # Encrypt the data if enc_ctx.xmlEncrypt(enc_data_node, doc.getRootElement()) < 0: print "Error: encryption failed" return cleanup(doc, enc_data_node, enc_ctx) doc.dump("-") # Success return cleanup(doc, None, enc_ctx, 1)
def encrypt_file(mngr, xml_file, key_name): assert (mngr) assert (xml_file) assert (key_name) # Load template if not check_filename(xml_file): return -1 doc = libxml2.parseFile(xml_file) if doc is None or doc.getRootElement() is None: print "Error: unable to parse file \"%s\"" % xml_file return cleanup(doc) # Create encryption template to encrypt XML file and replace # its content with encryption result enc_data_node = xmlsec.TmplEncData(doc, xmlsec.transformDes3CbcId(), None, xmlsec.TypeEncElement, None, None) if enc_data_node is None: print "Error: failed to create encryption template" cleanup(doc) # We want to put encrypted data in the <enc:CipherValue/> node if enc_data_node.ensureCipherValue() is None: print "Error: failed to add CipherValue node" cleanup(doc, enc_data_node) # add <dsig:KeyInfo/> key_info_node = enc_data_node.ensureKeyInfo(None) if key_info_node is None: print "Error: failed to add key info" cleanup(doc, enc_data_node) # Add <enc:EncryptedKey/> to store the encrypted session key enc_key_node = key_info_node.addEncryptedKey(xmlsec.transformRsaOaepId(), None, None, None) if enc_key_node is None: print "Error: failed to add key info" cleanup(doc, enc_data_node) # We want to put encrypted key in the <enc:CipherValue/> node if enc_key_node.ensureCipherValue() is None: print "Error: failed to add CipherValue node" cleanup(doc, enc_data_node) # Add <dsig:KeyInfo/> and <dsig:KeyName/> nodes to <enc:EncryptedKey/> key_info_node2 = enc_key_node.ensureKeyInfo(None) if key_info_node2 is None: print "Error: failed to add key info" cleanup(doc, enc_data_node) # Set key name so we can lookup key when needed if key_info_node2.addKeyName(key_name) is None: print "Error: failed to add key name" cleanup(doc, enc_data_node) # Create encryption context enc_ctx = xmlsec.EncCtx(mngr) if enc_ctx is None: print "Error: failed to create encryption context" cleanup(doc, enc_data_node) # Generate a Triple DES key key = xmlsec.keyGenerate(xmlsec.keyDataDesId(), 192, xmlsec.KeyDataTypeSession) if key is None: print "Error: failed to generate session DES key" cleanup(doc, enc_data_node) enc_ctx.encKey = key # Encrypt the data if enc_ctx.xmlEncrypt(enc_data_node, doc.getRootElement()) < 0: print "Error: encryption failed" return cleanup(doc, enc_data_node, enc_ctx) doc.dump("-") # Success return cleanup(doc, None, enc_ctx, 1)
def _determine_transform_format(formatstring): """Translates strings to all transform methods of the pyXMLsec library. This should actually sort out which value could be used where, but for now, it works :-). """ if formatstring == 'aes128-cbc': result = xmlsec.transformAes128CbcId() elif formatstring == 'aes192-cbc': result = xmlsec.transformAes192CbcId() elif formatstring == 'aes256-cbc': result = xmlsec.transformAes256CbcId() elif formatstring == 'kw-aes128': result = xmlsec.transformKWAes128Id() elif formatstring == 'kw-aes192': result = xmlsec.transformKWAes192Id() elif formatstring == 'kw-aes256': result = xmlsec.transformKWAes256Id() elif formatstring == 'des3-cbc': result = xmlsec.transformDes3CbcId() elif formatstring == 'kw-des3': result = xmlsec.transformKWDes3Id() elif formatstring == 'dsa-sha1': result = xmlsec.transformDsaSha1Id() elif formatstring == 'hmac-md5': result = xmlsec.transformHmacMd5Id() elif formatstring == 'hmac-ripemd160': result = xmlsec.transformHmacRipemd160Id() elif formatstring == 'hmac-sha1': result = xmlsec.transformHmacSha1Id() elif formatstring == 'hmac-sha224': result = xmlsec.transformHmacSha224Id() elif formatstring == 'hmac-sha256': result = xmlsec.transformHmacSha256Id() elif formatstring == 'hmac-sha384': result = xmlsec.transformHmacSha384Id() elif formatstring == 'hmac-sha512': result = xmlsec.transformHmacSha512Id() elif formatstring == 'hmac-md5': result = xmlsec.transformMd5Id() elif formatstring == 'ripemd160': result = xmlsec.transformRipemd160Id() elif formatstring == 'rsa-md5': result = xmlsec.transformRsaMd5Id() elif formatstring == 'rsa-ripemd160': result = xmlsec.transformRsaRipemd160Id() elif formatstring == 'rsa-sha1': result = xmlsec.transformRsaSha1Id() elif formatstring == 'rsa-sha224': result = xmlsec.transformRsaSha224Id() elif formatstring == 'rsa-sha256': result = xmlsec.transformRsaSha256Id() elif formatstring == 'rsa-sha384': result = xmlsec.transformRsaSha384Id() elif formatstring == 'rsa-sha512': result = xmlsec.transformRsaSha512Id() elif formatstring == 'rsa-pkcs1': result = xmlsec.transformRsaPkcs1Id() elif formatstring == 'rsa-oaep': result = xmlsec.transformRsaOaepId() elif formatstring == 'sha1': result = xmlsec.transformSha1Id() elif formatstring == 'sha224': result = xmlsec.transformSha224Id() elif formatstring == 'sha256': result = xmlsec.transformSha256Id() elif formatstring == 'sha384': result = xmlsec.transformSha384Id() elif formatstring == 'sha512': result = xmlsec.transformSha512Id() elif formatstring == 'base64': result = xmlsec.transformBase64Id() elif formatstring == 'inc-c14n': result = xmlsec.transformInclC14NId() elif formatstring == 'inc-c14n-with-comments': result = xmlsec.transformInclC14NWithCommentsId() elif formatstring == 'exc-c14n': result = xmlsec.transformExclC14NId() elif formatstring == 'exc-c14n-with-comments': result = xmlsec.transformExclC14NWithCommentsId() elif formatstring in ('enveloped', 'enveloped-signature'): result = xmlsec.transformEnvelopedId() elif formatstring in ('xpath', 'xpath-19991116', 'xmldsig-filter'): result = xmlsec.transformXPathId() elif formatstring in ('xpath2', 'xmldsig-filter2'): result = xmlsec.transformXPath2Id() elif formatstring == 'xpointer': result = xmlsec.transformXPointerId() elif formatstring in ('xslt', 'xslt-19991116'): result = xmlsec.transformXsltId() elif formatstring == 'remove-xml-tags-transform': result = xmlsec.transformRemoveXmlTagsC14NId() elif formatstring == 'visa3d-hack': result = xmlsec.transformVisa3DHackId() else: raise XMLDSIGError('Unknown transform: %s' % formatstring) if result is None: raise XMLDSIGError('Transform %s not available' % formatstring) else: return result