KeyInfo library released

X.509 certificate information can be encoded and exchanged in various standardized formats. One of these formats is the KeyInfo representation defined in the W3C XML Signature recommendation. This is an XML-based representation that wraps the Base64 encoded X.509 certificate and can provided additional information (such as certificate digests or key names). 
KeyInfo is used in the ebXML CPPA (Collaboration Protocol Profile and Agreements) version 2.0 OASIS Standard to allow parties to publish their certificates for signing and encryption in their profiles, and to configure agreements with partners using specific certificates. KeyInfo is also used in the upcoming version 3.0 of CPPA for similar purposes. In the ebCore Agreement Update specification it is used for Certificate Updates, similar to the older IETF CEM protocol. 
Current users of ebMS 2.0 and CPA 2.0 have been using an existing Java tool, called KeyInfoWriter, available from and shipped with the Axway B2B product, for many years. It converts X.509 certificates from various formats to KeyInfo. KeyInfo is a new and similar open source library that provides the same functionality for Python, based on the excellent and well-maintained and audited cryptography and lxml libraries. Compared to the Java KeyInfoWriter tool, beyond supporting Python, it adds two features:
1) It converts X.509 certificates to W3C XML Signature KeyInfo structures, but can also parse KeyInfo XML into certificates.
2) It supports not just the XML Signature 1.0 standard, but also optionally the newer XML Signature 1.1. The main difference is the use of sig11:X509Digest instead of ds:X509IssuerSerial.
The library is available from the Python Package Index, at the address, using the Python package installer tool.

Update 0.5

Current version 0.5 supports SHA1 and (optionally, checks if present) SHA3.



Just uploaded a new version with support for certificate chains, as needed for implementing ebCore Agreement Update or CPPA3.

Have a look at:


An update was published, check out for the latest version.

Test set, examples, and some consistency checks in the loader. Focus Areas: BPEL | DITA | ebXML | IDtrust | OpenDocument | SAML | UBL | UDDI
OASIS sites: OASIS | Cover Pages | | AMQP | CGM Open | eGov | Emergency | IDtrust | LegalXML | Open CSA | OSLC | WS-I