Signature Document Requirements for Verification

MSXML 5.0 SDK

Microsoft XML Core Services (MSXML) 5.0 for Microsoft Office - Digital Signatures

Signature Document Requirements for Verification

For verification, the signature property must be set with a valid signature object meeting the following requirements:

Required elements of signature object for verification Remarks
<ds:Signature> Must be present, and must signify the starting point for the signature processing
<ds:SignedInfo> Must be present, and must contain the following child elements: <ds:CanonicalizationMethod>, <ds:SignatureMethod>, and <ds:Reference>
<ds:CanonicalizationMethod> Must contain an Algorithm attribute with a valid value.
<ds:SignatureMethod> Must be present, and must contain an Algorithm attribute with a valid signing algorithm name.
<ds:Reference> At lease one such element must be present. This element may contain a URI attribute indicating the data source for the document to be verified. The value of this attribute must be resolved to a data source. When the URI attribute is absent, an application must set the data source by calling the setReferenceData method. There can be at most one <ds:Reference> element without the URI attribute.
<ds:Transforms> This is an optional element. If present, it must contain at least one <ds:Transform> child element. Multiple children can be in any order.
<ds:Transform> Must contain an Algorithm attribute with a known algorithm name as its value.
<xslt:stylesheet> When the transform algorithm is XSLT, this element must be present and must contain a valid XSLT template.
<ds:XPath> When the transform algorithm is XPath, this element must be present and must contain the filtering predicate text.
<ds:DigestMethod> Must be present, and must contain an Algorithm attribute with the SHA1 algorithm name.
<ds:DigestValue> Must be present, and must contain a valid digest value. For verification, this value will be compared with the computed digest value.
<ds:SignatureValue> Must be present, and must contain a valid signature value. For verification, this value will be compared with the computed signature value.
<ds:KeyInfo> Must be present, and must contain valid key information if data is to be verified with user-supplied key information. When present, the <ds:KeyValue> child element will be used for verification. Otherwise, a <ds:X509Data> element containing a certificate will be searched.
<ds:Object> May be present, and may contain an Id attribute whose value can be referenced by the URI attribute of a <ds:Reference> element.
<ds:Manifest> May be present, and may contain a Id attribute whose value can be referenced by the URI attribute of a <ds:Reference> element.

Return to signature property reference