Public and Private Key Pairs
[This feature was first implemented for MSXML 5.0.]In the public key infrastructure (PKI), a subject (that is, an entity) whose identity is of significant value is assigned a pair of cryptographic keys. The public key is published to the general public. The private key is secret, known only to the assigned. The relationship between these two keys is such that data encrypted by one key can be decrypted only by the corresponding key. It is almost impossible to obtain the private key from the public key. Certificates are used to ensure the validity of public keys.
PKI can be used to maintain data confidentiality as well as data integrity, authenticity, and non-repudiation. The former amounts to encryption and decryption. The latter gives rise to digital signature.
MSXML uses CAPICOM or CryptoAPI for the underlying cryptographic operations, including the key management, that are required for XML digital signature. In CAPICOM or CryptoAPI, keys are opaque and can be accessed or passed around through key handles. In MSXML, keys are encapsulated in objects that implement the IXMLDSigKey
interface or the IXMLDSigKeyEx
interface. To use a key, you must first create the key object by calling one of the createKeyFrom*
methods on a signature object that implements IXMLDigitalSignature
or IXMLDigitalSignatureEx
.