아래의 예제에서는 xml sign 때 keyfile을 생성해 암호화 하는 방법을 이용했다.
--pwd 옵션을 사용해 암호화 하는 옵션은 아래와 같다.(대상 파일은 dsig_doc.xml]이다
[dsig_doc.xml]
<?xml version='1.0'?>
<References>
<PaymentInfo xmlns="http://example.org/paymentv2">
<Name>John Smith</Name>
<CreditCard Limit="5,000" Currency="USD">
<Number>4019 2445 0277 5567</Number>
<Issuer>Example Bank</Issuer>
<Expiration>04/02</Expiration>
</CreditCard>
</PaymentInfo>
<Web>
<Title>XMLSec</Title>
<Url>http://www.aleksey.com/xmlsec/</Url>
</Web>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue></DigestValue>
</Reference>
</SignedInfo>
<SignatureValue></SignatureValue>
<KeyInfo>
<KeyValue/>
</KeyInfo>
</Signature>
</References>
$ xmlsec1 sign --output dsig2.xml --privkey-pem userkey.pem --pwd hello dsig_doc.xml
반드시 userkey.pem 파일 뒤에 --pwd 옵션을 써 줘야 한다.
(You must write --pwd option after userkey.pem)
decryption은 아래와 같다.
$ xmlsec1 decrypt --privkey-pem userkey.pem --pwd hello doc-encrypted-xmlpath.xml
사용된 파일은 아래에 코드로 공개한다. 파일로 저장해 사용하면 된다.
[userkey.pem]
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,7D88A380248C2614
02esmv1iImtl5MVME36xJxIF4PGKI66Y1sS/qpgiXupAFA+5sRDviNHYRYWOp8hZ
W8k0fem0hai82dUQS8bmUdi24ZWyUISMaQFojPcutuDF07HIe8voYpI8iWU/zw2z
Is6eZlFJvsHDf34igSXaD10EPWbO9uLKlFl1YEwyhAKP6jlo4Oe6d69DBazlH3vT
ilmOKtkUOoks3Ri9WJH20zqNwLpa4mEt+0sgfkAUPgsOWyJd3BJ3rDdZp4TIFtUU
MoNqdxb/6vMhghC6yp0uUsu7n9dmmcRcvb+MWC2JOSEIdKvev0bt0Wvk8ZDNId2a
9V14QCKGGeQ1T9/Mc09nNWlA559By+YZxIn51+J5No2+3G1oPka8jVTZ3Q+orkaU
nBjgg+e5SIWd6BZF8QZs5vOJhcABAweKsdTJuksVyKTCw9gwcNYTqakKY9Bt+kD0
Q1hDIjCV725TuML7707cPeBO2Rhpc0Tr79WJepB3L+V0/PLIaYhdhLI0FTpzxUN/
lWOyy0wzzU9zfGsWCG6KECu+OriX0GSu//F7nZ0/7U0FxzwAqCykS/lej0byS0bK
iL0nsjMRPlVVnM73Chq7p65pYLJ70K5nSlLoXjPoWGJ0DQYyMnB9WcvbBwvWoRW3
/9Dm/ZDLj1xP4U5oKHAgkaxJOkKnmoLOG1F/NnwqzXw4+M5BzMWwtXH3QAaKJ9DU
UiNQgP9O33HMx85n7tugmR0NkZAbeJ8LmSRSoTiZ1UxHtLTRqvWhTRg3e73I4pcG
gD8t+bNqjbY+XGLmgpAkoAXpjIkkxmZD6layeG+VIC13ZROM5onWyA==
-----END RSA PRIVATE KEY-----
[doc-encrypted-xmlpath.xml]
<?xml version="1.0" encoding="utf-8"?>
<PayInfo>
<Name>John Smith</Name>
<CreditCard Limit="2,000" Currency="USD"><EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#" Type="http://www.w3.org/2001/04/xmlenc#Content">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<KeyName/>
</KeyInfo>
<CipherData>
<CipherValue>lZ9TlXNe0NeZXE46C6meDspgTMsnvZwgkDpKSaKDiAQ/KSJ0P4acuxnN7saI6XIW
XzX8eqQPztF8sQyw65rUCJuAaHw0BcKOZ21QpNVL74OU5jYv/Fh/kI2srEEsjz5b
lFmRWSp1mSxb27N3WqB+KsEpZWazAA2KCNpP/80C/To=</CipherValue>
</CipherData>
</EncryptedKey>
</KeyInfo>
<CipherData>
<CipherValue>nOcInRsN4z/MMwjyKR67X6IqWUfq7VgDefQHy5Q4uSsISm6kMSmVEFxH2IIVVZTU
QYzY5ABu4LeeosSE9Y/eplgV0u80V5vT2ddSR9YzwW97Lnn59hbN8bNOdjYsrbw0
4DK7HOTqxFyCrXIcqsZaokNDt+z1lw/kKrYXKFd02Y7GPwzw0b1O6nD5FvS8+jI3</CipherValue>
</CipherData>
</EncryptedData></CreditCard>
</PayInfo>
댓글 달기