{"id":15436998,"url":"https://github.com/ucarion/dsig","last_synced_at":"2026-03-09T15:02:25.139Z","repository":{"id":144212342,"uuid":"264756661","full_name":"ucarion/dsig","owner":"ucarion","description":"A Golang implementation of XML Digital Signature","archived":false,"fork":false,"pushed_at":"2020-05-29T19:08:32.000Z","size":48,"stargazers_count":3,"open_issues_count":0,"forks_count":2,"subscribers_count":3,"default_branch":"master","last_synced_at":"2024-10-20T00:59:49.871Z","etag":null,"topics":["digital-signature","golang","xml"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ucarion.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-05-17T21:04:55.000Z","updated_at":"2021-03-01T09:43:31.000Z","dependencies_parsed_at":null,"dependency_job_id":"ccc78505-a27d-41f0-834c-334772106de8","html_url":"https://github.com/ucarion/dsig","commit_stats":{"total_commits":13,"total_committers":2,"mean_commits":6.5,"dds":"0.23076923076923073","last_synced_commit":"5ac9b08ff66e947f3f31c2f583cfb021b5dfa689"},"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ucarion%2Fdsig","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ucarion%2Fdsig/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ucarion%2Fdsig/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ucarion%2Fdsig/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ucarion","download_url":"https://codeload.github.com/ucarion/dsig/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248097978,"owners_count":21047346,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["digital-signature","golang","xml"],"created_at":"2024-10-01T18:54:37.361Z","updated_at":"2025-10-13T11:07:44.425Z","avatar_url":"https://github.com/ucarion.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# dsig\n\n[![go.dev reference](https://img.shields.io/badge/go.dev-reference-007d9c?logo=go\u0026logoColor=white\u0026style=flat-square)](https://pkg.go.dev/mod/github.com/ucarion/dsig?tab=overview)\n[![GitHub Workflow Status](https://img.shields.io/github/workflow/status/ucarion/dsig/tests?label=tests\u0026logo=github\u0026style=flat-square)](https://github.com/ucarion/dsig/actions)\n\nThis package is a Golang implementation of [XML Digital Signature][w3], or\n\"XML-DSig\". In particular, it implements a restricted subset of the\nspecification:\n\n1. This package only knows how to *verify* signatures, not sign them.\n1. Only the common case of an \"enveloped signature\" with just the\n   canonicalization and digest transforms are supported; the `URI` field of\n   `ds:Reference`, as well as `ds:Transforms`, are ignored.\n1. Only the RSA-SHA1 and RSA-SHA256 signature algorithms are supported.\n1. Only the SHA1 and SHA256 digest algorithms are supported.\n\nThe XML-DSig specification is vast, complex, and very challenging to implement\nin its entirety. In practice, supporting the subset provided by this package is\ngood enough to securely implement SAML and other protocols built on top of\nXML-DSig.\n\nIf you're looking to verify XML because you're implementing SAML, consider using [`github.com/ucarion/saml`][saml].\n\n[w3]: https://www.w3.org/TR/xmldsig-core/\n[saml]: https://github.com/ucarion/saml\n\n## Installation\n\nInstall this package by running:\n\n```bash\ngo get github.com/ucarion/dsig\n```\n\n## Usage\n\nThe most common way to use this package is to embed `dsig.Signature` into a\nstruct representing your data, and then calling `Signature.Verify()` on the\n`[]byte` you unmarshalled your struct from. For example:\n\n```go\ninput := `\n    \u003cFoo favoriteNumber=\"42\"\u003e\n      \u003cfavoriteQuote\u003ehello\u003c/favoriteQuote\u003e\n      \u003cds:Signature xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"\u003e\n        \u003cds:SignedInfo\u003e\n          \u003cds:Reference\u003e\n            \u003cds:DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\" /\u003e\n            \u003cds:DigestValue\u003eTakSS5ndDNzYd32+E3GGQlZJ3j0=\u003c/ds:DigestValue\u003e\n          \u003c/ds:Reference\u003e\n          \u003cds:SignatureMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#rsa-sha1\" /\u003e\n        \u003c/ds:SignedInfo\u003e\n        \u003cds:SignatureValue\u003eL4l1Qyp8kVFaZ9893/IW0bEBGBuAavssuv916PuM/e7RAR7qQ/PZ4M8Lo5WcMXV2GYLoRttTurt0I9udTs4SO4yv+JitlXdvWUllgLQNR9kMHpFwzkyv2Pw6m3j6Jdix9kVD7nh50OUcBJDJSk+WLa55TWLe++RejjPfUezPoAY=\u003c/ds:SignatureValue\u003e\n      \u003c/ds:Signature\u003e\n    \u003c/Foo\u003e\n`\n\ntype Foo struct {\n  FavoriteNumber int            `xml:\"favoriteNumber,attr\"`\n  FavoriteQuote  string         `xml:\"favoriteQuote\"`\n  Signature      dsig.Signature `xml:\"Signature\"`\n}\n\n// First, unmarshal an instance of your struct, with the Signature embedded in\n// it, from your []byte input.\nvar foo Foo\nerr = xml.Unmarshal([]byte(input), \u0026foo)\nfmt.Println(err)\n\n// Next, construct a decoder from the bytes you just unmarshalled from.\ndecoder := xml.NewDecoder(strings.NewReader(input))\n\n// Finally, call Verify using an X509 certificate and the decoder you just made.\nerr = foo.Signature.Verify(cert, decoder)\nfmt.Println(err)\n// Output:\n// \u003cnil\u003e\n// \u003cnil\u003e\n// \u003cnil\u003e\n```\n\nThe code above works if you construct `cert` as:\n\n```go\nblock, _ := pem.Decode([]byte(`-----BEGIN CERTIFICATE-----\nMIICVzCCAcACCQC9lei8Ir3KDzANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJV\nUzEPMA0GA1UECAwGT3JlZ29uMREwDwYDVQQHDAhQb3J0bGFuZDEVMBMGA1UECgwM\nQ29tcGFueSBOYW1lMQwwCgYDVQQLDANPcmcxGDAWBgNVBAMMD3d3dy5leGFtcGxl\nLmNvbTAeFw0yMDA1MjgxNzUzNTJaFw0yMTA1MjgxNzUzNTJaMHAxCzAJBgNVBAYT\nAlVTMQ8wDQYDVQQIDAZPcmVnb24xETAPBgNVBAcMCFBvcnRsYW5kMRUwEwYDVQQK\nDAxDb21wYW55IE5hbWUxDDAKBgNVBAsMA09yZzEYMBYGA1UEAwwPd3d3LmV4YW1w\nbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDAqmyYL/bNqAL7uHFx\nlHT2Ullmh0UvMb1mJrtTVb/j+k+nKNklbdbz/mSOdc7OJ8kwu9xNcKvDADr8acir\n74p8Tp9hYEOR8p2XBcFiB7x5g76Vdm6NM4g3Ib5utXBRd13YSQajD6ynJYprrTBn\ngGnXzdvZ6ZhX3QeJebO9m9u7WQIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAL8vaXlm\n1dd8U9UCrnt6X0MHvd5l5RRWqvXcV7FvjBqs6U9TP+soCKAzQSpJh4WpY1qaMlgc\nFVaTFT9FFMoqYHTn4yj/C6GS7tcyXEStKvr7UA6mH4yfepwndoc6/KAuCph1ucsb\nVuPh47/DnXFpm4ZKNsojqBwUjM9/EkP0UGGK\n-----END CERTIFICATE-----`))\n\ncert, err := x509.ParseCertificate(block.Bytes)\nfmt.Println(err)\n```\n\nBut you'll find that if you tamper with the cert or the data being signed (in a\nway that meaningfully alters the XML data), you'll get an error.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fucarion%2Fdsig","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fucarion%2Fdsig","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fucarion%2Fdsig/lists"}