Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

xml-crypto

Package Overview
Dependencies
Maintainers
5
Versions
80
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

xml-crypto

Xml digital signature and encryption library for Node.js

  • 6.0.0
  • latest
  • Source
  • npm
  • Socket score

Version published
Maintainers
5
Created

What is xml-crypto?

The xml-crypto npm package is a library that provides tools for signing and verifying XML digital signatures, which are used to ensure the integrity and authenticity of XML documents. It is based on the standards of XML Signature and XML Encryption.

What are xml-crypto's main functionalities?

Signing XML documents

This feature allows you to sign XML documents. You can specify references to the parts of the XML that you want to sign, provide your private key, and then compute and obtain the signed XML.

const fs = require('fs');
const { SignedXml } = require('xml-crypto');
let sig = new SignedXml();
sig.addReference("//*[local-name(.)='x']");
sig.signingKey = fs.readFileSync('private.pem');
sig.computeSignature('<x xmlns="urn:xmpp:delay">example</x>');
fs.writeFileSync('signed.xml', sig.getSignedXml());

Verifying XML signatures

This feature allows you to verify the signature of an XML document. You can load the signed XML, provide the corresponding public key, and check if the signature is valid.

const fs = require('fs');
const { SignedXml } = require('xml-crypto');
let xml = fs.readFileSync('signed.xml').toString();
let sig = new SignedXml();
sig.keyInfoProvider = {
  getKeyInfo: function(key) {
    return '<X509Data></X509Data>';
  },
  getKey: function(keyInfo) {
    return fs.readFileSync('public.pem');
  }
};
sig.loadSignature(xml);
let result = sig.checkSignature(xml);
console.log('Signature is', result ? 'valid' : 'invalid');

Working with KeyInfo

This feature allows you to work with KeyInfo, which is an XML structure that contains information about the key used for signing. You can create a KeyInfoProvider with your key and obtain the KeyInfo XML.

const { KeyInfoProvider } = require('xml-crypto');
let keyInfoProvider = new KeyInfoProvider('key.pem');
let keyInfo = keyInfoProvider.getKeyInfo();

Other packages similar to xml-crypto

Keywords

FAQs

Package last updated on 26 Jan 2024

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc