XMLCrypto Object
Key Features
The XMLCrypto Object has the following key features:
Download and Installation
The XMLCrypto object can be downloaded
here. It is an installer that guides
you through a simple setup process. There are sample VB scripts under the
SCRIPTS directory to get you started quickly. The installer generates a
15-day trial license, please contact us at info2-at-sqldata-dot-com
if you need to extend the trial period or to purchase the
library.
XMLCrypto Sample Code:
1. Encrypt an XML document:
Given a sample XML document (payment.xml)
blow:
<PaymentInfo xmlns="http://sqldata.com/xmlcrypto"
Id="PayId">
<Name>John Doe</Name>
<CreditCard Currency="USD" Limit="8,000" Id="CC">
<Number>4019 2445 0277 5567</Number>
<Issuer>Bank of the Internet</Issuer>
<Expiration Time="03/06" />
</CreditCard>
<Account Id=ACC>
<AccountId>JDoe</AccountId>
<Password>My Secret Password</Password>
</Account>
</PaymentInfo>
The following code
encrypts the document using XML Encryption.
set myClient = CreateObject ("SQLData.XMLCrypto")
'Set the Name of the encryption Key
myClient.SetKeyInfo "CryptoTester"
'encrypt the document
encrypted = myClient.EncryptData("payment.xml")
wscript.echo encrypted
The
result is an XML document shown below:
<EncryptedData
xmlns="http://www.w3.org/2001/04/xmlenc#"
Type="http://www.w3.org/2001/04/xmlenc#Element">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<KeyName>CryptoTester</KeyName>
</KeyInfo>
<CipherData>
<CipherValue>HM+khz6O5viUlPWJioBKOdeP09pk1...=</CipherValue>
</CipherData>
</EncryptedKey>
</KeyInfo>
<CipherData>
<CipherValue>K1AgD7e6cHkqfUaCz0bzazRxTJzJpdx...</CipherValue>
</CipherData> </EncryptedData>
2. Sign an XML document
The following VB scripts sign a document using XML Signature:
set myClient = CreateObject ("SQLData.XMLCrypto")
myClient.SetKeyInfo "CryptoTester",, MySecret
'set the signature position to be the last child.
myClient.SetProperty "SignatureAnchor", "last"
'sign the document
signed = myClient.SignData ("payment.xml")
wscript.echo signed
The payment document with signature looks like the
following:
<PaymentInfo xmlns="http://sqldata.com/xmlcrypto"
Id="PayId">
<Name>John Smith</Name>
<CreditCard Currency="USD" Limit="5,000" Id="CC">
<Number>4019 2445 0277 5567</Number>
<Issuer>Bank of the Internet</Issuer>
<Expiration Time="04/02"/>
</CreditCard>
<Account Id="ACC">
<AccountId>John Doe</AccountId>
<Password>My Secret
Password</Password>
</Account>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference
URI="">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
</Transforms>
<DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>p6fWceDJHMFmDV76x6Gh7lztdl0=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>VSbxfuvlffxGbqjmmKriP4wqBhdMuBrEMrKrysW6vjwFqkLE3vcK8AXjYeyry8mD
Sg2Q69YlZB7uCnUh5nWTLGtskest0ypkhKful+KwfT1qm7i9IIW02CkGQ/hDNQTf
5WfOz/VRP7g0xaFbKqe/ZON3G9k1TxL6E2/RqBHlvXQ=</SignatureValue>
<KeyInfo>
<X509Data>
<X509Certificate>MIID4jCCA0ugAwIBAgI...</X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
</PaymentInfo>
3. Using WS-Security Features
The tool can be used to add web service security
features defined in WS-Security into SOAP messages. The following simple
scripts add standard timestamp and XML signature into the SOAP header.
set myClient =
CreateObject ("SQLData.XMLCrypto")
myClient.SetKeyInfo "CryptoTester"
myClient.SetProperty "SecurityType","WSSecurity"
'sign the document
signed = myClient.SignData ("scripts\SOAPMessage.xml", "", "")
The result SOAP message with WS-Security header is
shown below:
<SOAP-ENV:Envelope
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsd="http://www.w3.org/1999/XMLSchema"
xmlns:xsi="http://www.w3.org/1999/XMLSchema-instance"
xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
- <wsse:Security
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
SOAP-ENV:MustUnderstand="1">
<wsse:BinarySecurityToken
xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
wsu:Id="SecId-484d840c-3fa6-447e-a884-da39de45f0ed"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd#X509v3"
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd#Base64Binary">MIID4jCCA0ugAwIBAgIRAOGX5IPiDk+3siIT/8UHnPcwDQYJKoZIhvcNAQEEBQAw
gaYxCzAJBgNVBAYTAlVTMREwDwYDVQQIEwhNYXJ5bGFuZDEVMBMGA1UEBxMMR2Fp
dGhlcnNidXJnMRgwFgYDVQQKEw9TUUxEYXTjGW4ZQ+jZAkv6Q8yuzlLm5mumMTITmQ=</wsse:BinarySecurityToken>
- <wsu:Timestamp
xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="Timestamp-b9b53e47-1dec-4994-8004-a775da277174">
<wsu:Created>2005-12-22T02:39:15Z</wsu:Created>
<wsu:Expires>2005-12-22T02:41:15Z</wsu:Expires>
</wsu:Timestamp>
- <Signature
xmlns="http://www.w3.org/2000/09/xmldsig#">
<CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
/>
<SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"
/>
- <Reference
URI="#Timestamp-b9b53e47-1dec-4994-8004-a775da277174">
<DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
/>
<DigestValue>9HhZz3j4GGxWqNtFMSR568zdmSw=</DigestValue>
</Reference>
- <Reference
URI="#_SOAPBody">
<DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
/>
<DigestValue>yUoh5gubh3/LtppHhb2Woae2XD8=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>ts0q2wljDXD1yTE3wvQLYSbyxI8kapWCLgw2OqLa+KfYyC0lZG8ZGjZ11mSiVPhB
/rSlZAfKDMRCr0BcgnJn3sd/wVg23Bp+dT6EwNSYDM23gfLVF5Udscpzy3QQqoox
ai5TY11SVwoOfb2bOffH8G4QIweK/eliL+ZHE3NRDRk=</SignatureValue>
<KeyInfo>
<wsse:SecurityTokenReference>
<wsse:Reference
URI="#SecId-484d840c-3fa6-447e-a884-da39de45f0ed"
/>
</wsse:SecurityTokenReference>
</KeyInfo>
</Signature>
</wsse:Security>
</SOAP-ENV:Header>
<SOAP-ENV:Body wsu:Id="_SOAPBody">
<mns:Method1
xmlns:mns="http://www.SoapClient.com/xml/SoapResponder.xsd"
SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
<UserId
xsi:type="xsd:string">joe@sqldata.com</UserId>
<Secret
xsi:type="xsd:string">sdaf</Secret>
</mns:Method1>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
There are sample scripts in the toolkits that
demonstrate how to encrypt part of the SOAP message as well.
We also have a C/C++ sample code that demonstrates how to use the object in Microsoft
VC 6.0.
The product can be purchased online here
using paypal. |