xml-crypto - npm Package Compare versions

Comparing version 1.5.3 to 2.0.0

lib/signed-xml.js

		@@ -333,5 +333,17 @@ var xpath = require('xpath')
		'http://www.w3.org/2001/04/xmldsig-more#rsa-sha512': RSASHA512,
		'http://www.w3.org/2000/09/xmldsig#hmac-sha1': HMACSHA1
		// Disabled by default due to key confusion concerns.
		// 'http://www.w3.org/2000/09/xmldsig#hmac-sha1': HMACSHA1
		}

		/**
		* Due to key-confusion issues, its risky to have both hmac
		* and digital signature algos enabled at the same time.
		* This enables HMAC and disables other signing algos.
		*/
		SignedXml.enableHMAC = function () {
		SignedXml.SignatureAlgorithms = {
		'http://www.w3.org/2000/09/xmldsig#hmac-sha1': HMACSHA1
		}
		}

		SignedXml.defaultNsForPrefix = {
		@@ -338,0 +350,0 @@ ds: 'http://www.w3.org/2000/09/xmldsig#'

package.json

		{
		"name": "xml-crypto",
		"version": "1.5.3",
		"version": "2.0.0",
		"description": "Xml digital signature and encryption library for Node.js",
		@@ -5,0 +5,0 @@ "engines": {

README.md

		@@ -37,4 +37,14 @@ ## xml-crypto
		* RSA-SHA512 http://www.w3.org/2001/04/xmldsig-more#rsa-sha512

		HMAC-SHA1 is also available but it is disabled by default
		* HMAC-SHA1 http://www.w3.org/2000/09/xmldsig#hmac-sha1

		to enable HMAC-SHA1, do:
		```javascript
		require( 'xml-crypto' ).SignedXml.enableHMAC();
		```
		This will enable HMAC and disable digital signature algorithms. Due to key
		confusion issues, it is risky to have both HMAC-based and public key digital
		signature algorithms enabled at same time.

		by default the following algorithms are used:
		@@ -41,0 +51,0 @@

New alerts