

|
Verifing and decrypting documents.
Since the template is just an XML file, it might be created in advance
and saved in a file. It's also possible for application to create
templates without using XML Security Library functions. Also in some
cases template should be inserted in the signed or encrypted data
(for example, if you want to create an enveloped or enveloping
signature).
Signature verification and data decryption do not require template
because all the necessary information is provided in the signed or
encrypted document.
Verifying a signed document
The typical siganture verification process includes following steps:
Example 6. Verifying a document.
int
verify_file(const char* xml_file, const char* key_file) {
xmlDocPtr doc = NULL;
xmlNodePtr node = NULL;
xmlSecDSigCtxPtr dsigCtx = NULL;
int res = -1;
assert(xml_file);
assert(key_file);
/* load file */
doc = xmlParseFile(xml_file);
if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){
fprintf(stderr, "Error: unable to parse file \"%s\"\n", xml_file);
goto done;
}
/* find start node */
node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeSignature, xmlSecDSigNs);
if(node == NULL) {
fprintf(stderr, "Error: start node not found in \"%s\"\n", xml_file);
goto done;
}
/* create signature context, we don't need keys manager in this example */
dsigCtx = xmlSecDSigCtxCreate(NULL);
if(dsigCtx == NULL) {
fprintf(stderr,"Error: failed to create signature context\n");
goto done;
}
/* load public key */
dsigCtx->signKey = xmlSecCryptoAppPemKeyLoad(key_file, NULL, NULL, 0);
if(dsigCtx->signKey == NULL) {
fprintf(stderr,"Error: failed to load public pem key from \"%s\"\n", key_file);
goto done;
}
/* Verify signature */
if(xmlSecDSigCtxVerify(dsigCtx, node) < 0) {
fprintf(stderr,"Error: signature verify\n");
goto done;
}
/* print verification result to stdout */
if(dsigCtx->status == xmlSecDSigStatusSucceeded) {
fprintf(stdout, "Signature is OK\n");
} else {
fprintf(stdout, "Signature is INVALID\n");
}
/* success */
res = 0;
done:
/* cleanup */
if(dsigCtx != NULL) {
xmlSecDSigCtxDestroy(dsigCtx);
}
if(doc != NULL) {
xmlFreeDoc(doc);
}
return(res);
}
|
Full Program Listing
Decrypting an encrypted document
The typical decryption process includes following steps:
Example 7. Decrypting a document.
int
decrypt_file(const char* enc_file, const char* key_file) {
xmlDocPtr doc = NULL;
xmlNodePtr node = NULL;
xmlSecEncCtxPtr encCtx = NULL;
int res = -1;
assert(enc_file);
assert(key_file);
/* load template */
doc = xmlParseFile(enc_file);
if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){
fprintf(stderr, "Error: unable to parse file \"%s\"\n", enc_file);
goto done;
}
/* find start node */
node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeEncryptedData, xmlSecEncNs);
if(node == NULL) {
fprintf(stderr, "Error: start node not found in \"%s\"\n", enc_file);
goto done;
}
/* create encryption context, we don't need keys manager in this example */
encCtx = xmlSecEncCtxCreate(NULL);
if(encCtx == NULL) {
fprintf(stderr,"Error: failed to create encryption context\n");
goto done;
}
/* load DES key */
encCtx->encKey = xmlSecKeyReadBinaryFile(xmlSecKeyDataDesId, key_file);
if(encCtx->encKey == NULL) {
fprintf(stderr,"Error: failed to load des key from binary file \"%s\"\n", key_file);
goto done;
}
/* decrypt the data */
if((xmlSecEncCtxDecrypt(encCtx, node) < 0) || (encCtx->result == NULL)) {
fprintf(stderr,"Error: decryption failed\n");
goto done;
}
/* print decrypted data to stdout */
fprintf(stdout, "Decrypted data (%d bytes):\n", xmlSecBufferGetSize(encCtx->result));
if(xmlSecBufferGetData(encCtx->result) != NULL) {
fwrite(xmlSecBufferGetData(encCtx->result),
1,
xmlSecBufferGetSize(encCtx->result),
stdout);
}
fprintf(stdout, "\n");
/* success */
res = 0;
done:
/* cleanup */
if(encCtx != NULL) {
xmlSecEncCtxDestroy(encCtx);
}
if(doc != NULL) {
xmlFreeDoc(doc);
}
return(res);
}
|
Full Program Listing
|
Aleksey Sanin
|
|