pybergshamra documentation

pybergshamra is a Python binding for the Bergshamra XML Security library – a pure-Rust implementation of XML Digital Signatures (XML-DSig), XML Encryption (XML-Enc), C14N canonicalization, and cryptographic primitives.

Features

• XML Digital Signatures – sign and verify (RSA, EC, Ed25519, HMAC, post-quantum)

• XML Encryption – encrypt and decrypt (AES-CBC/GCM, RSA-OAEP key transport)

• C14N canonicalization – inclusive, exclusive, with/without comments

• Key management – RSA, EC, Ed25519, X25519, HMAC, AES, 3DES, PKCS#12, X.509

• Certificate validation – X.509 chain building and verification with CRL support

• Cryptographic primitives – digest, PBKDF2, HKDF, ConcatKDF

• Post-quantum signatures – ML-DSA-44/65/87, SLH-DSA

• Anti-XSW protection – strict verification mode

• Zero Python dependencies – ships as a single native extension

Contents

• Quick start
  • Installation
  • Load a key
  • Verify a signed XML document
  • Sign an XML template
  • Encrypt data
  • Decrypt data
  • Canonicalize XML
• API reference
  • Algorithm constants
  • Key management
  • Key loaders
  • X509 KeyInfo builders
  • Digital signatures
  • XML encryption
  • Canonicalization
  • Cryptographic primitives
  • Certificate validation
• Exceptions
  • BergshamraError
  • XmlError
  • CryptoError
  • KeyLoadError
  • AlgorithmError
  • EncryptionError
  • CertificateError
  • Exception hierarchy
• Examples
  • Verify a SAML Response
  • Sign an XML document (enveloped)
  • Sign with HMAC
  • Sign with ECDSA
  • Encrypt XML with AES-256-GCM + RSA-OAEP
  • Decrypt an EncryptedAssertion
  • Canonicalize a subtree
  • Certificate chain validation
  • Key derivation
  • Ed25519 signatures
• Migrating from python-xmlsec
  • Why migrate?
  • Key differences
  • Key loading
  • KeysManager
  • Certificate management
  • Signature verification
  • Signature verification with ID registration
  • Signing an XML document
  • XML Encryption
  • Encryption with template
  • Canonicalization
  • Algorithm constants
  • Symmetric key generation
  • Error handling
  • Features only in pybergshamra