XML Signature Types

 

 

In the line with W3C XML Signature Recommendation proXSign® supports all three XML Signature types:

 

Enveloped

Suitable for signing XML documents only. Signature is located within the XML document being signed.

Enveloping

Suitable for signing all document types except for external documents (e.g. resources on the Internet). The signature is “wrapped” around the document being signed. If a non-XML document is signed, it is encoded into Base64 format and inserted into a signature “wrapper”. In order to retrieve the document from the XML “wrapper” a separate Base64 decoding program is needed.

Detached

Suitable for signing a single or several parts of a XML document, where the signature is added to a XML document whose parts are being signed where signature and part(s) of the document being signed have no parent-child relationship according to the XML syntax.

Suitable for signing single or several documents of all types (including sources on the Internet), where the signature is placed in a separate document.

 

Example

The follow example demonstrates how is the signature placed in the signed XML document.

 

Sign the following xml with proXSign® XML component. :

 

<?xml version="1.0" encoding="UTF-8" standalone="no" ?> 

<document>

  <test>Test for signing XML documents</test>

</document>

 

For different types of signatures, the signature tag is placed in a different location.  

 

Enveloped Signature

In this case the whole xml document is signed. The signature is placed in the <document> tag. 

 

<?xml version="1.0" encoding="UTF-8" standalone="no" ?>

<document>

  <test>Test for signing XML documents</test>                               

  <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">

    <ds:SignedInfo>

          <ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>

          <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>

          <ds:Reference URI="">

            <ds:Transforms>

              <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>

              <ds:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>

            </ds:Transforms>

            <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>

            <ds:DigestValue>3cs6nT/vRSSAmDnyyJzGT6tvRO8=</ds:DigestValue>

          </ds:Reference>

    </ds:SignedInfo>

    <ds:SignatureValue>

          iJeQJtnoWGR6bjA5iP9QmiIJpsIU+pGlqPjde/Ws+sajBxQoxNXT7TbFnvGDcgSSkSHu12M1O2hM

          LnA7p2dpU4R6PoosAZWKXVy9m17h/UHqSD3BtUfYENALqD23gE3TPCM0jmyjpGBDMwnniMKcTcBS

          q+7NgY3Tmp0LuaUxqMg=

    </ds:SignatureValue>

  </ds:Signature>

</document>

 

Enveloping Signature

In this case the whole xml document is signed. The signed xml document is places in the signature tag. 

 

<?xml version="1.0" encoding="UTF-8" standalone="no" ?>

<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">

  <ds:SignedInfo>

    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>

    <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>

    <ds:Reference URI="#data1">

          <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>

          <ds:DigestValue>PoP4wXPX6J6FH5VWqLrxfd5t8Ak=</ds:DigestValue>

    </ds:Reference>

  </ds:SignedInfo>

  <ds:SignatureValue>

    e6zYqme8tjtZaP50bIxqc1qAkwMHB9MRi06Gb+DgU+HpSZYiG3uEkb9B8H2yCS9Qkly6OytFMSIO

    sVlkz2kRRJObgN0nUXq45r0xTTx+FJ+h1PMXD0BcmoqqPi+qFoUO4qKc45G8rgrQDwncF9kf8L8/

    7sLsI8oVdC+9lNVQveU=

  </ds:SignatureValue>

  <ds:Object Id="data1">

    <document>

          <test>Test for signing XML documents</test>

    </document>

  </ds:Object>

</ds:Signature>

 

Detached Signature

If you use the detached type signature you can not sign the whole xml document. In this case the <test></test> tag is signed. The signature tag is placed at the end of the document, before the </document> tag. The signature could be also placed in another xml document.

 

<?xml version="1.0" encoding="UTF-8" standalone="no" ?>

<document>

  <test Id="data1">Test for signing XML documents</test>                               

  <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">

    <ds:SignedInfo>

          <ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>

          <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>

          <ds:Reference URI="#data1">

            <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>

            <ds:DigestValue>twdJykBM66x5xc/aSC4HiklZzSQ=</ds:DigestValue>

          </ds:Reference>

    </ds:SignedInfo>

    <ds:SignatureValue>

          BNtywHmVEDsLI54cXFYHHlRhu9Kb1xePh+cNadzT3EOrjCYS0wDUnTD2SFvKQNy5F827sXmDtDfn

          3d5jSxnZd1QG5XQEHuuWlux+iYoH0LwhdV0rAR+22k5BrKrwmvNgKYnjPXCFc0nG/V2AKN6fW1XL

          AbmRalKe9LHKnvGggF0=

    </ds:SignatureValue>

  </ds:Signature>

</document>