메뉴 건너뛰기

infra

[xmlsec] 서명용 keyfile 생성과 서명하기

박영식2010.05.07 23:21조회 수 3026댓글 0

  • 1
    • 글자 크기

$ sudo xmlsec1 keys --privkey-pem userkey.pem keys2.xml

userkey.pem 파일을 이용해 keys2.xml 파일을 생성한다.

( 첨부된 userkey.pem 파일을 이용하면 되고, password는 hello이다.)

{keys2.xml}
<?xml version="1.0"?>
<Keys xmlns="http://www.aleksey.com/xmlsec/2002">
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<KeyValue>
<RSAKeyValue>
<Modulus>
vBKEgNWKPbRcULxXcGzxefpve5Fryuc+CQwJz3YujE1z8jMKuLD2C700amz9vBqd
aBlsrm9rjpjbtrEWEeja42T1kTaWPRRB6AV0EaUQg632GWkcVKpOeZcAqtpId3bL
GFV74moYiu3JNCW5ZU084Ipd3zO5sWBaqVQxcyufwnM=
</Modulus>
<Exponent>
AQAB
</Exponent>
<PrivateExponent xmlns="http://www.aleksey.com/xmlsec/2002">
coEftUTNxuWxsuIIpoVdu/Myvtv58e46Qc3Xhz0f+AIMDrDu3SW4l8sZR5aWIVle
7otUNRvXM1lzo9ZLZpoL8YsFK8YOl1H9eSKIy6bHuHi95vH77rYDUCDvt3t7noRJ
PSLWX5H0NuMU7ctIvCTVXC3O+yvD3F6YTnrfdslBUUE=
</PrivateExponent>
</RSAKeyValue>
</KeyValue>
</KeyInfo>
</Keys>

아래의 서명대상 파일을 다음과 같은 명령어를 이용해서명한다.  

$ xmlsec1 sign --output dsig.xml --keys-file keys2.xml input.xml

{input.xml}
<?xml version='1.0'?>
<References>
<PaymentInfo xmlns="http://example.org/paymentv2">
<Name>John Smith</Name>
<CreditCard Limit="5,000" Currency="USD">
<Number>4019 2445 0277 5567</Number>
<Issuer>Example Bank</Issuer>
<Expiration>04/02</Expiration>
</CreditCard>
</PaymentInfo>
<Web>
<Title>XMLSec</Title>
<Url>http://www.aleksey.com/xmlsec/</Url>
</Web>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue></DigestValue>
</Reference>
</SignedInfo>
<SignatureValue></SignatureValue>
<KeyInfo>
<KeyValue/>
</KeyInfo>
</Signature>
</References>

서명이 정상적으로 완료되면 아래와 같은 서명파일을 얻을수있다.
{dsig.xml}

<?xml version="1.0"?>
<References>
<PaymentInfo xmlns="http://example.org/paymentv2">
<Name>John Smith</Name>
<CreditCard Limit="5,000" Currency="USD">
<Number>4019 2445 0277 5567</Number>
<Issuer>Example Bank</Issuer>
<Expiration>04/02</Expiration>
</CreditCard>
</PaymentInfo>
<Web>
<Title>XMLSec</Title>
<Url>http://www.aleksey.com/xmlsec/</Url>
</Web>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>T8xWW2x41y1O/Z/BQO4Wx54hdCk=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>O5nJCpPc3/huOpM+QmCeT9O+pUkkwSQl1pMohLGvElmZHGpat7L1elZrxAuKr8Pn
5aJ1QYDku44MNUiaUOGZN3Y33n14/bFVMBm+rL3bqSBY8KnMiwtbS2tL712nucES
Vd+QapWHxlWCkwMP6lBFCd+7Sk3hE7f5IPFA2xMthjs=</SignatureValue>
<KeyInfo>
<KeyValue>
<RSAKeyValue>
<Modulus>
vBKEgNWKPbRcULxXcGzxefpve5Fryuc+CQwJz3YujE1z8jMKuLD2C700amz9vBqd
aBlsrm9rjpjbtrEWEeja42T1kTaWPRRB6AV0EaUQg632GWkcVKpOeZcAqtpId3bL
GFV74moYiu3JNCW5ZU084Ipd3zO5sWBaqVQxcyufwnM=
</Modulus>
<Exponent>
AQAB
</Exponent>
</RSAKeyValue>
</KeyValue>
</KeyInfo>
</Signature>
</References>

박영식 (비회원)
  • 1
    • 글자 크기
[xmlsec] 템플릿 파일을 이용한 암호화 (by 박영식) [xmlsec] xpath를 이용한 element 암호화(Encryption of a single value) (by 박영식)

댓글 달기

박영식
2011.04.29 조회 6084
박영식
2011.03.17 조회 1719
박영식
2011.03.07 조회 2067
박영식
2010.04.22 조회 3320
첨부 (1)
userkey.pem
963Bytes / Download 69
위로