Digital Signature

[This feature was first implemented for MSXML 5.0.]

Digital signature is data digest encrypted with the private key of the signer. The private key ensures that the digital signature is unique to its bearer.

To sign data, the signer digests the data, encrypts it with a private key, and attaches the encrypted digest value to the data. To verify the signature, the verifier uses the signer's public key to decrypt the encrypted digest value attached to the data. The verifier then compares this decrypted digest value with the digest value computed on the companion data. It is important that both the signer and the verifier use the same hash function to digest the data.

Commonly used methods to produce digital signatures include RSA with SHA-1 and DSA with SHA-1 (also known as DSS).

For XML digital signature, MSXML supports RSA with SHA-1 and DSA with SHA-1, in addition to HMAC with SHA-1.