Bureaucrats, editor, reviewer, Administrators
13,550
edits
Changes
Jump to navigation
Jump to search
no edit summary
==crypto:hmac==
{{Mark|Updated with Version 9.3:}} argument types relaxed.
{| width='100%'
|-
| width='120' | '''Signatures'''
|{{Func|crypto:hmac|$message data as xs:stringanyAtomicType, $key as xs:anyAtomicType, $algorithm as xs:string|xs:string}}<br/>{{Func|crypto:hmac|$message data as xs:stringanyAtomicType, $key as xs:anyAtomicType, $algorithm as xs:string, $encoding as xs:string|xs:string}}
|-
| '''Summary'''
|Creates a message an authentication code via a cryptographic hash function and a secret for the specified {{Code|$keydata}}. <br/>via a cryptographic hash function:* {{Code|$encodingkey}} must either not be {{Code|hex}}, {{Code|base64}} or the empty string and specifies the encoding of the returned authentication code. '''Default is {{Code|base64}}'''.<br/>* {{Code|$algorithm}} describes the hash algorithm which is used for encryption. Currently supported are {{Code|md5}}, {{Code|sha1}}, {{Code|sha256}}, {{Code|sha384}}, {{Code|sha512}}. '''Default is {{Code|md5}}'''.* {{Code|$encoding}} must either be {{Code|hex}} or {{Code|base64}}; it specifies the encoding of the returned authentication code. '''Default is {{Code|base64}}'''.
|-
| '''Errors'''
'''Query:'''
<pre class="brush:xquery">
crypto:hmac('message', 'secretkey', 'md5', 'hexbase64')
</pre>
=Encryption & Decryption=
The encryption and decryption functions underlie several limitations:
* Cryptographic algorithms are currently limited to {{Code|symmetric}} algorithms only. This means that the same secret key is used for encryption and decryption.
* Available algorithms are {{Code|DES}} and {{Code|AES}}.
* Padding is fixed to {{Code|PKCS5Padding}}.
==crypto:encrypt==
{{Mark|Updated with Version 9.3:}} argument types relaxed, return type changed to <code>xs:base64Binary</code> (before: <code>xs:string</code>).
{| width='100%'
|-
| width='120' | '''Signatures'''
|{{Func|crypto:encrypt|$input as xs:stringanyAtomicType, $encryption as xs:string, $key as xs:stringanyAtomicType, $algorithm as xs:string|xs:stringbase64Binary}}
|-
| '''Summary'''
|Encrypts the given {{Code|$input }}, which can be a string.or binary item:<br/>* {{Code|$encryption}} must be {{Code|symmetric}}, as asymmetric encryption is not supported so far. '''Default is {{Code|symmetric}}'''.<br/>* {{Code|$key}} is the secret key which is used for both encryption and decryption of input data. It can be a string or binary item. Its length is fixed and depends on the chosen algorithm: {{Code|8 bytes for DES}}, {{Code|16 bytes for AES}}.<br/>* {{Code|$algorithm}} must either be {{Code|DES}} or {{Code|AES}}. Other algorithms are not supported so far, but, of course, can be added on demand. '''Default is {{Code|DES}}'''.
|-
| '''Errors'''
==crypto:decrypt==
{{Mark|Updated with Version 9.3:}} argument types relaxed.
{| width='100%'
|-
| width='120' | '''Signatures'''
|{{Func|crypto:decrypt|$input as xs:stringanyAtomicType, $type as xs:string, $key as xs:stringanyAtomicType, $algorithm as xs:string|xs:string}}
|-
| '''Summary'''
|Decrypts the encrypted {{Code|$input}}.<br/>
{{Code|$type}} must be {{Code|symmetric}}. An option for asymmetric encryption will most likely be added with another version of BaseX. '''Default is {{Code|symmetric}}'''.<br/>
{{Code|$key}} is the secret key which is used for both encryption and decryption of input data. Its length is fixed and depends on the chosen algorithm: {{Code|8 bytes for DES}}, {{Code|16 bytes for AES}}.<br/>
{{Code|$algorithm}} must either be {{Code|DES}} or {{Code|AES}}. Other algorithms are not supported so far, but, of course, can be added on demand. '''Default is {{Code|DES}}'''.
=XML Signatures=
[http://www.w3.org/TR/xmldsig-core/ XML Signatures] are used to sign data. In our case, the data which is signed is an XQuery node. The following example shows the basic structure of an XML signature.
==crypto:generate-signature==
{| width='100%'
|-
==crypto:validate-signature==
{| width='100%'
|-
=Changelog=
;Version 9.3
* Updated: [[#crypto:hmac|crypto:hmac]], [[#crypto:encrypt|crypto:encrypt]], [[#crypto:decrypt|crypto:decrypt]]: Function types revised.
;Version 8.6
