signxml
signxml copied to clipboard
Published
20 hours ago •
XML-Security
XML-Security
Support keys with ED25519 algorithm
When trying to use signxml with an ED25519 key/cert, I get the following exception:
_Ed25519PrivateKey.sign() got an unexpected keyword argument 'padding'
File "[...]\Python310\site-packages\signxml\signer.py", line 252, in sign
signature = signing_settings.key.sign(signed_info_c14n, padding=PKCS1v15(), algorithm=hash_alg)
File "[...]\mycode.py", line 8, in <module>
signed_root = xs.sign(root, key=key, cert=cert)
File "C:\Program Files\Python310\Lib\runpy.py", line 86, in _run_code
exec(code, run_globals)
File "C:\Program Files\Python310\Lib\runpy.py", line 196, in _run_module_as_main (Current frame)
return _run_code(code, main_globals, None,
When calling signing_settings.key.sign() with no arguments except the data, line 252 works, but I haven't checked for any errors that might follow.
My code:
from lxml import etree
from signxml import XMLSigner, XMLVerifier
data_to_sign = '<root><a><b/>abc</a></root>'
cert = open("xyz_svr_chain.pem").read()
key = open("xyz_svr.key").read()
root = etree.fromstring(data_to_sign)
xs = XMLSigner()
signed_root = xs.sign(root, key=key, cert=cert)
and this is the info for the cert and ca-cert:
CSR:
Certificate Request:
Data:
Version: 1 (0x0)
Subject: O = XYZ, C = DE, CN = srv.xyz.lab.corpxyz.com
Subject Public Key Info:
Public Key Algorithm: ED25519
ED25519 Public-Key:
pub:
04:50:85:02:7c:69:74:b1:ab:77:0d:73:06:1d:ff:
e5:e4:2b:90:ff:27:6d:2a:7a:05:89:fe:64:b1:ec:
d8:9d
Attributes:
Requested Extensions:
X509v3 Key Usage:
Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, Code Signing, E-mail Protection, Time Stamping
X509v3 Subject Alternative Name:
DNS:srv.xyz.lab.corpxyz.com, DNS:srvr.xyz.lab.corpxyz.com, DNS:localhost
Signature Algorithm: ED25519
c9:79:f3:ce:1f:91:ef:62:69:8d:58:2f:3b:18:62:57:9c:bf:
34:f3:b6:cb:8f:de:f5:16:89:1d:2c:47:2d:e4:ab:8d:31:3f:
bc:05:80:94:ab:cd:63:d9:39:b2:a6:1f:00:a7:8c:5f:d9:b0:
1b:03:f9:c7:6b:ae:1d:4b:99:0e
Cert:
Certificate:
Data:
Version: 1 (0x0)
Serial Number:
50:2b:c5:f3:c3:ca:8c:7d:5f:bf:8b:de:60:8d:ad:58:84:90:22:95
Signature Algorithm: ED25519
Issuer: O = XYZ, C = DE, CN = ca.xyz.lab.corpxyz.com
Validity
Not Before: Dec 7 17:27:24 2022 GMT
Not After : Nov 13 17:27:24 2122 GMT
Subject: O = XYZ, C = DE, CN = srv.xyz.lab.corpxyz.com
Subject Public Key Info:
Public Key Algorithm: ED25519
ED25519 Public-Key:
pub:
04:50:85:02:7c:69:74:b1:ab:77:0d:73:06:1d:ff:
e5:e4:2b:90:ff:27:6d:2a:7a:05:89:fe:64:b1:ec:
d8:9d
Signature Algorithm: ED25519
03:3b:66:4f:65:ba:92:02:94:c7:37:8d:59:f2:44:c2:b9:ce:
33:e6:c0:a6:38:3d:6e:f9:ec:fe:01:d8:af:ef:8c:e6:73:36:
e5:94:15:d0:c0:f7:6d:11:62:6d:8f:d2:48:7d:6f:06:41:e0:
4e:5b:51:9d:2c:22:ae:c9:8e:03
CA-Cert:
Certificate:
Data:
Version: 1 (0x0)
Serial Number:
5f:2a:43:7c:09:27:94:32:bb:99:18:48:f2:da:12:a4:2e:fb:62:94
Signature Algorithm: ED25519
Issuer: O = XYZ, C = DE, CN = ca.xyz.lab.corpxyz.com
Validity
Not Before: Dec 7 17:27:21 2022 GMT
Not After : Nov 13 17:27:21 2122 GMT
Subject: O = XYZ, C = DE, CN = ca.xyz.lab.corpxyz.com
Subject Public Key Info:
Public Key Algorithm: ED25519
ED25519 Public-Key:
pub:
71:c4:53:63:be:90:16:bb:a6:9c:cd:06:06:6f:56:
ba:d1:33:a7:96:0b:07:78:7f:35:4b:1b:ed:db:f0:
3f:36
Signature Algorithm: ED25519
b8:8e:06:34:bf:5c:f3:28:6c:d2:53:1c:4d:a8:cf:51:8c:22:
29:cb:e8:ef:97:cb:c5:10:2d:55:b6:bc:7d:fa:0c:63:a9:7d:
48:15:a6:f1:71:ca:06:0a:71:3e:e7:e9:66:dc:58:b1:80:80:
ca:59:38:de:b2:23:06:a5:ae:04
Script to generate the certificate is attached.
Please note that I'm not an expert considering certificate generation, so I might have made a mistake there.
Kind regards, Chris
