Level Extreme platform
Subscription
Corporate profile
Products & Services
Support
Legal
Français
Alice and Bob XML secret story goes VFP
Message
From
06/12/2018 15:28:28
Antonio Lopes
BookMARC
Coimbra, Portugal
 
 
To
All
General information
Forum:
Visual FoxPro
Category:
XML, XSD
Title:
Alice and Bob XML secret story goes VFP
Miscellaneous
Thread ID:
01664230
Message ID:
01664230
Views:
87
Likes (2)
Dear All

Bob wants to send an XML secret message to Alice. He takes her certificate, encrypts the document using a pair of Alice's public key and a random key, and sends the full encrypted document to her. Alice then takes her private key, decrypts the randomly generated key, and knowing this one then decrypts the rest of the document.

They may start to use VFP for this, now.

I've been working on the development of an XMLSecurity set of classes, as part of the VFP XML Library Set, and as a result of porting a PHP library by Rob Richards.

The goal of these classes is to allow the creation and consumption of secure XML documents, that is, documents that are encrypted and signed according to XML standards.

Following Rob Richards' design, there are three main class: XMLSecurityDSig for signing, XMLSecurityEnc for encryption, and XMLSecurityKey for handling key operations.

The original PHP version extensively uses PHP openssl_* functions, and a few others. In VFP, XMLSecurityLibrary replaces these. It's an abstract class that gathers in one place all the required methods (like SignData, or Hash, or ParseX509, ...).

This class must be subclassed to use specific cryptographic components or libraries. Since I've been using the Chilkat ActiveX RSA component since 2010, and am reasonably confident in working with it, I built a first subclass XMLSecurityLibChilkat to handle the required encrypting and hashing. Of course, this class can be replaced in a particular setup of the overall library by other classes based on other components or API - maybe CryptoAPI, CAPICOM, VFPEncryption... but currently I don't have the chance to develop versions for these.

Although far from being thoroughly tested and developed, I've been using this part of the VFP XML Library Set in a controlled production environment and, until now, with good results. But be aware that some lines of the library did not run at all, yet.

The full source code for the class is uploaded at VFPX, with a few examples to help understand how it works. Any feedback would be much appreciated. And if anyone finds it worthy of support and improvement, in particular providing subclasses for XMLSecurityLib using other cryptographic components would be awesome!

References:
VFP XML Library Set @ https://github.com/atlopes/xml
Rob Richards XMLSecLibs @ https://github.com/robrichards/xmlseclibs
----------------------------------
António Tavares Lopes
Next
Reply
Map
View

Click here to load this message in the networking platform