You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by co...@apache.org on 2013/02/11 17:21:47 UTC
svn commit: r850244 [3/7] - in /websites/production/santuario/content: ./
cache/ cinstallation.data/
Added: websites/production/santuario/content/cprogramming.html
==============================================================================
--- websites/production/santuario/content/cprogramming.html (added)
+++ websites/production/santuario/content/cprogramming.html Mon Feb 11 16:21:46 2013
@@ -0,0 +1,750 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<!--
+
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<html>
+ <head>
+ <link type="text/css" rel="stylesheet" href="http://cxf.apache.org/resources/site.css">
+ <script src="http://cxf.apache.org/resources/space.js" type="text/javascript"></script>
+
+<meta http-equiv="Content-type" content="text/html;charset=UTF-8">
+<meta name="keywords" content="XML Security, XML, software, Santuario, open source">
+<meta name="description" content="Apache Santuario - c_programming">
+ <title>
+Apache Santuario -- c_programming
+ </title>
+ </head>
+<body onload="init()">
+
+
+<table width="100%" cellpadding="0" cellspacing="0">
+ <tr>
+ <td id="cell-0-0" colspan="2"> </td>
+ <td id="cell-0-1"> </td>
+ <td id="cell-0-2" colspan="2"> </td>
+ </tr>
+ <tr>
+ <td id="cell-1-0"> </td>
+ <td id="cell-1-1"> </td>
+ <td id="cell-1-2">
+ <div style="padding: 5px;">
+ <div id="banner">
+ <!-- Banner -->
+<div id="banner-content">
+<table border="0" cellpadding="0" cellspacing="0" width="100%"><tr><td align="left" colspan="1" nowrap>
+<a shape="rect" href="http://santuario.apache.org/" title="Apache Santuario"><span style="font-weight: bold; font-size: 170%; color: white">Apache Santuario</span></a>
+</td><td align="right" colspan="1" nowrap>
+<a shape="rect" href="http://www.apache.org/" title="The Apache Software Foundation"><img border="0" src="http://activemq.apache.org/images/asf-logo.png"></a>
+</td></tr></table>
+</div>
+ <!-- Banner -->
+ </div>
+ </div>
+ <div id="top-menu">
+ <table border="0" cellpadding="1" cellspacing="0" width="100%">
+ <tr>
+ <td>
+ <div align="left">
+ <!-- Breadcrumbs -->
+<a href="index.html">Apache Santuario</a> > <a href="index.html">Index</a> > <a href="cindex.html">c_index</a> > <a href="cprogramming.html">c_programming</a>
+ <!-- Breadcrumbs -->
+ </div>
+ </td>
+ <td>
+ <div align="right">
+ <!-- Quicklinks -->
+<div id="quicklinks"></div>
+ <!-- Quicklinks -->
+ </div>
+ </td>
+ </tr>
+ </table>
+ </div>
+ </td>
+ <td id="cell-1-3"> </td>
+ <td id="cell-1-4"> </td>
+ </tr>
+ <tr>
+ <td id="cell-2-0" colspan="2"> </td>
+ <td id="cell-2-1">
+ <table>
+ <tr valign="top">
+ <td height="100%">
+ <div id="wrapper-menu-page-right">
+ <div id="wrapper-menu-page-top">
+ <div id="wrapper-menu-page-bottom">
+ <div id="menu-page">
+ <!-- NavigationBar -->
+<div id="navigation"><h3><a shape="rect" name="Navigation-ApacheSantuario"></a>Apache Santuario</h3>
+<ul><li><a shape="rect" href="index.html" title="Index">Home</a></li><li><a shape="rect" href="download.html" title="download">Download</a></li><li><a shape="rect" href="secadv.html" title="secadv">Security Advisories</a></li><li><a shape="rect" href="faq.html" title="faq">FAQ</a></li><li><a shape="rect" href="team.html" title="team">Team</a></li><li><a shape="rect" href="contributing.html" title="contributing">Contributing</a></li><li><a shape="rect" href="mailing.html" title="mailing">Mailing Lists</a></li><li><a shape="rect" class="external-link" href="http://svn.apache.org/viewvc/santuario/">SVN</a></li><li><a shape="rect" class="external-link" href="http://issues.apache.org/jira/browse/SANTUARIO">Issue Tracking</a></li><li><a shape="rect" class="external-link" href="http://www.apache.org/licenses/">License</a></li><li><a shape="rect" href="history.html" title="history">History</a></li><li><a shape="rect" href="oldnews.html" title="old_news">Old News</a></li></ul>
+
+
+<h3><a shape="rect" name="Navigation-Java"></a>Java</h3>
+<ul><li><a shape="rect" href="javaindex.html" title="java_index">Index</a></li><li><a shape="rect" href="download.html" title="download">Download</a></li><li><a shape="rect" href="javareleasenotes.html" title="java_release_notes">Release Notes</a></li><li><a shape="rect" href="javafaq.html" title="java_faq">FAQ</a></li><li><a shape="rect" href="javaapi.html" title="java_api">API</a></li><li><a shape="rect" href="javainterop.html" title="java_interop">Interoperability</a></li></ul>
+
+
+<h3><a shape="rect" name="Navigation-C"></a>C++</h3>
+<ul><li><a shape="rect" href="cindex.html" title="c_index">Index</a></li><li><a shape="rect" href="download.html" title="download">Download</a></li><li><a shape="rect" href="creleasenotes.html" title="c_release_notes">Release Notes</a></li><li><a shape="rect" href="cinstallation.html" title="c_installation">Installation</a></li><li><a shape="rect" href="cfaq.html" title="c_faq">FAQ</a></li><li><a shape="rect" href="ctools.html" title="c_tools">Tools</a></li><li><a shape="rect" href="cprogramming.html" title="c_programming">Programming</a></li><li><a shape="rect" href="ccredits.html" title="c_credits">Credits</a></li></ul>
+
+
+<h3><a shape="rect" name="Navigation-ASF"></a>ASF</h3>
+<ul><li><a shape="rect" class="external-link" href="http://www.apache.org/foundation/how-it-works.html">How Apache Works</a></li><li><a shape="rect" class="external-link" href="http://www.apache.org/foundation/">Foundation</a></li><li><a shape="rect" class="external-link" href="http://www.apache.org/foundation/sponsorship.html">Sponsor Apache</a></li><li><a shape="rect" class="external-link" href="http://www.apache.org/foundation/thanks.html">Thanks</a></li></ul>
+</div>
+ <!-- NavigationBar -->
+ </div>
+ </div>
+ </div>
+ </div>
+ </td>
+ <td height="100%">
+ <!-- Content -->
+ <div class="wiki-content">
+<div class="wiki-content maincontent"><h1><a shape="rect" name="c_programming-XMLSignatureProgramming"></a>XML Signature Programming</h1>
+
+<h3><a shape="rect" name="c_programming-Overview"></a>Overview</h3>
+
+<p>There are two main signature modes of operation for the libraries. Signing and verifying. Verifying is the simplest operation, as it (generally) operates on a DOM <Signature> structure that has already been created.</p>
+
+<p>Signing on the other hand can be more difficult, as there may be a requirement to create the DOM structure necessary for the signature prior to the actual signing operation.</p>
+
+<p>The rest of this section provides a very high level overview on how to use the library for signing and verification of signatures.</p>
+
+<p>Two samples are provided :</p>
+
+<ul><li>Simple HMAC Signing</li><li>Simple DSA Validation</li></ul>
+
+
+<p>The code snippets are taken directly from some of the sample code provided in the src/samples directory in the distribution. More information on the API can be found in the API Documentation.</p>
+
+<h3><a shape="rect" name="c_programming-AsimpleHMACSigningexample"></a>A simple HMAC Signing example</h3>
+
+<p>The first example is based on the simpleHMAC.cpp code in samples. It creates an XML letter, the appends a dummy signature to the end, using an enveloped-signature transform.</p>
+
+<h5><a shape="rect" name="c_programming-Setup"></a>Setup</h5>
+
+<p>The following code snippet initialises Xerces, Xalan and XSEC. Note that the enveloped transform is implemented using an XPath expression, so it is imperitive the Xalan libraries are initialised.</p>
+
+<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
+<pre class="code-java">
+<span class="code-object">int</span> main (<span class="code-object">int</span> argc, <span class="code-object">char</span> **argv) {
+
+ <span class="code-keyword">try</span> {
+ XMLPlatformUtils::Initialize();
+#ifndef XSEC_NO_XALAN
+ XalanTransformer::initialize();
+#endif
+ XSECPlatformUtils::Initialise();
+ }
+ <span class="code-keyword">catch</span> (<span class="code-keyword">const</span> XMLException &e) {
+
+ cerr << <span class="code-quote">"Error during initialisation of Xerces"</span> << endl;
+ cerr << <span class="code-quote">"Error Message = : "</span>
+ << e.getMessage() << endl;
+
+ }
+
+ <span class="code-comment">// Create a blank Document
+</span>
+ DOMImplementation *impl =
+ DOMImplementationRegistry::getDOMImplementation(MAKE_UNICODE_STRING(<span class="code-quote">"Core"</span>));
+
+ <span class="code-comment">// Create a letter
+</span> DOMDocument *doc = createLetter(impl);
+ DOMElement *rootElem = doc->getDocumentElement();
+</pre>
+</div></div>
+
+<p>In the sample application, the call to createLetter(impl) simply creates a letter DOM structure with a to and from address and some text. This is done using standard DOM calls via Xerces.</p>
+
+<p>Once the system is initialised and the DOM document is created, a DSIGSignature object is created via the XSECProvider interface class. The signature object is then used to create a blank signature DOM node structure which is then inserted at the end of the document.</p>
+
+<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
+<pre class="code-java">
+ XSECProvider prov;
+ DSIGSignature *sig;
+ DOMElement *sigNode;
+
+ <span class="code-keyword">try</span> {
+
+ <span class="code-comment">// Create a signature object
+</span>
+ sig = prov.newSignature();
+ sig->setDSIGNSPrefix(<span class="code-quote">"ds"</span>);
+
+ <span class="code-comment">// Use it to create a blank signature DOM structure from the doc
+</span>
+ sigNode = sig->createBlankSignature(doc,
+ CANON_C14N_COM,
+ SIGNATURE_HMAC,
+ HASH_SHA1);
+</pre>
+</div></div>
+
+<p>The call to newSignature creates a signature object only. No DOM nodes are created at this point. The call to setDSIGNSPrefix tells the XSEC library what namespace prefix to use for the signature object when it starts to create DOM nodes (in this case "ds" will be used). By default, the library will use "dsig" as the prefix for the name space for Digital Signatures.</p>
+
+<p>Finally, the call to sig->createBlankSignature sets up both the DOM structure and the XSEC objects for a new signature with no <Reference> elements. In this case, the signature will be made using Commented C14n canonicalisation, and a HMAC-SHA1 signature.</p>
+
+<p><b>Warning:</b> The XSECProvider class still "owns" the DSIGSignature object. To delete the object, the original provider.release(sig) call should be used. Never delete a DSIGSignature object directly.</p>
+
+<h5><a shape="rect" name="c_programming-CreateaReferenceandSign"></a>Create a Reference and Sign</h5>
+
+<p>Now that the signature object is created, the signature is inserted into the document, and a reference is created and set for an enveloping transform.</p>
+<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
+<pre class="code-java">
+ <span class="code-comment">// Insert the signature DOM nodes into the doc
+</span>
+ rootElem->appendChild(doc->createTextNode(MAKE_UNICODE_STRING(<span class="code-quote">"\n"</span>)));
+ rootElem->appendChild(sigNode);
+ rootElem->appendChild(doc->createTextNode(MAKE_UNICODE_STRING(<span class="code-quote">"\n"</span>)));
+
+ <span class="code-comment">// Create an envelope reference <span class="code-keyword">for</span> the text to be signed
+</span> DSIGReference * ref = sig->createReference("");
+ ref->appendEnvelopedSignatureTransform();
+</pre>
+</div></div>
+
+<p>The "" parameter to createReference sets the URI attribute for the reference to be "" - indicating the root element of the document in which the signature resides. The call to appendEnvelopedSignatureTransform adds a standard eneveloped-signature transform to the Reference node.</p>
+
+<p>The macro MAKE_UNICODE_STRING is defined within the library header files and is used to transcode local code page strings. There is no need to insert the reference object into the DOM structure. This is done automatically by the createReference call.</p>
+
+<p>Finally we create a signing key and sign the document.</p>
+<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
+<pre class="code-java">
+ <span class="code-comment">// Set the HMAC Key to be the string <span class="code-quote">"secret"</span>
+</span>
+ OpenSSLCryptoKeyHMAC * hmacKey = <span class="code-keyword">new</span> OpenSSLCryptoKeyHMAC();
+ hmacKey->setKey((unsigned <span class="code-object">char</span> *) <span class="code-quote">"secret"</span>, strlen(<span class="code-quote">"secret"</span>));
+ sig->setSigningKey(hmacKey);
+
+ <span class="code-comment">// Add a KeyInfo element
+</span> sig->appendKeyName(<span class="code-quote">"The secret key is \"</span>secret\"");
+
+ <span class="code-comment">// Sign
+</span>
+ sig->sign();
+ }
+
+ <span class="code-keyword">catch</span> (XSECException &e)
+ {
+ cerr << <span class="code-quote">"An error occured during a signature load\n Message: "</span>
+ << e.getMsg() << endl;
+ exit(1);
+
+ }
+</pre>
+</div></div>
+
+<p>The first two code lines create an OpenSSLCryptoKeyHMAC object, and set the key value to the string "secret". The OpenSSL... classes are the interface layer between XSEC and OpenSSL. More information can be found in the API documentation, but the main point of note is that the XSEC library never deals directly with OpenSSL - it works via the XSECCrypto abstract classes which are implemented in the OpenSSLCrypto code. This would allow another person to re-implement the XSECCrypto code to use any cryptographic provider required.</p>
+
+<p>Once the key is passed to the signature it is owned by the signature. The signature object will delete the key when it is itself deleted, or a new key is passed in.</p>
+
+<p>The call to sig->appendKeyName() is used to append a <KeyName> element into the <KeyInfo> block. The KeyInfo block was created as part of this call.</p>
+
+<p>After the call to sig->sign() the DOM structure has the correct hash and signature values. The owner program can write, store or further manipulate the document as required. If a document manipulation might affect the signature (in this case almost anything would, as we are using an enveloping transform which effectively signs everything that is not part of the signature), then a further call to sig->sign() will re-sign the changes.</p>
+
+<p>The last part of the code does some work to output the new DOM structure. The output should look something like the following:</p>
+<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
+<pre class="code-xml">
+<span class="code-tag"><Letter></span>
+<span class="code-tag"><ToAddress></span>The address of the Recipient<span class="code-tag"></ToAddress></span>
+<span class="code-tag"><FromAddress></span>The address of the Sender<span class="code-tag"></FromAddress></span>
+<span class="code-tag"><Text></span>
+To whom it may concern
+
+...
+<span class="code-tag"></Text></span>
+<span class="code-tag"><ds:Signature <span class="code-keyword">xmlns:ds</span>=<span class="code-quote">"http://www.w3.org/2000/09/xmldsig#"</span>></span>
+<span class="code-tag"><ds:SignedInfo></span>
+<ds:CanonicalizationMethod Algorithm=
+<span class="code-quote">"http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"</span>/>
+<span class="code-tag"><ds:SignatureMethod Algorithm=<span class="code-quote">"http://www.w3.org/2000/09/xmldsig#hmac-sha1"</span>/></span>
+<span class="code-tag"><ds:Reference URI=""></span>
+<span class="code-tag"><ds:Transforms></span>
+<ds:Transform Algorithm=
+<span class="code-quote">"http://www.w3.org/2000/09/xmldsig#enveloped-signature"</span>/>
+<span class="code-tag"></ds:Transforms></span>
+<span class="code-tag"><ds:DigestMethod Algorithm=<span class="code-quote">"http://www.w3.org/2000/09/xmldsig#sha1"</span>/></span>
+<span class="code-tag"><ds:DigestValue></span>askxS/A3BaLCjFjZ/ttU9c12kA4=<span class="code-tag"></ds:DigestValue></span>
+<span class="code-tag"></ds:Reference></span>
+<span class="code-tag"></ds:SignedInfo></span>
+<span class="code-tag"><ds:SignatureValue></span>oYEdQYG1IHzbkR1UcJ9Q5VriRPs=
+<span class="code-tag"></ds:SignatureValue></span>
+<span class="code-tag"><ds:KeyInfo></span>
+<span class="code-tag"><ds:KeyName></span>The secret key is <span class="code-quote">"secret"</span><span class="code-tag"></ds:KeyName></span>
+<span class="code-tag"></ds:KeyInfo></span>
+<span class="code-tag"></ds:Signature></span>
+<span class="code-tag"></Letter></span>
+</pre>
+</div></div>
+
+<p>Note that the DigestValue and SignatureValue elements have been filled in.</p>
+
+<h3><a shape="rect" name="c_programming-Asimplevalidationexample"></a>A simple validation example</h3>
+
+<p>The second example takes a pre-signed document and an associated certificate and verifies the embedded signature. The document in question is a simple purchase order, and changes are made to the value of the order to demonstrate a signature failing verification.</p>
+
+<h5><a shape="rect" name="c_programming-Setup"></a>Setup</h5>
+
+<p>As in the first example, Initialisation of the libraries is performed, and Xerces is used to read in the document (which in this case is stored in a string in the source code).</p>
+
+<p>In order to be able to modify the contents of the document later on, we also quickly find the string containing the value of the purchase order.</p>
+
+<p>For the sake of brevity, the code relating to parsing the in-memory document has been removed from the snippet below.</p>
+<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
+<pre class="code-java">
+<span class="code-object">int</span> main (<span class="code-object">int</span> argc, <span class="code-object">char</span> **argv) {
+
+ <span class="code-keyword">try</span> {
+ XMLPlatformUtils::Initialize();
+#ifndef XSEC_NO_XALAN
+ XalanTransformer::initialize();
+#endif
+ XSECPlatformUtils::Initialise();
+ }
+ <span class="code-keyword">catch</span> (<span class="code-keyword">const</span> XMLException &e) {
+
+ cerr << <span class="code-quote">"Error during initialisation of Xerces"</span> << endl;
+ cerr << <span class="code-quote">"Error Message = : "</span>
+ << DOMString(e.getMessage()) << endl;
+
+ }
+
+ ...
+
+ Xerces is used to parse the document here
+
+
+
+ DOM_Document doc = parser->getDocument();
+
+ <span class="code-comment">// Find the Amount node
+</span> DOMNode *amt = doc->getDocumentElement();
+
+ <span class="code-keyword">if</span> (amt != NULL)
+ amt = amt->getFirstChild();
+
+ <span class="code-keyword">while</span> (amt != NULL &&
+ (amt->getNodeType() != DOMNode::ELEMENT_NODE ||
+ !strEquals(amt->getNodeName(), <span class="code-quote">"Amount"</span>)))
+ amt = amt->getNextSibling();
+
+ <span class="code-keyword">if</span> (amt != NULL)
+ amt = amt->getFirstChild();
+
+ <span class="code-keyword">if</span> (amt == NULL || amt->getNodeType() != DOMNode::TEXT_NODE) {
+ cerr << <span class="code-quote">"Error finding amount in purchase order"</span> << endl;
+ exit (1);
+ }
+</pre>
+</div></div>
+
+<h5><a shape="rect" name="c_programming-CreatetheSignatureandKeyobjects"></a>Create the Signature and Key objects</h5>
+
+<p>Now that the document is in memory, an XSECProvider is created and used to create a new DSIGSignature object. In addition, the OpenSSL interface routines are used to read in a certificate and obtain the associated public key.</p>
+<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
+<pre class="code-java">
+ XSECProvider prov;
+
+ DSIGSignature * sig = prov.newSignatureFromDOM(doc);
+
+
+ <span class="code-keyword">try</span> {
+ <span class="code-comment">// Use the OpenSSL <span class="code-keyword">interface</span> objects to get a signing key
+</span>
+ OpenSSLCryptoX509 * x509 = <span class="code-keyword">new</span> OpenSSLCryptoX509();
+ x509->loadX509Base64Bin(cert, strlen(cert));
+
+ sig->load();
+</pre>
+</div></div>
+
+<p>In this case, the signature is create with the newSignatureFromDOM method. This tells the library that the signature structure (although not necessarily a signed structure) already exists in the DOM nodes. The library attempts to find the <Signature> node so that the load will work. (The library will throw an XSECException if it cannot find the Element.)</p>
+
+<p>The later call to sig->load() tells the library to read the DOM structure and create the appropriate DSIG elements.</p>
+
+<p>In this case an OpenSSLCryptoX509 object is also created. It is used to read in the cert string and convert to an X509 structure. This could also be done using standard calls directly to OpenSSL, but this is a quick shortcut.</p>
+
+<h5><a shape="rect" name="c_programming-Findakey"></a>Find a key</h5>
+
+<p>As we already know the key, the following code snippet loads the key directly from the related X509. However prior to doing this, the code demonstrates using the DSIGKeyInfo structures to find the key name that was embedded in the certificate. In an application, this could be used to reference the correct key to be passed in. (Maybe via an XKMS call.)</p>
+
+<p>the safeBuffer type is used extensively within the XSEC library to safely handle variable length strings and raw buffers. The call to rawCharBuffer() simply returns a (char *) type pointer to the buffer within the safeBuffer</p>
+
+<p>The call to clonePublicKey() returns a copy of the public key embedded in the certificate. It is owned by the caller, so in this case it can safely be passed to the DSIGSignature object where it will be destroyed when another key is loaded or the object is released by the XSECProvider.</p>
+
+<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
+<pre class="code-java">
+ DSIGKeyInfoList * kinfList = sig->getKeyInfoList();
+
+ <span class="code-comment">// See <span class="code-keyword">if</span> we can find a Key Name
+</span> safeBuffer kname;
+ DSIGKeyInfo * kinf = kinfList->getFirstKeyInfo();
+ <span class="code-keyword">while</span> (kinf != NULL) {
+ kname = kinf->getKeyName();
+ <span class="code-keyword">if</span> (kname.sbStrcmp("")) {
+ cout << <span class="code-quote">"Key Name = "</span>
+ << kname.rawCharBuffer() << endl;
+ }
+ kinf = kinfList->getNextKeyInfo();
+ }
+
+ sig->setSigningKey(x509->clonePublicKey());
+</pre>
+</div></div>
+
+<h5><a shape="rect" name="c_programming-Validatethesignature"></a>Validate the signature</h5>
+
+<p>Finally the signature is validated. In this case, we validate it three times. First with the original DOM structure, then with the price changed and finally with the price set back to the original value.</p>
+<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
+<pre class="code-java">
+ cout << <span class="code-quote">"Amount = "</span> << amt << <span class="code-quote">" -> "</span>;
+
+ <span class="code-keyword">if</span> (sig->verify()) {
+ cout << <span class="code-quote">"Signature Valid\n"</span>;
+ }
+ <span class="code-keyword">else</span> {
+ cout << <span class="code-quote">"Incorrect Signature\n"</span>;
+ }
+
+ amt.setNodeValue(<span class="code-quote">"$0.50"</span>);
+
+ cout << <span class="code-quote">"Amount = "</span> << amt << <span class="code-quote">" -> "</span>;
+
+ <span class="code-keyword">if</span> (sig->verify()) {
+ cout << <span class="code-quote">"Signature Valid\n"</span>;
+ }
+ <span class="code-keyword">else</span> {
+ cout << <span class="code-quote">"Incorrect Signature\n"</span>;
+ }
+
+ amt.setNodeValue(<span class="code-quote">"$16.50"</span>);
+
+ cout << <span class="code-quote">"Amount = "</span> << amt << <span class="code-quote">" -> "</span>;
+
+ <span class="code-keyword">if</span> (sig->verify()) {
+ cout << <span class="code-quote">"Signature Valid\n"</span>;
+ }
+ <span class="code-keyword">else</span> {
+ cout << <span class="code-quote">"Incorrect Signature\n"</span>;
+ }
+</pre>
+</div></div>
+<p>When run, the program outputs the following:</p>
+<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
+<pre class="code-xml">
+Key Name = C=AU, ST=Vic, O=XML-Security-C Project,
+CN=Samples Demo Certificate
+Amount = $16.50 -> Signature Valid
+Amount = $0.50 -> Incorrect Signature
+Amount = $16.50 -> Signature Valid
+</pre>
+</div></div>
+
+<h1><a shape="rect" name="c_programming-XMLEncryptionProgramming"></a>XML Encryption Programming</h1>
+
+<h3><a shape="rect" name="c_programming-Overview"></a>Overview</h3>
+
+<p>As with signatures, there are two main modes of operation for the library when performing encryption functions - Encryption and Decryption. Decryption is generally fairly simple, as the library will handle most of the work around de-referencing key material and re-creating a DOM document (or returning a byte stream).</p>
+
+<p>Encryption is fairly simple if you are trying to encrypt a DOM structure. The library will encrypt the nodes and then replace them with the encrypted version. However if you want to embed an arbitrary encrypted object in the document, you will need to encrypt it first and then pass the encrypted text into the library.</p>
+
+<p>The rest of this page looks at some simple examples around encrypting and decrypting nodes within an XML document</p>
+
+<h3><a shape="rect" name="c_programming-Asimpleencryptionexample"></a>A simple encryption example</h3>
+
+<p>The next example encrypts an element (and all its children) from a pre-generated document. It uses a randomly generated key to handle the bulk encryption, and then encrypts this using an RSA public key. The resultant encrypted key is embedded in an <EncryptedKey> element.</p>
+
+<p>This example can be found in the src/samples directory as simpleEncrypt.cpp.</p>
+
+<h5><a shape="rect" name="c_programming-Setup"></a>Setup</h5>
+
+<p>The first step is initialisation of Xerces, Xalan (if used) and XML-Security. Once this is done, we create a document. For brevity, the details of the call to createLetter are not included on this page. The function is very simple - it creates an XML DOM document that represents a letter, and sets a global variable (g_toEncrypt) that will be used later on to determine what node to encrypt.</p>
+<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
+<pre class="code-java">
+<span class="code-object">int</span> main (<span class="code-object">int</span> argc, <span class="code-object">char</span> **argv) {
+
+ <span class="code-keyword">try</span> {
+ XMLPlatformUtils::Initialize();
+#ifndef XSEC_NO_XALAN
+ XalanTransformer::initialize();
+#endif
+ XSECPlatformUtils::Initialise();
+ }
+ <span class="code-keyword">catch</span> (<span class="code-keyword">const</span> XMLException &e) {
+
+ cerr << <span class="code-quote">"Error during initialisation of Xerces"</span> << endl;
+ cerr << <span class="code-quote">"Error Message = : "</span>
+ << e.getMessage() << endl;
+
+ }
+
+ <span class="code-comment">// Create a blank Document
+</span>
+ DOMImplementation *impl =
+ DOMImplementationRegistry::getDOMImplementation(MAKE_UNICODE_STRING(<span class="code-quote">"Core"</span>));
+
+ <span class="code-comment">// Create a letter
+</span> DOMDocument *doc = createLetter(impl);
+</pre>
+</div></div>
+
+<h5><a shape="rect" name="c_programming-SetupforEncryption"></a>Setup for Encryption</h5>
+
+<p>Once the library is initialised, we create a XENCCipher object in a manner similar to the creation of a DSIGSignature object. The XENCCipher object is used to actually perform encryption/decryption functions and to manipulate the various encryption objects provided by the library.</p>
+
+<p>As well as creating the XENCCipher object, the sample uses the RAND_bytes function within the <b>OpenSSL</b> library to create a random key that will be used during the encryption process.</p>
+<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
+<pre class="code-java">
+ <span class="code-keyword">try</span> {
+
+ /* Create the cipher object that we need */
+
+ XSECProvider prov;
+ XENCCipher *cipher;
+
+ cipher = prov.newCipher(doc);
+
+ /* Now generate a random key that we can use to encrypt the element
+ *
+ * First check the status of the random generation in OpenSSL
+ */
+
+ <span class="code-keyword">if</span> (RAND_status() != 1) {
+
+ cerr << <span class="code-quote">"OpenSSL random generation not properly initialised"</span> << endl;
+ exit(1);
+
+ }
+
+ unsigned <span class="code-object">char</span> keyBuf[24];
+ <span class="code-keyword">if</span> (RAND_bytes(keyBuf, 24) == 0) {
+
+ cerr << <span class="code-quote">"Error obtaining 24 bytes of random from OpenSSL"</span> << endl;
+ exit(1);
+
+ }
+</pre>
+</div></div>
+
+<h5><a shape="rect" name="c_programming-EncryptionofElement"></a>Encryption of Element</h5>
+
+<p>The actual code to perform encryption is very small. Most of the complexity for standard encryption is hidden within the library.</p>
+
+<p>The first two lines of code wrap the generated key bytes in an OpenSSL 3DES key. This is then passed into the cipher object with a call to setKey(key).</p>
+
+<p>The last line in the following block performs the actual encryption. the first parameter to cipher->encryptElement is the node that will be encrypted. The second is the algorithm to be used. This is used to calcualte the Algorithm URI to be set in the <EncryptedData> element.</p>
+
+<p>This call to EncryptElement will encrypt the provided element using the key set previously. The passed in element will be replaced with an <EncryptedData> element containing the encrypted version of the element and all its children.</p>
+
+<p>If no further information is required to be embedded in the <EncryptedData> structure (such as <KeyInfo> nodes), the usage of the library could be terminated here.</p>
+<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
+<pre class="code-java">
+ /* Wrap <span class="code-keyword">this</span> in a Symmetric 3DES key */
+
+ OpenSSLCryptoSymmetricKey * key =
+ <span class="code-keyword">new</span> OpenSSLCryptoSymmetricKey(XSECCryptoSymmetricKey::KEY_3DES_192);
+ key->setKey(keyBuf, 24);
+ cipher->setKey(key);
+
+ /* Encrypt the element that needs to be hidden */
+ cipher->encryptElement(g_toEncrypt, ENCRYPT_3DES_CBC);
+</pre>
+</div></div>
+
+<h5><a shape="rect" name="c_programming-Createan%3CEncryptedKey%3E"></a>Create an <EncryptedKey></h5>
+
+<p>The following snippet of code uses the previously created XENCCipher object to encrypt the pseudo random key using an RSA key loaded from a X.509 certificate.</p>
+
+<p>The first two lines load the certificate into an OpenSSLCryptoX509 structure, which is then used to extract the public key from the certificate and pass into the cipher.</p>
+
+<p>A call to setKEK is used rather than setKey. This call is used to tell the cipher object that the key being used is a Key Encryption Key, and should be used for encrypting/decrypting <EncryptedKey> elements.</p>
+
+<p>The final line actually performs the encryption and created the <EncryptedKey> structure. The first two parameters define the buffer and its length to be encrypted. The last defines the encryption algorithm to be used.</p>
+
+<p>The encryptedKey method returns an XENCEncryptedKey object. This contains the DOM structure for the object, but it is not yet rooted in a particular document. (Although it is created using the DOMDocument that was passed in during the call to newCipher.)</p>
+<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
+<pre class="code-java">
+ /* Now lets create an EncryptedKey element to hold the generated key */
+
+ /* First lets load the <span class="code-keyword">public</span> key in the certificate */
+ OpenSSLCryptoX509 * x509 = <span class="code-keyword">new</span> OpenSSLCryptoX509();
+ x509->loadX509Base64Bin(cert, strlen(cert));
+
+ /* Now set the Key Encrypting Key (NOTE: Not the normal key) */
+ cipher->setKEK(x509->clonePublicKey());
+
+
+ /* Now <span class="code-keyword">do</span> the encrypt, using RSA with PKCS 1.5 padding */
+
+ XENCEncryptedKey * encryptedKey =
+ cipher->encryptKey(keyBuf, 24, ENCRYPT_RSA_15);
+</pre>
+</div></div>
+
+<h5><a shape="rect" name="c_programming-Append%3CEncryptedKey%3Eto%3CEncryptedData%3E"></a>Append <EncryptedKey> to <EncryptedData></h5>
+
+<p>The final part (other than outputting the result) is to retrieve the <EncryptedData> element that was previously created and append the newly created <EncryptedKey> as a <KeyInfo> element.</p>
+<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
+<pre class="code-java">
+ /*
+ * Add the encrypted Key to the previously created EncryptedData, which
+ * we first retrieve from the cipher object. This will automatically create
+ * the appropriate <KeyInfo> element within the EncryptedData
+ */
+
+ XENCEncryptedData * encryptedData = cipher->getEncryptedData();
+ encryptedData->appendEncryptedKey(encryptedKey);
+</pre>
+</div></div>
+<p>The above code results in a document that contains the newly created <EncryptedData> as follows:</p>
+<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
+<pre class="code-xml">
+<span class="code-tag"><Letter></span>
+<span class="code-tag"><ToAddress></span>The address of the Recipient<span class="code-tag"></ToAddress></span>
+<span class="code-tag"><FromAddress></span>The address of the Sender<span class="code-tag"></FromAddress></span>
+<xenc:EncryptedData Type=<span class="code-quote">"http://www.w3.org/2001/04/xmlenc#Element"</span>
+<span class="code-keyword">xmlns:xenc</span>=<span class="code-quote">"http://www.w3.org/2001/04/xmlenc#"</span>>
+<span class="code-tag"><xenc:EncryptionMethod Algorithm=<span class="code-quote">"http://www.w3.org/2001/04/xmlenc#tripledes-cbc"</span>/></span>
+<span class="code-tag"><ds:KeyInfo <span class="code-keyword">xmlns:ds</span>=<span class="code-quote">"http://www.w3.org/2000/09/xmldsig#"</span>></span>
+<span class="code-tag"><xenc:EncryptedKey <span class="code-keyword">xmlns:xenc</span>=<span class="code-quote">"http://www.w3.org/2001/04/xmlenc#"</span>></span>
+<span class="code-tag"><xenc:EncryptionMethod Algorithm=<span class="code-quote">"http://www.w3.org/2001/04/xmlenc#rsa-1_5"</span>/></span>
+<span class="code-tag"><xenc:CipherData></span>
+<span class="code-tag"><xenc:CipherValue></span>Wh8pAkDsQceHiktGxnlhXGfEMPDOLB6FwWp8PLedFEB3L3F6xHUoCOerIvA7Pgvv
+VYzVqLv4a5x5YdnCqikkFBLE/fruAUe2Z8ZTEn/CaPYmpzU6qYHALCl7Q61LcbqH
+R87TzroBYsYwfHmXmrKHL9K9sB6zmuec1TjVzm2c/Xs=
+<span class="code-tag"></xenc:CipherValue></span>
+<span class="code-tag"></xenc:CipherData></span>
+<span class="code-tag"></xenc:EncryptedKey></span>
+<span class="code-tag"></ds:KeyInfo></span>
+<span class="code-tag"><xenc:CipherData></span>
+<span class="code-tag"><xenc:CipherValue></span>YhqQciiFkLG1z0I1TJC6Pewnzw/gmVuGqcTvHtWpgak/b3NQDRAlv07lJOmBLoHX
+23LQ1CdPSxvnyerlJGwkY6xJ0M5tjpDregTVcECXo/bd+x8eIsF2kaawoZGCqD1K
+96T36Fx9rHek9bY/Hp1OiQ==
+<span class="code-tag"></xenc:CipherValue></span>
+<span class="code-tag"></xenc:CipherData></span>
+<span class="code-tag"></xenc:EncryptedData></span><span class="code-tag"></Letter></span>
+</pre>
+</div></div>
+
+<h3><a shape="rect" name="c_programming-Asimpledecryptionexample"></a>A simple decryption example</h3>
+
+<p>The final example shows how to use the library to decrypt an EncryptedData structure. A private key is loaded as a Key Encryption Key (KEK), and a call is made to the library which decrypts the encrypted data and inserts the resulting DOM nodes back into the original document.</p>
+
+<p>This example can be found in the src/samples directory as simpleDecrypt.cpp.</p>
+
+<h5><a shape="rect" name="c_programming-Setup"></a>Setup</h5>
+
+<p>The setup process is much the same as for simpleVerify. The document (which is the document created in simpleEncrypt) is parsed using Xerces and a DOMDocument is returned.</p>
+
+<h5><a shape="rect" name="c_programming-LoadPrivateKey"></a>Load Private Key</h5>
+
+<p>The simpleDecrypt uses a preloaded RSA private key for the decryption. A key resolver (XSECKeyInfoResolver) can also be used to provide a callback mechanism such that applications can determine the correct key at run time.</p>
+
+<p>The following code uses a XSECProvider to obtain a XENCCipheruses OpenSSL to load the private key from the s_privateKey char array.</p>
+
+<p>The key is loaded using a call to setKEK. This method loads the key as a Key Encryption Key - which means it will be used to decrypt an <EncryptedKey> structure.</p>
+<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
+<pre class="code-java">
+ XSECProvider prov;
+ XENCCipher *cipher;
+
+ cipher = prov.newCipher(doc);
+
+ /* Load the <span class="code-keyword">private</span> key via OpenSSL and then wrap in an OpenSSLCrypto construct */
+ BIO * bioMem = BIO_new(BIO_s_mem());
+ BIO_puts(bioMem, s_privateKey);
+ EVP_PKEY * pk = PEM_read_bio_PrivateKey(bioMem, NULL, NULL, NULL);
+
+ /* NOTE : For simplicity - no error checking here */
+
+ OpenSSLCryptoKeyRSA * k = <span class="code-keyword">new</span> OpenSSLCryptoKeyRSA(pk);
+ cipher->setKEK(k);
+</pre>
+</div></div>
+
+<h5><a shape="rect" name="c_programming-PerformDecryption"></a>Perform Decryption</h5>
+
+<p>Now that the key is loaded, the actual decryption is performed using two lines of code. The first finds the node to be decrypted. In this case, the findXENCNode library function is used.</p>
+
+<p>The second line, decryptElement actually performs the decryption. It performs the following steps :</p>
+
+<ul><li>Load the <EncryptedData> structure into an XENCEncryptedData structure.</li><li>if no decryption key is loaded (in this case, none is), search the <KeyInfo> list for an <EncryptedKey> element (one will be found in this case).</li><li>Use the previously loaded KEK to decrypt the key found in the previous step.</li><li>Use the decrypted key to decrypt the <EncryptedData> data</li><li>Parse the decrypted data into DOM nodes</li><li>Replace the <EncryptedData> with the DOM fragment returned in the previous step</li></ul>
+
+
+<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
+<pre class="code-java">
+ /* Find the EncryptedData node */
+ DOMNode * encryptedNode = findXENCNode(doc, <span class="code-quote">"EncryptedData"</span>);
+
+ /* Do the decrypt */
+ cipher->decryptElement((DOMElement *) encryptedNode);
+</pre>
+</div></div>
+
+<p>The result of these steps is the decrypted letter.</p>
+<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
+<pre class="code-xml">
+<span class="code-tag"><Letter></span>
+<span class="code-tag"><ToAddress></span>The address of the Recipient<span class="code-tag"></ToAddress></span>
+<span class="code-tag"><FromAddress></span>The address of the Sender<span class="code-tag"></FromAddress></span>
+<span class="code-tag"><Text></span>
+To whom it may concern, my secret credit card number is :
+ 0123 4567 89ab cdef
+
+...
+<span class="code-tag"></Text></span><span class="code-tag"></Letter></span>
+</pre>
+</div></div>
+
+
+</div>
+ </div>
+ <!-- Content -->
+ </td>
+ </tr>
+ </table>
+ </td>
+ <td id="cell-2-2" colspan="2"> </td>
+ </tr>
+ <tr>
+ <td id="cell-3-0"> </td>
+ <td id="cell-3-1"> </td>
+ <td id="cell-3-2">
+ <div id="footer">
+ <!-- Footer -->
+ <div id="site-footer">
+ (<a href="https://cwiki.apache.org/confluence/pages/editpage.action?pageId=25198986">edit page</a>) <br>
+ Apache Santuario, Apache, the Apache feather logo are trademarks of The Apache Software Foundation.<br>
+ All other marks mentioned may be trademarks or registered trademarks of their respective owners.
+ </div>
+ <!-- Footer -->
+ </div>
+ </td>
+ <td id="cell-3-3"> </td>
+ <td id="cell-3-4"> </td>
+ </tr>
+ <tr>
+ <td id="cell-4-0" colspan="2"> </td>
+ <td id="cell-4-1"> </td>
+ <td id="cell-4-2" colspan="2"> </td>
+ </tr>
+</table>
+
+</body>
+</html>
+
Added: websites/production/santuario/content/creleasenotes.html
==============================================================================
--- websites/production/santuario/content/creleasenotes.html (added)
+++ websites/production/santuario/content/creleasenotes.html Mon Feb 11 16:21:46 2013
@@ -0,0 +1,162 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<!--
+
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<html>
+ <head>
+ <link type="text/css" rel="stylesheet" href="http://cxf.apache.org/resources/site.css">
+ <script src="http://cxf.apache.org/resources/space.js" type="text/javascript"></script>
+
+<meta http-equiv="Content-type" content="text/html;charset=UTF-8">
+<meta name="keywords" content="XML Security, XML, software, Santuario, open source">
+<meta name="description" content="Apache Santuario - c_release_notes">
+ <title>
+Apache Santuario -- c_release_notes
+ </title>
+ </head>
+<body onload="init()">
+
+
+<table width="100%" cellpadding="0" cellspacing="0">
+ <tr>
+ <td id="cell-0-0" colspan="2"> </td>
+ <td id="cell-0-1"> </td>
+ <td id="cell-0-2" colspan="2"> </td>
+ </tr>
+ <tr>
+ <td id="cell-1-0"> </td>
+ <td id="cell-1-1"> </td>
+ <td id="cell-1-2">
+ <div style="padding: 5px;">
+ <div id="banner">
+ <!-- Banner -->
+<div id="banner-content">
+<table border="0" cellpadding="0" cellspacing="0" width="100%"><tr><td align="left" colspan="1" nowrap>
+<a shape="rect" href="http://santuario.apache.org/" title="Apache Santuario"><span style="font-weight: bold; font-size: 170%; color: white">Apache Santuario</span></a>
+</td><td align="right" colspan="1" nowrap>
+<a shape="rect" href="http://www.apache.org/" title="The Apache Software Foundation"><img border="0" src="http://activemq.apache.org/images/asf-logo.png"></a>
+</td></tr></table>
+</div>
+ <!-- Banner -->
+ </div>
+ </div>
+ <div id="top-menu">
+ <table border="0" cellpadding="1" cellspacing="0" width="100%">
+ <tr>
+ <td>
+ <div align="left">
+ <!-- Breadcrumbs -->
+<a href="index.html">Apache Santuario</a> > <a href="index.html">Index</a> > <a href="cindex.html">c_index</a> > <a href="creleasenotes.html">c_release_notes</a>
+ <!-- Breadcrumbs -->
+ </div>
+ </td>
+ <td>
+ <div align="right">
+ <!-- Quicklinks -->
+<div id="quicklinks"></div>
+ <!-- Quicklinks -->
+ </div>
+ </td>
+ </tr>
+ </table>
+ </div>
+ </td>
+ <td id="cell-1-3"> </td>
+ <td id="cell-1-4"> </td>
+ </tr>
+ <tr>
+ <td id="cell-2-0" colspan="2"> </td>
+ <td id="cell-2-1">
+ <table>
+ <tr valign="top">
+ <td height="100%">
+ <div id="wrapper-menu-page-right">
+ <div id="wrapper-menu-page-top">
+ <div id="wrapper-menu-page-bottom">
+ <div id="menu-page">
+ <!-- NavigationBar -->
+<div id="navigation"><h3><a shape="rect" name="Navigation-ApacheSantuario"></a>Apache Santuario</h3>
+<ul><li><a shape="rect" href="index.html" title="Index">Home</a></li><li><a shape="rect" href="download.html" title="download">Download</a></li><li><a shape="rect" href="secadv.html" title="secadv">Security Advisories</a></li><li><a shape="rect" href="faq.html" title="faq">FAQ</a></li><li><a shape="rect" href="team.html" title="team">Team</a></li><li><a shape="rect" href="contributing.html" title="contributing">Contributing</a></li><li><a shape="rect" href="mailing.html" title="mailing">Mailing Lists</a></li><li><a shape="rect" class="external-link" href="http://svn.apache.org/viewvc/santuario/">SVN</a></li><li><a shape="rect" class="external-link" href="http://issues.apache.org/jira/browse/SANTUARIO">Issue Tracking</a></li><li><a shape="rect" class="external-link" href="http://www.apache.org/licenses/">License</a></li><li><a shape="rect" href="history.html" title="history">History</a></li><li><a shape="rect" href="oldnews.html" title="old_news">Old News</a></li></ul>
+
+
+<h3><a shape="rect" name="Navigation-Java"></a>Java</h3>
+<ul><li><a shape="rect" href="javaindex.html" title="java_index">Index</a></li><li><a shape="rect" href="download.html" title="download">Download</a></li><li><a shape="rect" href="javareleasenotes.html" title="java_release_notes">Release Notes</a></li><li><a shape="rect" href="javafaq.html" title="java_faq">FAQ</a></li><li><a shape="rect" href="javaapi.html" title="java_api">API</a></li><li><a shape="rect" href="javainterop.html" title="java_interop">Interoperability</a></li></ul>
+
+
+<h3><a shape="rect" name="Navigation-C"></a>C++</h3>
+<ul><li><a shape="rect" href="cindex.html" title="c_index">Index</a></li><li><a shape="rect" href="download.html" title="download">Download</a></li><li><a shape="rect" href="creleasenotes.html" title="c_release_notes">Release Notes</a></li><li><a shape="rect" href="cinstallation.html" title="c_installation">Installation</a></li><li><a shape="rect" href="cfaq.html" title="c_faq">FAQ</a></li><li><a shape="rect" href="ctools.html" title="c_tools">Tools</a></li><li><a shape="rect" href="cprogramming.html" title="c_programming">Programming</a></li><li><a shape="rect" href="ccredits.html" title="c_credits">Credits</a></li></ul>
+
+
+<h3><a shape="rect" name="Navigation-ASF"></a>ASF</h3>
+<ul><li><a shape="rect" class="external-link" href="http://www.apache.org/foundation/how-it-works.html">How Apache Works</a></li><li><a shape="rect" class="external-link" href="http://www.apache.org/foundation/">Foundation</a></li><li><a shape="rect" class="external-link" href="http://www.apache.org/foundation/sponsorship.html">Sponsor Apache</a></li><li><a shape="rect" class="external-link" href="http://www.apache.org/foundation/thanks.html">Thanks</a></li></ul>
+</div>
+ <!-- NavigationBar -->
+ </div>
+ </div>
+ </div>
+ </div>
+ </td>
+ <td height="100%">
+ <!-- Content -->
+ <div class="wiki-content">
+<div class="wiki-content maincontent"><h1><a shape="rect" name="c_release_notes-ApacheXMLSecurityforCReleaseNotes"></a>Apache XML Security for C++ Release Notes</h1>
+
+<h3><a shape="rect" name="c_release_notes-CurrentReleases"></a>Current Releases</h3>
+
+<ul><li><a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311231&version=12321856">Apache XML Security for C++ 1.7.0</a></li></ul>
+
+
+<h3><a shape="rect" name="c_release_notes-Olderreleases"></a>Older releases</h3>
+
+<ul><li><a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311231&version=12316452">Apache XML Security for C++ 1.6.1</a></li><li><a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311231&version=12315941">Apache XML Security for C++ 1.6.0</a></li><li><a shape="rect" href="c151releasenotes.html" title="c_1_5_1_release_notes">Apache XML Security for C++ 1.5.1</a></li><li><a shape="rect" href="c150releasenotes.html" title="c_1_5_0_release_notes">Apache XML Security for C++ 1.5.0</a></li><li><a shape="rect" href="c140releasenotes.html" title="c_1_4_0_release_notes">Apache XML Security for C++ 1.4.0</a></li><li><a shape="rect" href="c131releasenotes.html" title="c_1_3_1_release_notes">Apache XML Security for C++ 1.3.1</a></li><li><a shape="rect" href="c130releasenotes.html" title="c_1_3_0_release_notes">Apache XML Security for C++ 1.3.0</a></li><li><a s
hape="rect" href="c121releasenotes.html" title="c_1_2_1_release_notes">Apache XML Security for C++ 1.2.1</a></li><li><a shape="rect" href="c120releasenotes.html" title="c_1_2_0_release_notes">Apache XML Security for C++ 1.2.0</a></li><li><a shape="rect" href="c11releasenotes.html" title="c_1_1_release_notes">Apache XML Security for C++ 1.1</a></li><li><a shape="rect" href="c10releasenotes.html" title="c_1_0_release_notes">Apache XML Security for C++ 1.0</a></li></ul>
+</div>
+ </div>
+ <!-- Content -->
+ </td>
+ </tr>
+ </table>
+ </td>
+ <td id="cell-2-2" colspan="2"> </td>
+ </tr>
+ <tr>
+ <td id="cell-3-0"> </td>
+ <td id="cell-3-1"> </td>
+ <td id="cell-3-2">
+ <div id="footer">
+ <!-- Footer -->
+ <div id="site-footer">
+ (<a href="https://cwiki.apache.org/confluence/pages/editpage.action?pageId=25199219">edit page</a>) <br>
+ Apache Santuario, Apache, the Apache feather logo are trademarks of The Apache Software Foundation.<br>
+ All other marks mentioned may be trademarks or registered trademarks of their respective owners.
+ </div>
+ <!-- Footer -->
+ </div>
+ </td>
+ <td id="cell-3-3"> </td>
+ <td id="cell-3-4"> </td>
+ </tr>
+ <tr>
+ <td id="cell-4-0" colspan="2"> </td>
+ <td id="cell-4-1"> </td>
+ <td id="cell-4-2" colspan="2"> </td>
+ </tr>
+</table>
+
+</body>
+</html>
+
Added: websites/production/santuario/content/ctools.html
==============================================================================
--- websites/production/santuario/content/ctools.html (added)
+++ websites/production/santuario/content/ctools.html Mon Feb 11 16:21:46 2013
@@ -0,0 +1,165 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<!--
+
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<html>
+ <head>
+ <link type="text/css" rel="stylesheet" href="http://cxf.apache.org/resources/site.css">
+ <script src="http://cxf.apache.org/resources/space.js" type="text/javascript"></script>
+
+<meta http-equiv="Content-type" content="text/html;charset=UTF-8">
+<meta name="keywords" content="XML Security, XML, software, Santuario, open source">
+<meta name="description" content="Apache Santuario - c_tools">
+ <title>
+Apache Santuario -- c_tools
+ </title>
+ </head>
+<body onload="init()">
+
+
+<table width="100%" cellpadding="0" cellspacing="0">
+ <tr>
+ <td id="cell-0-0" colspan="2"> </td>
+ <td id="cell-0-1"> </td>
+ <td id="cell-0-2" colspan="2"> </td>
+ </tr>
+ <tr>
+ <td id="cell-1-0"> </td>
+ <td id="cell-1-1"> </td>
+ <td id="cell-1-2">
+ <div style="padding: 5px;">
+ <div id="banner">
+ <!-- Banner -->
+<div id="banner-content">
+<table border="0" cellpadding="0" cellspacing="0" width="100%"><tr><td align="left" colspan="1" nowrap>
+<a shape="rect" href="http://santuario.apache.org/" title="Apache Santuario"><span style="font-weight: bold; font-size: 170%; color: white">Apache Santuario</span></a>
+</td><td align="right" colspan="1" nowrap>
+<a shape="rect" href="http://www.apache.org/" title="The Apache Software Foundation"><img border="0" src="http://activemq.apache.org/images/asf-logo.png"></a>
+</td></tr></table>
+</div>
+ <!-- Banner -->
+ </div>
+ </div>
+ <div id="top-menu">
+ <table border="0" cellpadding="1" cellspacing="0" width="100%">
+ <tr>
+ <td>
+ <div align="left">
+ <!-- Breadcrumbs -->
+<a href="index.html">Apache Santuario</a> > <a href="index.html">Index</a> > <a href="cindex.html">c_index</a> > <a href="ctools.html">c_tools</a>
+ <!-- Breadcrumbs -->
+ </div>
+ </td>
+ <td>
+ <div align="right">
+ <!-- Quicklinks -->
+<div id="quicklinks"></div>
+ <!-- Quicklinks -->
+ </div>
+ </td>
+ </tr>
+ </table>
+ </div>
+ </td>
+ <td id="cell-1-3"> </td>
+ <td id="cell-1-4"> </td>
+ </tr>
+ <tr>
+ <td id="cell-2-0" colspan="2"> </td>
+ <td id="cell-2-1">
+ <table>
+ <tr valign="top">
+ <td height="100%">
+ <div id="wrapper-menu-page-right">
+ <div id="wrapper-menu-page-top">
+ <div id="wrapper-menu-page-bottom">
+ <div id="menu-page">
+ <!-- NavigationBar -->
+<div id="navigation"><h3><a shape="rect" name="Navigation-ApacheSantuario"></a>Apache Santuario</h3>
+<ul><li><a shape="rect" href="index.html" title="Index">Home</a></li><li><a shape="rect" href="download.html" title="download">Download</a></li><li><a shape="rect" href="secadv.html" title="secadv">Security Advisories</a></li><li><a shape="rect" href="faq.html" title="faq">FAQ</a></li><li><a shape="rect" href="team.html" title="team">Team</a></li><li><a shape="rect" href="contributing.html" title="contributing">Contributing</a></li><li><a shape="rect" href="mailing.html" title="mailing">Mailing Lists</a></li><li><a shape="rect" class="external-link" href="http://svn.apache.org/viewvc/santuario/">SVN</a></li><li><a shape="rect" class="external-link" href="http://issues.apache.org/jira/browse/SANTUARIO">Issue Tracking</a></li><li><a shape="rect" class="external-link" href="http://www.apache.org/licenses/">License</a></li><li><a shape="rect" href="history.html" title="history">History</a></li><li><a shape="rect" href="oldnews.html" title="old_news">Old News</a></li></ul>
+
+
+<h3><a shape="rect" name="Navigation-Java"></a>Java</h3>
+<ul><li><a shape="rect" href="javaindex.html" title="java_index">Index</a></li><li><a shape="rect" href="download.html" title="download">Download</a></li><li><a shape="rect" href="javareleasenotes.html" title="java_release_notes">Release Notes</a></li><li><a shape="rect" href="javafaq.html" title="java_faq">FAQ</a></li><li><a shape="rect" href="javaapi.html" title="java_api">API</a></li><li><a shape="rect" href="javainterop.html" title="java_interop">Interoperability</a></li></ul>
+
+
+<h3><a shape="rect" name="Navigation-C"></a>C++</h3>
+<ul><li><a shape="rect" href="cindex.html" title="c_index">Index</a></li><li><a shape="rect" href="download.html" title="download">Download</a></li><li><a shape="rect" href="creleasenotes.html" title="c_release_notes">Release Notes</a></li><li><a shape="rect" href="cinstallation.html" title="c_installation">Installation</a></li><li><a shape="rect" href="cfaq.html" title="c_faq">FAQ</a></li><li><a shape="rect" href="ctools.html" title="c_tools">Tools</a></li><li><a shape="rect" href="cprogramming.html" title="c_programming">Programming</a></li><li><a shape="rect" href="ccredits.html" title="c_credits">Credits</a></li></ul>
+
+
+<h3><a shape="rect" name="Navigation-ASF"></a>ASF</h3>
+<ul><li><a shape="rect" class="external-link" href="http://www.apache.org/foundation/how-it-works.html">How Apache Works</a></li><li><a shape="rect" class="external-link" href="http://www.apache.org/foundation/">Foundation</a></li><li><a shape="rect" class="external-link" href="http://www.apache.org/foundation/sponsorship.html">Sponsor Apache</a></li><li><a shape="rect" class="external-link" href="http://www.apache.org/foundation/thanks.html">Thanks</a></li></ul>
+</div>
+ <!-- NavigationBar -->
+ </div>
+ </div>
+ </div>
+ </div>
+ </td>
+ <td height="100%">
+ <!-- Content -->
+ <div class="wiki-content">
+<div class="wiki-content maincontent"><h1><a shape="rect" name="c_tools-Tools"></a>Tools</h1>
+
+<h3><a shape="rect" name="c_tools-ProvidedTools"></a>Provided Tools</h3>
+
+<p>A number of very simple "tools" (really examples) are provided with the Apache XML Security for C++ library. These can be used either to provide examples of how to use the library or as simple utilities in their own right for performing canonicalisation and signature functions.</p>
+
+<p>The tools are :</p>
+
+<ul><li>c14n - A tool to output a Canonicalised version of an input document.</li><li>checksig - A tool to validate a signature in an XML input document</li><li>templatesign - A tool to sign an XML document that already has the <Signature> structure installed, but needs the references hashed and the SignatureValue set.</li><li>txfmout - A tool to take an XML Signature and output the fully transformed references to stdout or a nominated file</li><li>threadTest - A Windows only program that runs up a number of threads which simultaneously sign and validate documents. A number of documents are modified in between (to cause the signature validation to fail).</li><li>siginf - A tool to read in an XML Signature and dump various details about the signature and references to the terminal</li><li>cipher - A tool to encrypt and decrypt XML documents.</li><li>xklient - A tool to generate and process XKMS messages. Can be used to send XKMS requests to XKMS servers over SOAP 1.1/1.
2 and HTML and to dump the results to screen.</li></ul>
+
+
+<p>The tools can all be run with no command line arguments to see their parameters.</p>
+
+<p>One extra "tool" is provided - xtest. This is really a testing program that exercises various capabilities of the library and compares the results with known good results.</p></div>
+ </div>
+ <!-- Content -->
+ </td>
+ </tr>
+ </table>
+ </td>
+ <td id="cell-2-2" colspan="2"> </td>
+ </tr>
+ <tr>
+ <td id="cell-3-0"> </td>
+ <td id="cell-3-1"> </td>
+ <td id="cell-3-2">
+ <div id="footer">
+ <!-- Footer -->
+ <div id="site-footer">
+ (<a href="https://cwiki.apache.org/confluence/pages/editpage.action?pageId=25198760">edit page</a>) <br>
+ Apache Santuario, Apache, the Apache feather logo are trademarks of The Apache Software Foundation.<br>
+ All other marks mentioned may be trademarks or registered trademarks of their respective owners.
+ </div>
+ <!-- Footer -->
+ </div>
+ </td>
+ <td id="cell-3-3"> </td>
+ <td id="cell-3-4"> </td>
+ </tr>
+ <tr>
+ <td id="cell-4-0" colspan="2"> </td>
+ <td id="cell-4-1"> </td>
+ <td id="cell-4-2" colspan="2"> </td>
+ </tr>
+</table>
+
+</body>
+</html>
+
Added: websites/production/santuario/content/download.html
==============================================================================
--- websites/production/santuario/content/download.html (added)
+++ websites/production/santuario/content/download.html Mon Feb 11 16:21:46 2013
@@ -0,0 +1,208 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<!--
+
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<html>
+ <head>
+ <link type="text/css" rel="stylesheet" href="http://cxf.apache.org/resources/site.css">
+ <script src="http://cxf.apache.org/resources/space.js" type="text/javascript"></script>
+
+<meta http-equiv="Content-type" content="text/html;charset=UTF-8">
+<meta name="keywords" content="XML Security, XML, software, Santuario, open source">
+<meta name="description" content="Apache Santuario - download">
+ <title>
+Apache Santuario -- download
+ </title>
+ </head>
+<body onload="init()">
+
+
+<table width="100%" cellpadding="0" cellspacing="0">
+ <tr>
+ <td id="cell-0-0" colspan="2"> </td>
+ <td id="cell-0-1"> </td>
+ <td id="cell-0-2" colspan="2"> </td>
+ </tr>
+ <tr>
+ <td id="cell-1-0"> </td>
+ <td id="cell-1-1"> </td>
+ <td id="cell-1-2">
+ <div style="padding: 5px;">
+ <div id="banner">
+ <!-- Banner -->
+<div id="banner-content">
+<table border="0" cellpadding="0" cellspacing="0" width="100%"><tr><td align="left" colspan="1" nowrap>
+<a shape="rect" href="http://santuario.apache.org/" title="Apache Santuario"><span style="font-weight: bold; font-size: 170%; color: white">Apache Santuario</span></a>
+</td><td align="right" colspan="1" nowrap>
+<a shape="rect" href="http://www.apache.org/" title="The Apache Software Foundation"><img border="0" src="http://activemq.apache.org/images/asf-logo.png"></a>
+</td></tr></table>
+</div>
+ <!-- Banner -->
+ </div>
+ </div>
+ <div id="top-menu">
+ <table border="0" cellpadding="1" cellspacing="0" width="100%">
+ <tr>
+ <td>
+ <div align="left">
+ <!-- Breadcrumbs -->
+<a href="index.html">Apache Santuario</a> > <a href="index.html">Index</a> > <a href="cindex.html">c_index</a> > <a href="download.html">download</a>
+ <!-- Breadcrumbs -->
+ </div>
+ </td>
+ <td>
+ <div align="right">
+ <!-- Quicklinks -->
+<div id="quicklinks"></div>
+ <!-- Quicklinks -->
+ </div>
+ </td>
+ </tr>
+ </table>
+ </div>
+ </td>
+ <td id="cell-1-3"> </td>
+ <td id="cell-1-4"> </td>
+ </tr>
+ <tr>
+ <td id="cell-2-0" colspan="2"> </td>
+ <td id="cell-2-1">
+ <table>
+ <tr valign="top">
+ <td height="100%">
+ <div id="wrapper-menu-page-right">
+ <div id="wrapper-menu-page-top">
+ <div id="wrapper-menu-page-bottom">
+ <div id="menu-page">
+ <!-- NavigationBar -->
+<div id="navigation"><h3><a shape="rect" name="Navigation-ApacheSantuario"></a>Apache Santuario</h3>
+<ul><li><a shape="rect" href="index.html" title="Index">Home</a></li><li><a shape="rect" href="download.html" title="download">Download</a></li><li><a shape="rect" href="secadv.html" title="secadv">Security Advisories</a></li><li><a shape="rect" href="faq.html" title="faq">FAQ</a></li><li><a shape="rect" href="team.html" title="team">Team</a></li><li><a shape="rect" href="contributing.html" title="contributing">Contributing</a></li><li><a shape="rect" href="mailing.html" title="mailing">Mailing Lists</a></li><li><a shape="rect" class="external-link" href="http://svn.apache.org/viewvc/santuario/">SVN</a></li><li><a shape="rect" class="external-link" href="http://issues.apache.org/jira/browse/SANTUARIO">Issue Tracking</a></li><li><a shape="rect" class="external-link" href="http://www.apache.org/licenses/">License</a></li><li><a shape="rect" href="history.html" title="history">History</a></li><li><a shape="rect" href="oldnews.html" title="old_news">Old News</a></li></ul>
+
+
+<h3><a shape="rect" name="Navigation-Java"></a>Java</h3>
+<ul><li><a shape="rect" href="javaindex.html" title="java_index">Index</a></li><li><a shape="rect" href="download.html" title="download">Download</a></li><li><a shape="rect" href="javareleasenotes.html" title="java_release_notes">Release Notes</a></li><li><a shape="rect" href="javafaq.html" title="java_faq">FAQ</a></li><li><a shape="rect" href="javaapi.html" title="java_api">API</a></li><li><a shape="rect" href="javainterop.html" title="java_interop">Interoperability</a></li></ul>
+
+
+<h3><a shape="rect" name="Navigation-C"></a>C++</h3>
+<ul><li><a shape="rect" href="cindex.html" title="c_index">Index</a></li><li><a shape="rect" href="download.html" title="download">Download</a></li><li><a shape="rect" href="creleasenotes.html" title="c_release_notes">Release Notes</a></li><li><a shape="rect" href="cinstallation.html" title="c_installation">Installation</a></li><li><a shape="rect" href="cfaq.html" title="c_faq">FAQ</a></li><li><a shape="rect" href="ctools.html" title="c_tools">Tools</a></li><li><a shape="rect" href="cprogramming.html" title="c_programming">Programming</a></li><li><a shape="rect" href="ccredits.html" title="c_credits">Credits</a></li></ul>
+
+
+<h3><a shape="rect" name="Navigation-ASF"></a>ASF</h3>
+<ul><li><a shape="rect" class="external-link" href="http://www.apache.org/foundation/how-it-works.html">How Apache Works</a></li><li><a shape="rect" class="external-link" href="http://www.apache.org/foundation/">Foundation</a></li><li><a shape="rect" class="external-link" href="http://www.apache.org/foundation/sponsorship.html">Sponsor Apache</a></li><li><a shape="rect" class="external-link" href="http://www.apache.org/foundation/thanks.html">Thanks</a></li></ul>
+</div>
+ <!-- NavigationBar -->
+ </div>
+ </div>
+ </div>
+ </div>
+ </td>
+ <td height="100%">
+ <!-- Content -->
+ <div class="wiki-content">
+<div class="wiki-content maincontent"><h1><a shape="rect" name="download-ObtaintheApacheSantuariodistribution"></a>Obtain the Apache Santuario distribution</h1>
+
+<p>The <span class="tm mark"><b>Apache Santuario</b><small><sup>TM</sup></small></span>
+ project is aimed at providing implementation of the primary security standards for XML. Two libraries are currently available.</p>
+
+<ul><li>Apache XML Security for Java - This library includes a mature Digital Signature and Encryption implementation. It also includes the standard JSR 105 (Java XML Digital Signature) API. Applications can use the standard JSR 105 API or the Apache Santuario API to create and validate XML Signatures.</li><li>Apache XML Security for C++ - This library includes a mature Digital Signature and Encryption implementation using a proprietary C++ API on top of the Xerces-C XML Parser's DOM API. It includes a pluggable cryptographic layer, but support for alternatives to OpenSSL are less complete and less mature.</li></ul>
+
+
+<h3><a shape="rect" name="download-Howtodownload"></a>How to download</h3>
+
+<p>Use the links below to download a distribution of Apache Santuario from one of our mirrors. It is good practice to verify the integrity of the distribution files. Apache Santuario releases are available under the <a shape="rect" class="external-link" href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a> - see the LICENSE.txt and NOTICE.txt files contained in each release artifact.</p>
+
+<h3><a shape="rect" name="download-Currentofficialrelease%28closestmirrorsiteselectedautomatically%29"></a>Current official release (closest mirror site selected automatically)</h3>
+
+<ul><li>The current Java release is Apache XML Security for Java 1.5.3: <a shape="rect" class="external-link" href="http://www.apache.org/dyn/closer.cgi?path=/santuario/java-library/1_5_3/xml-security-bin-1_5_3.zip">xml-security-bin-1_5_3.zip</a> (<a shape="rect" class="external-link" href="http://www.apache.org/dist/santuario/java-library/1_5_3/xml-security-bin-1_5_3.zip.asc">PGP</a>) (<a shape="rect" class="external-link" href="http://www.apache.org/dist/santuario/java-library/1_5_3/xml-security-bin-1_5_3.zip.md5">MD5</a>)</li></ul>
+
+
+<ul><li>The current C++ release is Apache XML Security for C++ 1.7.0: <a shape="rect" class="external-link" href="http://www.apache.org/dyn/closer.cgi?path=/santuario/c-library/xml-security-c-1.7.0.tar.gz">xml-security-c-1.7.0.tar.gz</a> (<a shape="rect" class="external-link" href="http://www.apache.org/dist/santuario/c-library/xml-security-c-1.7.0.tar.gz.asc">PGP</a>) (<a shape="rect" class="external-link" href="http://www.apache.org/dist/santuario/c-library/xml-security-c-1.7.0.tar.gz.md5">MD5</a>)</li></ul>
+
+
+<h3><a shape="rect" name="download-Archiveofoldreleases"></a>Archive of old releases</h3>
+
+<ul><li>The current 1.4.x Java release is Apache XML Security for Java 1.4.7: <a shape="rect" class="external-link" href="http://www.apache.org/dyn/closer.cgi?path=/santuario/java-library/1_4_7/xml-security-bin-1_4_7.zip">xml-security-bin-1_4_7.zip</a> (<a shape="rect" class="external-link" href="http://www.apache.org/dist/santuario/java-library/1_4_7/xml-security-bin-1_4_7.zip.asc">PGP</a>) (<a shape="rect" class="external-link" href="http://www.apache.org/dist/santuario/java-library/1_4_7/xml-security-bin-1_4_7.zip.md5">MD5</a>)</li></ul>
+
+
+<p>Older releases are available in the <a shape="rect" class="external-link" href="http://archive.apache.org/dist/santuario/">archive</a>.</p>
+
+<h3><a shape="rect" name="download-Verifyreleases"></a>Verify releases</h3>
+
+<p>It is essential that you verify the integrity of the downloaded files using the MD5 and PGP signatures. MD5 verification ensures the file was not corrupted or tampered with. PGP verification ensures that the file came from a certain person.</p>
+
+<h3><a shape="rect" name="download-PGPSignature"></a>PGP Signature</h3>
+
+<p>The PGP signatures can be verified using <a shape="rect" class="external-link" href="http://www.pgpi.org/" rel="nofollow">PGP</a> or <a shape="rect" class="external-link" href="http://www.gnupg.org/" rel="nofollow">GPG</a>. First download the Apache Santuario <a shape="rect" class="external-link" href="http://www.apache.org/dist/santuario/KEYS">KEYS</a> as well as the *.asc signature file for the particular distribution. It is important that you get these files from the ultimate trusted source - the main ASF distribution site, rather than from a mirror. Then verify the signatures using ...</p>
+<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
+<pre class="code-xml">
+% pgpk -a KEYS
+% pgpv xml-security-bin-1_4_4.zip.asc
+ or
+% pgp -ka KEYS
+% pgp xml-security-bin-1_4_4.zip.asc
+ or
+% gpg --import KEYS
+% gpg --verify xml-security-bin-1_4_4.zip.asc
+</pre>
+</div></div>
+
+<h3><a shape="rect" name="download-MD5Checksum"></a>MD5 Checksum</h3>
+
+<p>To verify the MD5 checksum on the files, you need to use a program called md5 or md5sum, which is included in many unix distributions. It is also available as part of <a shape="rect" class="external-link" href="http://www.gnu.org/software/textutils/textutils.html" rel="nofollow">GNU Textutils</a>. Windows users can get binary md5 programs from <a shape="rect" class="external-link" href="http://www.fourmilab.ch/md5/" rel="nofollow">here</a>, <a shape="rect" class="external-link" href="http://www.pc-tools.net/win32/freeware/console/" rel="nofollow">here</a>, or <a shape="rect" class="external-link" href="http://www.slavasoft.com/fsum/" rel="nofollow">here</a> or an openssl client from <a shape="rect" class="external-link" href="http://www.slproweb.com/products/Win32OpenSSL.html" rel="nofollow">here</a>.</p>
+<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
+<pre class="code-xml">
+% md5sum xml-security-X.Y.tar.gz
+... output should match the string in xml-security-X.Y.tar.gz.md5
+</pre>
+</div></div>
+<p>We strongly recommend you verify your downloads with both PGP and MD5.</p></div>
+ </div>
+ <!-- Content -->
+ </td>
+ </tr>
+ </table>
+ </td>
+ <td id="cell-2-2" colspan="2"> </td>
+ </tr>
+ <tr>
+ <td id="cell-3-0"> </td>
+ <td id="cell-3-1"> </td>
+ <td id="cell-3-2">
+ <div id="footer">
+ <!-- Footer -->
+ <div id="site-footer">
+ (<a href="https://cwiki.apache.org/confluence/pages/editpage.action?pageId=25198999">edit page</a>) <br>
+ Apache Santuario, Apache, the Apache feather logo are trademarks of The Apache Software Foundation.<br>
+ All other marks mentioned may be trademarks or registered trademarks of their respective owners.
+ </div>
+ <!-- Footer -->
+ </div>
+ </td>
+ <td id="cell-3-3"> </td>
+ <td id="cell-3-4"> </td>
+ </tr>
+ <tr>
+ <td id="cell-4-0" colspan="2"> </td>
+ <td id="cell-4-1"> </td>
+ <td id="cell-4-2" colspan="2"> </td>
+ </tr>
+</table>
+
+</body>
+</html>
+