-
Notifications
You must be signed in to change notification settings - Fork 2
/
README
163 lines (110 loc) · 4.72 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
NAME
XML::Enc - XML::Enc Encryption Support
VERSION
version 0.15
SYNOPSIS
my $decrypter = XML::Enc->new(
{
key => 't/sign-private.pem',
no_xml_declaration => 1,
},
);
$decrypted = $enc->decrypt($xml);
my $encrypter = XML::Enc->new(
{
cert => 't/sign-certonly.pem',
no_xml_declaration => 1,
data_enc_method => 'aes256-cbc',
key_transport => 'rsa-1_5',
},
);
$encrypted = $enc->encrypt($xml);
NAME
XML::Enc - XML Encryption
METHODS
new( ... )
Constructor. Creates an instance of the XML::Enc object
Arguments:
key Filename of the private key to be used for decryption.
cert
Filename of the public key to be used for encryption.
no_xml_declaration
Do not return the XML declaration if true (1). Return it if false
(0). This is useful for decrypting documents without the declaration
such as SAML2 Responses.
data_enc_method
Specify the data encryption method to be used. Supported methods
are:
Used in encryption. Optional. Default method: aes256-cbc
* tripledes-cbc
<https://www.w3.org/TR/2002/REC-xmlenc-core-20021210/Overview.ht
ml#tripledes-cbc>
* aes128-cbc
<https://www.w3.org/TR/2002/REC-xmlenc-core-20021210/Overview.ht
ml#aes128-cbc>
* aes192-cbc
<https://www.w3.org/TR/2002/REC-xmlenc-core-20021210/Overview.ht
ml#aes192-cbc>
* aes256-cbc
<https://www.w3.org/TR/2002/REC-xmlenc-core-20021210/Overview.ht
ml#aes256-cbc>
* aes128-gcm <https://www.w3.org/TR/xmlenc-core/#aes128-gcm>
* aes192-gcm <https://www.w3.org/TR/xmlenc-core/#aes192-gcm>
* aes256-gcm <https://www.w3.org/TR/xmlenc-core/#aes256-gcm>
key_transport
Specify the encryption method to be used for key transport.
Supported methods are:
Used in encryption. Optional. Default method: rsa-oaep-mgf1p
* rsa-1_5
<https://www.w3.org/TR/2002/REC-xmlenc-core-20021210/Overview.ht
ml#rsa-1_5>
* rsa-oaep-mgf1p
<https://www.w3.org/TR/2002/REC-xmlenc-core-20021210/Overview.ht
ml#rsa-oaep-mgf1p>
* rsa-oaep <http://www.w3.org/2009/xmlenc11#rsa-oaep>
oaep_mgf_alg
Specify the Algorithm to be used for rsa-oaep. Supported algorithms
are:
Used in encryption. Optional. Default method: mgf1sha1
* mgf1sha1 <http://www.w3.org/2009/xmlenc11#mgf1sha1>
* mgf1sha224 <http://www.w3.org/2009/xmlenc11#mgf1sha224>
* mgf1sha265 <http://www.w3.org/2009/xmlenc11#mgf1sha256>
* mgf1sha384 <http://www.w3.org/2009/xmlenc11#mgf1sha384>
* mgf1sha512 <http://www.w3.org/2009/xmlenc11#mgf1sha512>
oaep_params
Specify the OAEPparams value to use as part of the mask generation
function (MGF). It is optional but can be specified for rsa-oaep and
rsa-oaep-mgf1p EncryptionMethods.
It is base64 encoded and stored in the XML as OAEPparams.
If specified you MAY specify the oaep_label_hash that should be
used. You should note that not all implementations support an
oaep_label_hash that differs from that of the MGF specified in the
xenc11:MGF element or the default MGF1 with SHA1.
The oaep_label_hash is stored in the DigestMethod child element of
the EncryptionMethod.
oaep_label_hash
Specify the Hash Algorithm to use for the rsa-oaep label as
specified by oaep_params.
The default is sha1. Supported algorithms are:
* sha1 <http://www.w3.org/2000/09/xmldsig#sha1>
* sha224 <http://www.w3.org/2001/04/xmldsig-more#sha224>
* sha256 <http://www.w3.org/2001/04/xmlenc#sha256>
* sha384 <http://www.w3.org/2001/04/xmldsig-more#sha384>
* sha512 <http://www.w3.org/2001/04/xmlenc#sha512>
key_name
Specify a key name to add to the KeyName element. If it is not
specified then no KeyName element is added to the KeyInfo
decrypt( ... )
Main decryption function.
Arguments:
xml XML containing the encrypted data.
encrypt( ... )
Main encryption function.
Arguments:
xml XML containing the plaintext data.
AUTHOR
Timothy Legge <[email protected]>
COPYRIGHT AND LICENSE
This software is copyright (c) 2024 by TImothy Legge.
This is free software; you can redistribute it and/or modify it under
the same terms as the Perl 5 programming language system itself.