signxml 0.2.9
pip install signxml==0.2.9
Released:
Python XML Signature library
Navigation
Unverified details
These details have not been verified by PyPIProject links
Meta
- License: Apache Software License (Apache Software License)
- Author: Andrey Kislyuk
Classifiers
- Intended Audience
- License
- Operating System
- Programming Language
- Topic
Project description
SignXML is an implementation of the W3C XML Signature standard (RFC 3275) in Python (both “Second Edition” and Version 1.1). This standard (also known as XMLDSig) is used to provide payload security in SAML 2.0, among other uses. SignXML implements all of the required components of the standard, and most recommended ones. Its features are:
Use of defusedxml.lxml to defend against common XML-based attacks when verifying signatures
Extensions to allow signing with and verifying X.509 certificate chains, including hostname/CN validation
Modern Python compatibility (2.7-3.4+ and PyPy)
Well-supported and reliable dependencies: lxml, defusedxml, cryptography, eight, pyOpenSSL
Comprehensive testing (including the XMLDSig interoperability suite) and continuous integration
Simple interface with useful defaults
Compactness, readability, and extensibility
Installation
pip install signxml
Synopsis
from signxml import xmldsig
cert = open("example.pem").read()
key = open("example.key").read()
root = ElementTree.fromstring(signature_data)
xmldsig(root).sign(key=key, cert=cert)
xmldsig(root).verify()Using a SAML metadata file:
from signxml import xmldsig
with open("metadata.xml", "rb") as fh:
cert = etree.parse(fh).find("//ds:X509Certificate").text
root = ElementTree.fromstring(signature_data)
xmldsig(root).verify(x509_cert=cert)See the API documentation for more.
Authors
Andrey Kislyuk
Links
W3C Recommendation: XML Signature Syntax and Processing (Second Edition)
W3C Recommendation: XML Signature Syntax and Processing Version 1.1
W3C Working Group Note: XML Signature Syntax and Processing Version 2.0
Bugs
Please report bugs, issues, feature requests, etc. on GitHub.
License
Licensed under the terms of the Apache License, Version 2.0.
Project details
Unverified details
These details have not been verified by PyPIProject links
Meta
- License: Apache Software License (Apache Software License)
- Author: Andrey Kislyuk
Classifiers
- Intended Audience
- License
- Operating System
- Programming Language
- Topic
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
File details
Details for the file signxml-0.2.9.tar.gz.
File metadata
- Download URL: signxml-0.2.9.tar.gz
- Upload date:
- Size: 36.0 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 550e9c0ff016831c8f062c89e986c336d6e80ca387b90ee62afc7bf6356fd272 |
|
| MD5 | ec215df7625527d0cc549ebb9ac6c3d6 |
|
| BLAKE2b-256 | cd5af4908b72962ef6b0d61819d6c40b7204d1165580d8cbb2f655dfcb53f3e8 |
