Discuss this help topic in SecureBlackbox Forum

XML: Create enveloped signature

If the XML signature used to sign a resource outside its containing XML document, then it is called a detached signature (also an externally detached signature).

Detached signature:


<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
  <ds:SignedInfo>
    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
    <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
    <ds:Reference URI="http://www.w3.org/TR/xml-stylesheet">
      <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
      <ds:DigestValue>...</ds:DigestValue>
    </ds:Reference>
  </ds:SignedInfo>
  <ds:SignatureValue>...</ds:SignatureValue/>
  <ds:KeyInfo>...</ds:KeyInfo>
</ds:Signature>

Code sample:

C#:


void Sign(ByteArray Data, string URI, TElX509Certificate Cert)
{
  TElXMLSigner Signer = new TElXMLSigner(null);
  TElXMLKeyInfoX509Data X509Data = new TElXMLKeyInfoX509Data(false);

  Signer.SignatureType = TElXMLSignatureType.xstDetached;
  Signer.CanonicalizationMethod = TElXMLCanonicalizationMethod.xcmCanon;
  Signer.SignatureMethodType = TElXMLSigMethodType.xmtSig;
  Signer.SignatureMethod = TElXMLSignatureMethod.xsmRSA_SHA1;

  TElXMLReference Ref = new TElXMLReference();
  Ref.DigestMethod = TElXMLDigestMethod.xdmSHA1;
  Ref.URI = URI;
  Ref.URIData = Data;
  Signer.References.Add(Ref);

  X509Data.Certificate = Cert;
  Signer.KeyData = X509Data;

  Signer.UpdateReferencesDigest();
  Signer.GenerateSignature();

  Signer.SaveDetached();
}
Delphi:

procedure Sign(const Data : ByteArray; const URI: string; Cert : TElX509Certificate);
var
  Signer: TElXMLSigner;
  X509Data: TElXMLKeyInfoX509Data;
  Ref: TElXMLReference;
begin
  Signer:= TElXMLSigner.Create(nil);
  X509Data := TElXMLKeyInfoX509Data.Create(false);
  try
    Signer.SignatureType := xstDetached;
    Signer.CanonicalizationMethod := xcmCanon;
    Signer.SignatureMethodType := xmtSig;
    Signer.SignatureMethod := xsmRSA_SHA1;

    Ref := TElXMLReference.Create;
    Ref.DigestMethod := xdmSHA1;
    Ref.URI := URI;
    Ref.URIData := Data;

    Signer.References.Add(Ref);

    X509Data.Certificate := Cert;
    Signer.KeyData := X509Data;

    Signer.UpdateReferencesDigest;

    Signer.GenerateSignature;

    Signer.SaveDetached();
  finally
    FreeAndNil(Signer);
    FreeAndNil(X509Data);
  end;
end;

How To articles about XML signing (XMLDSig and XAdES)

Discuss this help topic in SecureBlackbox Forum