createKeyFromNode Method
[This feature was first implemented for MSXML 5.0.]Generates a key object from the DOM node corresponding to the <ds:KeyInfo>
and one of its descendant elements. The createKeyFromNode
method is used to acquire the public key for signature verification.
Script Syntax
var objKey = objXMLDigitalSignature.createKeyFromNode(node);
Visual Basic Syntax
Set objKey = objXMLDigitalSignature.createKeyFromNode(node)
C/C++ Syntax Using Smart Pointers
IXMLDSigKeyPtr objKey=IXMLDigitalSignature->createKeyFromNode(node);
C/C++ Syntax
HRESULT createKeyFromNode ( IXMLDOMNode* node, IXMLDSigKey** objKey);
Parameters
- node [in]
- An XML DOM node corresponding to a child element of the
<ds:KeyInfo>
element. For more information, see the Remarks section below. - objKey [out]
- In C/C++, this is a reference to the resultant key object implementing the
IXMLDSigKey
interface. In Visual Basic, scripting languages, and C/C++ with smart pointers, this is the key object itself.
Return Values
This methods returns the standard CryptoAPI return values, including the following:
- S_OK
- The key object was created successfully.
- E_FAIL
- The key object could not be created. Possible reasons include that the
<ds:KeyInfo>
node contained insufficient information, or the caller was not authorized. - E_ACCESSDENIED
- The key object could not be created because the user does not have access to the security item.
Remarks
The actions performed by createKeyFromNode
during key generation depend on the input node. This method can use any of the following types of nodes to create the key.
Input node | Actions performed |
---|---|
<ds:KeyValue> |
Searches for the <ds:DSAKeyValue> or <ds:RSAKeyValue> node. |
<ds:DSAKeyValue> |
Loads the DSA key. |
<ds:RSAKeyValue> |
Loads the RSA key. |
<ds:X509Data> |
Searches for the <ds:X509Certificate> node. |
<ds:X509Certificate> |
Loads the X509 certificate, extracts the embedded key, and loads it into the calling application. |
<ds:RetrievalMethod> |
Obtains additional key information based, on the URI and the transformation specified. |
The resultant key object does not contain any certificate information. Calling IXMLDSigKey::getStore
or IXMLDSigKeyEx::getStoreHandle
on this key object will result in NULL.
An error occurs when the input node is a <ds:KeyInfo>
element containing any X509 certificates, either explicitly (by way of <ds:X509Certificate>)
, or implicitly (by way of <ds:RetrievalMethod>
). In this case, calling IXMLDSigKey::getStore
or IXMLDSigKeyEx::getStoreHandle
on the resultant key object will return an IStore
object or a memory store object containing the certificates.
Example
This example illustrates how to verify a signature on signed data. The example uses the createKeyFromNode
method to obtain the signature. We've provided source files for the sample in three languages: JScript, Visual Basic, and C++. The output is the same in each language.
- Resource File (signature.dsa.xml)
- JScript Code (KeyFromNode.js)
- Visual Basic Code (KeyFromNode.frm)
- C/C++ Code (KeyFromNode.cpp)
- Output for the KeyFromNode Example
Applies To
IXMLDigitalSignature | IXMLDigitalSignatureEx
Versioning
MSXML 5.0 and later
To view reference information for Visual Basic, C/C++, or Script only, click the Language Filter button in the upper-left corner of the page.