cyclonedx-python-lib icon indicating copy to clipboard operation
cyclonedx-python-lib copied to clipboard
verified publisher icon CycloneDX

[FEAT] Add support for XML Signatures

Open makew0rld opened this issue 5 months ago • 2 comments

Extracted from #850

Just as #122 requests support for JSON signatures (JSF), this ticket requests support for the equivalent spec component in XML: XML Signatures.

Example from the spec:

Image

For testing, XML signatures can be added to BOMs with cyclonedx-cli sign.

makew0rld avatar Jul 16 '25 14:07 makew0rld

XML signing is not part if the CycloneDX implementation, instead, it is intended to be done via https://www.w3.org/TR/xmldsig-core/

jkowalleck avatar Jul 16 '25 14:07 jkowalleck

I'm not sure what this means. XML Signatures are part of the CycloneDX spec, even though a different spec is referenced for how to implement it. It's same with JSF.

That's why cyclonedx-cli supports XML Signatures, for example.

makew0rld avatar Jul 16 '25 14:07 makew0rld