Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
XML Signature
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
== Structure == An XML Signature consists of a <code>Signature</code> element in the <code><nowiki>http://www.w3.org/2000/09/xmldsig#</nowiki></code> namespace. The basic structure is as follows: <syntaxhighlight lang="xml"> <Signature> <SignedInfo> <CanonicalizationMethod /> <SignatureMethod /> <Reference> <Transforms /> <DigestMethod /> <DigestValue /> </Reference> <Reference /> etc. </SignedInfo> <SignatureValue /> <KeyInfo /> <Object /> </Signature> </syntaxhighlight> * The <code>SignedInfo</code> element contains or references the signed data and specifies what algorithms are used. ** The <code>SignatureMethod</code> and <code>CanonicalizationMethod</code> elements are used by the <code>SignatureValue</code> element and are included in <code>SignedInfo</code> to protect them from tampering. ** One or more <code>Reference</code> elements specify the resource being signed by URI reference and any transformations to be applied to the resource prior to signing. *** <code>Transforms</code> contains the transformations applied to the resource prior to signing. A transformation can be a XPath-expression that selects a defined subset of the document tree.<ref>[http://www.w3.org/TR/xmldsig-filter2/ XML-Signature XPath Filter 2.0]</ref> *** <code>DigestMethod</code> specifies the hash algorithm before applying the hash. *** <code>DigestValue</code> contains the [[Base64]] encoded result of applying the hash algorithm to the transformed resource(s) defined in the <code>Reference</code> element attributes. * The <code>SignatureValue</code> element contains the [[Base64]] encoded signature result - the signature generated with the parameters specified in the <code>SignatureMethod</code> element - of the <code>SignedInfo</code> element after applying the algorithm specified by the <code>CanonicalizationMethod</code>. * <code>KeyInfo</code> element optionally allows the signer to provide recipients with the key that validates the signature, usually in the form of one or more [[X.509]] digital certificates. The relying party must identify the key from context if <code>KeyInfo</code> is not present. * The <code>Object</code> element (optional) contains the signed data if this is an ''enveloping signature''.
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)