Changes

Jump to navigation Jump to search

Cryptographic Module (edit)

Revision as of 12:50, 8 July 2020

98 bytes removed ,  12:50, 8 July 2020
no edit summary
==crypto:hmac==
 
{{Mark|Updated with Version 9.3:}} argument types relaxed.
{| width='100%'
|Return message authentication code (MAC) for a given string:
'''Query:'''
<pre classsyntaxhighlight lang="brush:xquery">
crypto:hmac('message', 'secretkey', 'md5', 'hex')
</presyntaxhighlight>
'''Result:'''
<pre classsyntaxhighlight lang="brush:xml">
34D1E3818B347252A75A4F6D747B21C2
</presyntaxhighlight>
|}
==crypto:encrypt==
 
{{Mark|Updated with Version 9.3:}} argument types relaxed, return type changed to <code>xs:base64Binary</code> (before: <code>xs:string</code>).
{| width='100%'
| '''Example'''
|Encrypt input data:
<pre classsyntaxhighlight lang="brush:xquery">
crypto:encrypt('message', 'symmetric', 'keykeyke', 'DES')
</presyntaxhighlight>
|}
==crypto:decrypt==
 
{{Mark|Updated with Version 9.3:}} argument types relaxed.
{| width='100%'
|Decrypt input data and return original string:
'''Query:'''
<pre classsyntaxhighlight lang="brush:xquery">
let $encrypted := crypto:encrypt('message', 'symmetric', 'keykeyke', 'DES')
return crypto:decrypt($encrypted, 'symmetric', 'keykeyke', 'DES')
</presyntaxhighlight>
'''Result:'''
<pre classsyntaxhighlight lang="brush:xml">
message
</presyntaxhighlight>
|}
=XML Signatures=
[httphttps://www.w3.org/TR/xmldsig-core/ XML Signatures] are used to sign data. In our case, the data which is signed is an XQuery node. The following example shows the basic structure of an XML signature.
'''XML Signature'''
<pre classsyntaxhighlight lang="brush:xml">
<Signature>
<SignedInfo>
<Object/>
</Signature>
</presyntaxhighlight>
* '''SignedInfo''' contains or references the signed data and lists algorithm information
The {{Code|generate-signature}} function allows to pass a {{Code|digital certificate}}. This certificate holds parameters that allow to access key information stored in a Java key store which is then used to sign the input document. Passing a {{Code|digital certificate}} simply helps re-using the same key pair to sign and validate data. The {{Code|digital certificate}} is passed as a node and has the following form:
<pre classsyntaxhighlight lang="brush:xml">
<digital-certificate>
<keystore-type>JKS</keystore-type>
<keystore-uri>...</keystore-uri>
</digital-certificate>
</presyntaxhighlight>
==crypto:generate-signature==
|-
| '''Example'''
|'''Generates an Generate [httphttps://www.w3.org/TR/xmldsig-core/ XML Signature].''':
'''Query:'''
<pre classsyntaxhighlight lang="brush:xquery">
crypto:generate-signature(<a/>, '', '', '', '', '')
</presyntaxhighlight>
'''Result:'''
<pre classsyntaxhighlight lang="brush:xml">
<a>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
</Signature>
</a>
</presyntaxhighlight>
|}
|-
| '''Example'''
|'''Validates an Validate [httphttps://www.w3.org/TR/xmldsig-core/ XML Signature].''':
'''Query:'''
<pre classsyntaxhighlight lang="brush:xquery">
let $sig := crypto:generate-signature(<a/>, '', '', '', '', '')
return crypto:validate-signature($sig)
</presyntaxhighlight>
'''Result:'''
<pre classsyntaxhighlight lang="brush:xml">
true
</presyntaxhighlight>
|}
;Version 9.3
 
* Updated: [[#crypto:hmac|crypto:hmac]], [[#crypto:encrypt|crypto:encrypt]], [[#crypto:decrypt|crypto:decrypt]]: Function types revised.
;Version 8.6
 
* Updated: [[#crypto:hmac|crypto:hmac]]: The key can now be a string or a binary item.
The Module was introduced with Version 7.0.
CG
Bureaucrats, editor, reviewer, Administrators
13,550

edits

Retrieved from "http://docs.basex.org/wiki/Special:MobileDiff/14668...15164"

Navigation menu