XML Digital Signature Tool

About this Add-on

XML Digital Signature Tool is a Firefox add-on for processing Digital Signature in XML documents (follows the W3C specification for XML-Signature Syntax and Processing ).

The XML digital signature tool is built on top of Apache XML Security for C++ library , called XSEC. No changes were made to XSEC source code. We just compiled the source with NSS option to provide cryptographic functionality using browser's certificate database. The re-compiled XSEC library is packaged with the XPI file for this add-on.

This tool provides an XPCOM-IDL based wrapper around C++ based Apache XML security library. Our XPCOM-IDL based API allows any Firefox based extension to access XSEC library using JavaScript and C++. This tool also provides XUL based GUI for specifying various parameters for signing XML files and verifying signed XML files.

In addition, the tool provides following features:
- encryption and decryption of XML documents (follows the W3C spec for XML Encryption Syntax and Processing)
- ability to generate Self-Issued SAML Token (both v1.1 and v2.0) using the RSA/DSA keys in the browser's certificate DB. The SAML Token generation is implemented using our XPCOM based component for signing and encryption of XML documents.
- XPCOM based API for UUID generation. The XPCOM implementation reuses the UUID generation source code in the RFC4122. We have adapted the UUID generation code code in RFC4122 for Mozilla NSS based digest and added string based UUID API.
- Signing of HTML document and verification of signed HTML pages - follows W3C HTML Signing Profile

For more information: http://pubs.research.avayalabs.com/pdfs/ALR-2007-013.pdf

Note: Please download and install Apache XML libraries before installing this add-on. See the "Advanced Details" section for installation instruction for Apache XERCES C++ libraries.

Note: This tool works only on x86-based Windows (32-bit only), Mac OSX, and Linux (64-bit only) OSes. This version does not support 32-bit Linux anymore.

Developer’s Comments

My goal is to provide XPCOM based API for XML Digital Signature processing using Mozilla NSS Crypto API. The Java based API for XMLDSIG is not easy to use with browser for selection of certificates from browser's certificate DB.

I am using Apache XML Security C++ libraries because it supports Mozilla NSS Crypto API and it has XML canonicalization API that complies with W3 spec.

This tool automatically selects a list of user certificates (from the browser's certificate DB based on ObjectSigner key usage criteria) which can be used to sign XML documents and present them as a menu list. The XML file to be signed is picked using the file browser. The signature parameters are chosen from a set of form fields.
<p/>

System Requirements:

The Apache XML Security for C++ library uses the Apache XML project's Xerces-C++ XML Parser and Xalan-C XSLT processor. The latter is used for processing XPath and XSLT transforms. This add-on does not support Xalan-based transforms. The XPI file for this add-on includes Mozilla-NSS enabled Apache XML security libraries for C++. But, this tool does not include the 'required' DLL or shared library for Xerces-C . You have to download and install Apache XERCES for C++ library before you install this add-on. The path for shared libraries or DLL of XERCES must be in the LD_LIBRARY_PATH (for Unix) or PATH (for windows).

You have to install and configure the Apache XERCES C++ libraries before you can use the Add-on. Please follow the instructions below for respective platform.

Download, Install and configure the Apache XML Libraries before installing the add-on :

Apache XML Libraries Installation and Configuration Instructions for Firefox 5.0+ :

For x86 Windows (32-bit only)
- FF v23 and below : Download and install Apache Xerces-C++ ( http://www.apache.org/dist/xerces/c/3/binaries/xerces-c-3.1.1-x86-windows-vc-9.0.zip)
- FF v24 and up : Download and install Apache Xerces-C++ ( http://www.apache.org/dist/xerces/c/3/binaries/xerces-c-3.1.1-x86-windows-vc-10.0.zip)
- Extract and Install the downloaded file .
- Add the Xerces-C++ bin directories to your PATH environment variable. For more info on installation, go to Xerces-C++ XML Parser project page.
- set PATH=<XERCES-INSTALL-DIR>\bin;%PATH%
For x86 Linux - 32 bit (Not supported any more.)
For x86_64 Linux
- Download and install Apache Xerces-C++ ( http://www.apache.org/dist/xerces/c/3/binaries/xerces-c-3.1.1-x86-linux-gcc-3.4.tar.gz) for Linux x86_64.
- Extract and Install the downloaded file .
- Add the Xerces-C++ lib directories to your LD_LIBRARY_PATH environment variable. For more info on installation, go to Xerces-C++ XML Parser project page.
- export LD_LIBRARY_PATH=<XERCES-INSTALL-DIR>/lib:$LD_LIBRARY_PATH

For x86_64 Mac OSX
- The binary component for Xerces-C++ for Mac OSX x86_64 platform is not available from Apache Xerces-C++ download site.
- You have to download the source package and build for Mac OSX x86_64 platform. After you build and install the complied binary from the source, add the installed Xerces-C++ lib directories to your DYLD_LIBRARY_PATH environment variable. For more info on installation, go to Xerces-C XML Parser project page.
- export DYLD_LIBRARY_PATH=<XERCES-INSTALL-DIR>/lib:$DYLD_LIBRARY_PATH

Finally, restart the browser and then install the add-on from this page.
<p/>

Note:

This add-on may not work with Firefox distributed with some Linux platform. You have to download the Firefox from the Mozilla site.
This tool is tested only on Fedora Linux (x86_64), Mac OSX 10.7.5 and Windows XP-SP3 OSes. It may or may not work on other Linux x86 OSes. Note: This version does not support 32-bit Linux.
If the signing does not work, re-install the Add-on - uninstall then install. Do not install over existing Add-on.
Also, check to make sure that DLLs (shared libraries) from Apache Xerces-C++ are in your PATH (LD_LIBRARY_PATH) environment variable.
Please make sure that the "ObjectSigner" key-usage is 'true' for the signing certificate - otherwise the certificate associated with the signing key won't be part of the displayed in the list for signing certificates.
If you need a tool to generate keys/self-signed certs for signing of XML documents, you can try our KeyManager Add-on for Firefox : https://addons.mozilla.org/en-US/firefox/addon/key-manager/

Enabling of HTML Document signing and signature validation :
HTML document signing tool and HTML signature validation is disabled by default. Use the Preference window to enable it as follows:

"Tools --> Add-on --> Select XML Digital Signature Processing Tool --> Preferences/Options"
Select the "HTML Signature Tool" tab
Check the "Enable HTML Digital Signature Tool" to display the menu item under Tools menu
Check the "Enable HTML Digital Signature Validation" if you want to validate the HTML signature embedded in a HTML document as it is being displayed by the browser
Check the "Override proxy restriction" if you want do signature validation in HTML pages that are accessed using a HTTP proxy. If you are behind a firewall, overriding proxy restriction will hang your browser until it times out for no responses.

If the HTML signature validation is enabled, then a small icon appears on the status bar of the browser if the page contains HTML signature. This status icon displays the information about the signature and the results of the signature validation.

Version Information

Version 0.1.240.20130821 Released Aug. 22, 2013 2.6 MiB Works with Firefox 24.0a1 - 56., SeaMonkey 2.21a1 - 2.21., Thunderbird 24.0a1 - 24.*

Compatibility update for FF 24.0/TB 24.0/SM 2.21.

You have to install and configure the Apache XERCES C++ libraries before you can use the Add-on.
For Windows OS, you have to download the xerces-c++ for VC10 (even if you are upgrading).

Please read the "Developer Notes" section for FF5.0 and up for detailed instructions.

This version only works on Windows, Mac OSX, and Linux-64 OSes.
This version does not support 32-bit Linux.

Source code released under Mozilla Public License Version 1.1

Download for Linux Download Anyway Download for Mac OS X Download Anyway Download for Windows Download Anyway

See complete version history

Add-ons

Welcome to SeaMonkey Add-ons.

On the go?

XML Digital Signature Tool 0.1.240.20130821 Requires Restart

by Subrata Mazumdar

About this Add-on

Developer’s Comments

Version Information

Version 0.1.240.20130821 Released Aug. 22, 2013 2.6 MiB Works with Firefox 24.0a1 - 56., SeaMonkey 2.21a1 - 2.21., Thunderbird 24.0a1 - 24.*

Add-ons

Welcome to SeaMonkey Add-ons.

On the go?

XML Digital Signature Tool 0.1.240.20130821 Requires Restart

by Subrata Mazumdar

About this Add-on

Developer’s Comments

Version Information

Version 0.1.240.20130821 Released Aug. 22, 2013 2.6 MiB Works with Firefox 24.0a1 - 56.*, SeaMonkey 2.21a1 - 2.21.*, Thunderbird 24.0a1 - 24.*

Permissions

Report Abuse

Version 0.1.240.20130821 Released Aug. 22, 2013 2.6 MiB Works with Firefox 24.0a1 - 56., SeaMonkey 2.21a1 - 2.21., Thunderbird 24.0a1 - 24.*