Changes

{| width='100%'

| width='120' | '''Signatures'''

|{{Func|crypto:hmac|$data as xs:anyAtomicType, $key as xs:anyAtomicType, $algorithm as xs:string|xs:string}}<br/>{{Func|crypto:hmac|$data as xs:anyAtomicType, $key as xs:anyAtomicType, $algorithm as xs:string, $encoding as xs:string|xs:string}}

| '''Summary'''

|Creates an authentication code for the specified {{Code|$data}} via a cryptographic hash function:

* {{Code|$algorithm}} describes the hash algorithm which is used for encryption. Currently supported are {{Code|md5}}, {{Code|sha1}}, {{Code|sha256}}, {{Code|sha384}}, {{Code|sha512}}. Default is {{Code|md5}}.

* {{Code|$encoding}} must either be {{Code|hex}} or {{Code|base64}}; it specifies the encoding of the returned authentication code. Default is {{Code|base64}}.

| '''Errors'''

|{{Error|CX0013|#Errors}} the specified hashing algorithm is not supported.<br/>{{Error|CX0014|#Errors}} the specified encoding method is not supported.<br/>{{Error|CX0019|#Errors}} the specified secret key is invalid.<br/>

| '''Example'''

|Return message authentication code (MAC) for a given string:

{| width='100%'

| width='120' | '''Signatures'''

|{{Func|crypto:encrypt|$data as xs:anyAtomicType, $type as xs:string, $key as xs:anyAtomicType, $algorithm as xs:string|xs:base64Binary}}

| '''Summary'''

|Encrypts data with the specified key:

* {{Code|$key}} is the secret key which is used for both encryption and decryption of input data. It must be a string or binary item. Its length is fixed and depends on the chosen algorithm: 8 bytes for {{Code|DES}}, 16 bytes for {{Code|AES}}.

* {{Code|$algorithm}} must either be {{Code|DES}} or {{Code|AES}}. Default is {{Code|DES}}.

| '''Errors'''

|{{Error|CX0016|#Errors}} padding problems arise.<br/>{{Error|CX0017|#Errors}} padding is incorrect.<br/>{{Error|CX0018|#Errors}} the encryption type is not supported.<br/>{{Error|CX0019|#Errors}} the secret key is invalid.<br/>{{Error|CX0020|#Errors}} the block size is incorrect.<br/>{{Error|CX0021|#Errors}} the specified encryption algorithm is not supported.<br/>

| '''Example'''

|Encrypt input data:

{| width='100%'

| width='120' | '''Signatures'''

|{{Func|crypto:decrypt|$data as xs:anyAtomicType, $type as xs:string, $key as xs:anyAtomicType, $algorithm as xs:string|xs:string}}

| '''Summary'''

|Encrypts data with the specified key:

* {{Code|$key}} is the secret key which is used for both encryption and decryption of input data. It must be a string or binary item. Its length is fixed and depends on the chosen algorithm: 8 bytes for {{Code|DES}}, 16 bytes for {{Code|AES}}.

* {{Code|$algorithm}} must either be {{Code|DES}} or {{Code|AES}}. Default is {{Code|DES}}.

| '''Errors'''

|{{Error|CX0016|#Errors}} padding problems arise.<br/>{{Error|CX0017|#Errors}} padding is incorrect.<br/>{{Error|CX0018|#Errors}} the encryption type is not supported.<br/>{{Error|CX0019|#Errors}} the secret key is invalid.<br/>{{Error|CX0020|#Errors}} the block size is incorrect.<br/>{{Error|CX0021|#Errors}} the specified encryption algorithm is not supported.<br/>

| '''Example'''

|Decrypt input data and return original string:

{| width='100%'

| width='120' | '''Signatures'''

|{{Func|crypto:generate-signature|$input as node(), $canonicalization as xs:string, $digest as xs:string, $signature as xs:string, $prefix as xs:string, $type as xs:string|node()}}<br/>{{Func|crypto:generate-signature|$input as node(), $canonicalization as xs:string, $digest as xs:string, $signature as xs:string, $prefix as xs:string, $type as xs:string, $xpath as xs:string, $certificate as node()|node()}}<br/>{{Func|crypto:generate-signature|$input as node(), $canonicalization as xs:string, $digest as xs:string, $signature as xs:string, $prefix as xs:string, $type as xs:string, $ext as item()|node()}}

| '''Summary'''

|{{Code|$canonicalization}} must either be {{Code|inclusive-with-comments}}, {{Code|inclusive}}, {{Code|exclusive-with-comments}} or {{Code|exclusive}}. '''Default is {{Code|inclusive-with-comments}}'''.<br/>

{{Code|$certificate}} is the digitial certificate used to sign the input document.<br/>

{{Code|$ext}} may either be an {{Code|$xpath}} expression or a {{Code|$certificate}}.<br/>

| '''Errors'''

|{{Error|CX0001|#Errors}} the canonicalization algorithm is not supported.<br/>{{Error|CX0002|#Errors}} the digest algorithm is not supported.<br/>{{Error|CX0003|#Errors}} the signature algorithm is not supported.<br/>{{Error|CX0004|#Errors}} the {{Code|$xpath-expression}} is invalid.<br/>{{Error|CX0005|#Errors}} the root name of {{Code|$digital-certificate}} is not 'digital-certificate.<br/>{{Error|CX0007|#Errors}} the key store is null.<br/>{{Error|CX0012|#Errors}} the key cannot be found in the specified key store.<br/>{{Error|CX0023|#Errors}} the certificate alias is invalid.<br/>{{Error|CX0024|#Errors}} an invalid algorithm is specified.<br/>{{Error|CX0025|#Errors}} an exception occurs while the signing the document.<br/>{{Error|CX0026|#Errors}} an exception occurs during key store initialization.<br/>{{Error|CX0027|#Errors}} an IO exception occurs.<br/>{{Error|CX0028|#Errors}} the signature type is not supported.<br/>

| '''Example'''

|Generate [https://www.w3.org/TR/xmldsig-core/ XML Signature]:

{| width='100%'

| width='120' | '''Signatures'''

|{{Func|crypto:validate-signature|$input-doc as node()|xs:boolean}}

| '''Summary'''

|Checks if the given node contains a {{Code|Signature}} element and whether the signature is valid. In this case {{Code|true}} is returned. If the signature is invalid the function returns {{Code|false}}.

| '''Errors'''

|{{Error|CX0015|#Errors}} the signature element cannot be found.<br/>{{Error|CX9994|#Errors}} an unspecified problem occurs during validation.<br/>{{Error|CX9996|#Errors}} an IO exception occurs during validation.<br/>

| '''Example'''

|Validate [https://www.w3.org/TR/xmldsig-core/ XML Signature]:

! width="110"|Code

|Description

|{{Code|CX0001}}

|The canonicalization algorithm is not supported.

|{{Code|CX0002}}

|The digest algorithm is not supported.

|{{Code|CX0003}}

|The signature algorithm is not supported.

|{{Code|CX0004}}

|The XPath expression is invalid.

|{{Code|CX0005}}

|The root element of argument $digital-certificate must have the name 'digital-certificate'.

|{{Code|CX0006}}

|The child element of argument $digital-certificate having position $position must have the name $child-element-name.

|{{Code|CX0007}}

|The keystore is null.

|{{Code|CX0008}}

|I/O error while reading keystore.

|{{Code|CX0009}}

|Permission denied to read keystore.

|{{Code|CX0010}}

|The keystore URL is invalid.

|{{Code|CX0011}}

|The keystore type is not supported.

|{{Code|CX0012}}

|Cannot find key for alias in given keystore.

|{{Code|CX0013}}

|The hashing algorithm is not supported.

|{{Code|CX0014}}

|The encoding method is not supported.

|{{Code|CX0015}}

|Cannot find Signature element.

|{{Code|CX0016}}

|No such padding.

|{{Code|CX0017}}

|Incorrect padding.

|{{Code|CX0018}}

|The encryption type is not supported.

|{{Code|CX0019}}

|The secret key is invalid.

|{{Code|CX0020}}

|Illegal block size.

|{{Code|CX0021}}

|The algorithm is not supported.

|{{Code|CX0023}}

|An invalid certificate alias is specified. Added to the official specification.

|{{Code|CX0024}}

|The algorithm is invalid. Added to the official specification.

|{{Code|CX0025}}

|Signature cannot be processed. Added to the official specification.

|{{Code|CX0026}}

|Keystore cannot be processed. Added to the official specification.

|{{Code|CX0027}}

|An I/O Exception occurred. Added to the official specification.

|{{Code|CX0028}}

|The specified signature type is not supported. Added to the official specification.