xmlsec

Python bindings for the XML Security Library

exception xmlsec.Error

The common exception class.

exception xmlsec.InternalError

The internal exception class.

exception xmlsec.VerificationError

The verification exception class.

class xmlsec.EncryptionContext

XML Encryption implementation

decrypt()

Decrypts node (an EncryptedData element) and return the result. The decryption may result in binary data or an XML subtree. In the former case, the binary data is returned. In the latter case, the input tree is modified and a reference to the decrypted XML subtree is returned. If the operation modifies the tree, lxml references to or into this tree may see a surprising state. You should no longer rely on them. Especially, you should use getroottree() on the result to obtain the decrypted result tree.

Parameters:node – the pointer to <enc:EncryptedData/> node
Returns:depends on input parameters
encrypt_binary()

Encrypts binary data according to EncryptedData template template Note: template is modified in place.

Parameters:
  • template – the pointer to <enc:EncryptedData/> template node
  • data – the data
Returns:

the resulting <enc:EncryptedData/> subtree
encrypt_uri()

Encrypts binary data obtained from uri according to template.

Parameters:
  • template – the pointer to <enc:EncryptedData/> template node
  • uri – the URI
Returns:

the resulting <enc:EncryptedData/> subtree
encrypt_xml()

Encrpyts node using template. Note: The Type attribute of template decides whether node itself is encrypted (http://www.w3.org/2001/04/xmlenc#Element) or its content (http://www.w3.org/2001/04/xmlenc#Content). It must have one of these two values (or an exception is raised). The operation modifies the tree containing node in a way that lxml references to or into this tree may see a surprising state. You should no longer rely on them. Especially, you should use getroottree() on the result to obtain the encrypted result tree.

Parameters:
  • template – the pointer to <enc:EncryptedData/> template node
  • node – the pointer to node for encryption
Returns:

the pointer to newly created <enc:EncryptedData/> node
key

Encryption key.

class xmlsec.Key
from_binary_file()

Loads (symmetric) key of kind data from filename.

Parameters:
  • klass – the key value data klass
  • filename – the key binary filename
Returns:

pointer to newly created key
from_file()

Loads PKI key from a file.

Parameters:
  • file – the file object or file path
  • format – the key file format
  • password – the key file password
Returns:

pointer to newly created key
from_memory()

Loads PKI key from memory.

Parameters:
  • data – the binary key data
  • format – the key file format
  • password – the key file password
Returns:

pointer to newly created key
generate()

Generates key of kind data with size and type.

Parameters:
  • klass – the requested key klass (rsa, dsa, aes, …)
  • size – the new key size (in bits!)
  • type – the new key type (session, permanent, …)
Returns:

pointer to newly created key
load_cert_from_file()

Loads certificate from file.

Parameters:
  • file – the file object or file path
  • format – the certificate file format
load_cert_from_memory()

Loads certificate from memory.

Parameters:
  • data – the certificate binary data
  • format – the certificate file format
name

the name of key.

class xmlsec.KeysManager

Keys Manager

add_key()

Adds a copy of key to keys manager

Parameters:key – the pointer to key
load_cert()

Loads certificate from filename.

Parameters:
  • filename – the certificate file
  • format – the certificate file format
  • type – the flag that indicates is the certificate in filename trusted or not
load_cert_from_memory()

Loads certificate from data

Parameters:
  • data – the certificate binary data
  • format – the certificate file format
  • type – the flag that indicates is the certificate in filename trusted or not
class xmlsec.SignatureContext

XML Digital Signature implementation

enable_reference_transform()

Enables use of t as reference transform.

Note: by default, all transforms are enabled. The first call of enable_reference_transform will switch to explicitly enabled transforms.

Parameters:transform – the transform klass.
enable_signature_transform()

Enables use of t as signature transform.

Note: by default, all transforms are enabled. The first call of enable_signature_transform will switch to explicitly enabled transforms.

Parameters:transform – the transform klass.
register_id()

Registers new id.

Parameters:
  • node – the pointer to XML node
  • id_attr – the attribute
  • id_ns – the namespace
set_enabled_key_data()

Adds selected KeyData to the list of enabled key data list.

Parameters:keydata_list – the list.
sign()

Signs according to the signature template.

Parameters:node – the pointer to <dsig:Signature/> node with signature template
sign_binary()

Signs binary data data with algorithm.

Parameters:
  • bytes – the binary data
  • transform – the signature algorithm
Returns:

the signature
verify()

Verifies according to the signature template.

Parameters:node – he pointer with <dsig:Signature/> node
Returns:None if success otherwise raises VerificationError
verify_binary()

Verifies signature for binary data.

Parameters:
  • bytes – the binary data
  • transform – the signature algorithm
  • signature – the signature
Returns:

None if success otherwise raises VerificationError
key

Signature key.

xmlsec.enable_debug_trace()

Enables or disables calling LibXML2 callback from the default errors callback.

Parameters:enable_debug_trace – flag, debug trace is enabled or disabled
xmlsec.init()

Initializes the library for general operation.

This is called upon library import and does not need to be called again shutdown is called explicitly).

xmlsec.shutdown()

Shutdowns the library and cleanup any leftover resources.

This is called automatically upon interpreter termination and should not need to be called explicitly.

Table of contents