Signature Document Requirements for Verification
For verification, the signature
property must be set with a valid signature object meeting the following requirements:
Required elements of signature object for verification | Remarks |
---|---|
<ds:Signature> |
Must be present, and must signify the starting point for the signature processing |
<ds:SignedInfo> |
Must be present, and must contain the following child elements: <ds:CanonicalizationMethod> , <ds:SignatureMethod> , and <ds:Reference> |
<ds:CanonicalizationMethod> |
Must contain an Algorithm attribute with a valid value. |
<ds:SignatureMethod> |
Must be present, and must contain an Algorithm attribute with a valid signing algorithm name. |
<ds:Reference> |
At lease one such element must be present. This element may contain a URI attribute indicating the data source for the document to be verified. The value of this attribute must be resolved to a data source. When the URI attribute is absent, an application must set the data source by calling the setReferenceData method. There can be at most one <ds:Reference> element without the URI attribute. |
<ds:Transforms> |
This is an optional element. If present, it must contain at least one <ds:Transform> child element. Multiple children can be in any order. |
<ds:Transform> |
Must contain an Algorithm attribute with a known algorithm name as its value. |
<xslt:stylesheet> |
When the transform algorithm is XSLT, this element must be present and must contain a valid XSLT template. |
<ds:XPath> |
When the transform algorithm is XPath, this element must be present and must contain the filtering predicate text. |
<ds:DigestMethod> |
Must be present, and must contain an Algorithm attribute with the SHA1 algorithm name. |
<ds:DigestValue> |
Must be present, and must contain a valid digest value. For verification, this value will be compared with the computed digest value. |
<ds:SignatureValue> |
Must be present, and must contain a valid signature value. For verification, this value will be compared with the computed signature value. |
<ds:KeyInfo> |
Must be present, and must contain valid key information if data is to be verified with user-supplied key information. When present, the <ds:KeyValue> child element will be used for verification. Otherwise, a <ds:X509Data> element containing a certificate will be searched. |
<ds:Object> |
May be present, and may contain an Id attribute whose value can be referenced by the URI attribute of a <ds:Reference> element. |
<ds:Manifest> |
May be present, and may contain a Id attribute whose value can be referenced by the URI attribute of a <ds:Reference> element. |
Return to signature property reference