XMLDSIG_WRITEKEYINFO Enum

The XMLDSIG_WRITEKEYINFO enumeration defines flags used to specify how the <ds:KeyInfo> element of a signed signature document will be filled in after the XML data is signed successfully. Each of the element is passed in as an input parameter in the sign Method.

Syntax

enum _XMLDSIG_WRITEKEYINFO
{
    NOKEYINFO = 0,
    KEYVALUE = 1,
    CERTIFICATES = 2,
    PURGE = 4
};

Values

NOKEYINFO

No information will be inserted into the <ds:KeyInfo> element. Any existing content of the <ds:KeyInfo> element remains intact.

KEYVALUE

Add an appropriate <ds:KeyValue> element and its relevant child elements to the <ds:KeyInfo> element, leaving other elements intact.

CERTIFICATES

Add available, certificates to <ds:KeyInfo>, leaving other elements intact. In this case, the <ds:KeyInfo> element will contain the <ds:X509Data> element and its relevant child elements. See Remarks below for more information.

PURGE

The <ds:KeyInfo> element will be empty. Any existing content is purged.

Remarks

The fWriteKeyInfo parameter value passed in to the sign method can take an individual elemental value listed above or a combination of them. The combined values have the following meaning:

When you sign data with the CERTIFICATES flag and the key has a matching certificate in the "MY" certificate store, the certificate will be inserted into the resultant signature document. A key has a matching certificate if any of the following conditions are true:

• It is created using the createKeyFromCertContext method.
• It is create using the createKeyFromCSP method and there is a corresponding certificate in the "MY" certificate store.
• 8A certificate store has been set using the putref_store property method or the setStoreHandle method.

Example

See the example given for the sign Method.