Signature Template Requirements for Signing

MSXML 5.0 SDK

Microsoft XML Core Services (MSXML) 5.0 for Microsoft Office - Digital Signatures

Signature Template Requirements for Signing

For signing, the signature property must be set with a signature template that meets the following requirements.

Required elements of signature template for signing Remarks
<ds:Signature> Must be present and signify the starting point for the signature processing
<ds:SignedInfo> Must contain the following child elements: <ds:CanonicalizationMethod>, <ds:SignatureMethod>, and <ds:Reference>.
<ds:CanonicalizationMethod> Must contain Algorithm attribute with a valid value.
<ds:SignatureMethod> Must be present, and may contain an Algorithm attribute. Upon signing, an Algorithm attribute will be created, if not already present. This attribute value is replaced or set with the signing algorithm determined by the key used in signing.
<ds:Reference> At lease one <ds:Reference>element must be present. This element may contain a URI attribute indicating the data source for the document to be signed and the value of this attribute must be resolved to XML data. When the URI attribute is absent, an application can set the data source by calling the setReferenceData method. There can be at most one <ds:Reference> element without the URI attribute.
<ds:Transforms> This is an optional element. If present, it must contain at least one <ds:Transform> child element. Multiple children can be in any order.
<ds:Transform> Must contain an Algorithm attribute with a known algorithm name as its value.
<xslt:stylesheet> When the transform algorithm is XSLT, this element must be present and must contain a valid XSLT template.
<ds:XPath> When the transform algorithm is XPath, this element must be present and must contain the filtering predicate text.
<ds:DigestMethod> Must be present, and must contain the Algorithm attribute with the SHA1 algorithm name.
<ds:DigestValue> Must be present, but may contain a text value. For signing, this value will be replaced with the computed digest value.
<ds:SignatureValue> Must be present, but may contain a text value. For signing, this value will be replaced with the computed signature value.
<ds:KeyInfo> Must be present if data is to be signed with fWriteKeyInfo set to KEYVALUE or CERTFICATES. These enumerated constants are defined in XMLDSIG_WRITEKEYINFO enum. In such cases, any existing content of this element will be replaced with appropriate key information.
<ds:Object> May be present and contain an Id attribute whose value can be referenced by the URI attribute of a <ds:Reference> element.
<ds:Manifest> May be present, and may contain an Id attribute whose value can be referenced by the URI attribute of a <ds:Reference> element.

An example of a simple signature template, signature_template.xml, is listed as the Resource File for the signature example.

Return to signature property reference