It is great that we have a language like Javascript that we can use in both client and server applications. With that said one of the challenges both the browser and server environments have compared to say Java or .NET is a fairly weak set of class libraries to build upon.
This is especially true when it comes to security technologies, this is the foundation of most of our OSS work at Peculiar Ventures.
Our most recent project is a XMLDSIG library we call XAdESjs, it is based on WebCrypto and as a result with an appropriate polyfill it works on Node as well as it does in the browser.
With it and a few lines of code you can now sign and verify XMLDSIG and XAdES-BES signatures on these platforms, for example a verify on Node might look like this:
| var xadesjs = require(“./xadesjs/built/xades.js”); var DOMParser = require(“xmldom”).DOMParser; var WebCrypto = require(“./node-webcrypto-ossl”).default; xadesjs.Application.setEngine(“OpenSSL”, new WebCrypto()); var fs = require(“fs”); var signedDocument = new DOMParser().parseFromString(xmlString, “application/xml”); var signedXml = new xadesjs.SignedXml(signedDocument); |
Though we only support the most basic forms of XAdES at this time it is enough to verify the EU Trust Service Provider List (EUTSL).
We intend to add more of XAdES to the library in the future, though we have no schedule for that at this time.
There is still lots to do so please consider contributing.
Ryan
We have since released a new project with basic XMLDSIG support, you can find it here: https://github.com/PeculiarVentures/xmldsigjs
We also released a newer version of XADESjs, the interfaces have changed and it supports more of the XADES specifications. We believe it to be a much better release: https://github.com/PeculiarVentures/xadesjs/
Do you have example of sign xml using xades and fortify?
I do not understand it, and i realy try for hours..