Discuss this help topic in SecureBlackbox Forum

XML: Create enveloping signature

If the <ds:Signature> element contains the signed data within itself (as the content of a <ds:Object> element), it is called an enveloping signature. For example, the following signature is an enveloping signature in which the element with the text object containing the plain text "Hello, World!" is embedded. To create such signature you would need to create a reference, that points to an enveloping object, set the enveloping object ID and then save the signature either with TElXMLSigner.Save() or TElXMLSigner.SaveEnveloping() method. The component will automatically create the enveloping object for the node that you pass as parameter to the Save*() method.

Original document:


<data>Hello, World!</data>

Signed document:


<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
  <ds:SignedInfo>
    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
    <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
    <ds:Reference URI="#objId">
      <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
      <ds:DigestValue>...</ds:DigestValue>
    </ds:Reference>
  </ds:SignedInfo>
  <ds:SignatureValue>...</ds:SignatureValue/>
  <ds:KeyInfo>...</ds:KeyInfo>
  <ds:Object Id="objId"><data>Hello, World!</data></ds:Object>
</ds:Signature>

Code sample:

C#:


void Sign(TElXMLDOMDocument Doc, TElX509Certificate Cert)
{
  TElXMLSigner Signer = new TElXMLSigner(null);
  TElXMLKeyInfoX509Data X509Data = new TElXMLKeyInfoX509Data(false);

  Signer.SignatureType = TElXMLSignatureType.xstEnveloping;
  Signer.CanonicalizationMethod = TElXMLCanonicalizationMethod.xcmCanon;
  Signer.SignatureMethodType = TElXMLSigMethodType.xmtSig;
  Signer.SignatureMethod = TElXMLSignatureMethod.xsmRSA_SHA1;

  TElXMLReference Ref = new TElXMLReference();

  Ref.DigestMethod = TElXMLDigestMethod.xdmSHA1;
  Ref.URI = "#objId";
  Signer.References.Add(Ref);

  X509Data.Certificate = Cert;
  Signer.KeyData = X509Data;

  Signer.EnvelopingObjectID = "objId";
  Signer.GenerateSignature();

  Signer.SaveEnveloping(Doc.DocumentElement);
}
Delphi:

procedure Sign(Doc : TElXMLDOMDocument; Cert : TElX509Certificate);
var
  Signer: TElXMLSigner;
  X509Data: TElXMLKeyInfoX509Data;
  Ref: TElXMLReference;
begin
  Signer:= TElXMLSigner.Create(nil);
  X509Data := TElXMLKeyInfoX509Data.Create(false);
  try
    Signer.SignatureType := xstEnveloping;
    Signer.CanonicalizationMethod := xcmCanon;
    Signer.SignatureMethodType := xmtSig;
    Signer.SignatureMethod := xsmRSA_SHA1;

    Ref := TElXMLReference.Create;
    Ref.DigestMethod := xdmSHA1;
    Ref.URI := '#objId';
    Signer.References.Add(Ref);

    X509Data.Certificate := Cert;
    Signer.KeyData := X509Data;

    Signer.EnvelopingObjectID := 'objId';
    Signer.GenerateSignature;

    Signer.SaveEnveloping(Doc.DocumentElement);
  finally
    FreeAndNil(Signer);
    FreeAndNil(X509Data);
  end;
end;

How To articles about XML signing (XMLDSig and XAdES)

Discuss this help topic in SecureBlackbox Forum