Signature Document Requirements for Verification

MSXML 5.0 SDK

previous page next page

Microsoft XML Core Services (MSXML) 5.0 for Microsoft Office - Digital Signatures

Signature Document Requirements for Verification

For verification, the signature property must be set with a valid signature object meeting the following requirements:

Required elements of signature object for verification	Remarks
`<ds:Signature>`	Must be present, and must signify the starting point for the signature processing
`<ds:SignedInfo>`	Must be present, and must contain the following child elements: `<ds:CanonicalizationMethod>`, `<ds:SignatureMethod>`, and `<ds:Reference>`
`<ds:CanonicalizationMethod>`	Must contain an `Algorithm` attribute with a valid value.
`<ds:SignatureMethod>`	Must be present, and must contain an `Algorithm` attribute with a valid signing algorithm name.
`<ds:Reference>`	At lease one such element must be present. This element may contain a `URI` attribute indicating the data source for the document to be verified. The value of this attribute must be resolved to a data source. When the URI attribute is absent, an application must set the data source by calling the `setReferenceData` method. There can be at most one `<ds:Reference>` element without the `URI` attribute.
`<ds:Transforms>`	This is an optional element. If present, it must contain at least one `<ds:Transform>` child element. Multiple children can be in any order.
`<ds:Transform>`	Must contain an `Algorithm` attribute with a known algorithm name as its value.
`<xslt:stylesheet>`	When the transform algorithm is XSLT, this element must be present and must contain a valid XSLT template.
`<ds:XPath>`	When the transform algorithm is XPath, this element must be present and must contain the filtering predicate text.
`<ds:DigestMethod>`	Must be present, and must contain an `Algorithm` attribute with the SHA1 algorithm name.
`<ds:DigestValue>`	Must be present, and must contain a valid digest value. For verification, this value will be compared with the computed digest value.
`<ds:SignatureValue>`	Must be present, and must contain a valid signature value. For verification, this value will be compared with the computed signature value.
`<ds:KeyInfo>`	Must be present, and must contain valid key information if data is to be verified with user-supplied key information. When present, the `<ds:KeyValue>` child element will be used for verification. Otherwise, a `<ds:X509Data>` element containing a certificate will be searched.
`<ds:Object>`	May be present, and may contain an `Id` attribute whose value can be referenced by the `URI` attribute of a `<ds:Reference>` element.
`<ds:Manifest>`	May be present, and may contain a `Id` attribute whose value can be referenced by the `URI` attribute of a `<ds:Reference>` element.

Return to signature property reference

previous page start next page

Get in touch

Submit feedback about this site to:

[email protected]