-
Notifications
You must be signed in to change notification settings - Fork 23
XML Digital Signature Support
Remold edited this page Jul 6, 2015
·
1 revision
##Signature
<ds:Signature Id="ID001">
We do not use or require the ID.
##SignedInfo
<ds:SignedInfo Id="ID002">
<ds:CanonicalizationMethod Algorithm="http://www.oxygenxml.com/" />
<ds:SignatureMethod Algorithm="http://www.oxygenxml.com/" />
<ds:Reference Id="ID003" URI="http://www.oxygenxml.com/" Type="http://www.oxygenxml.com/">
<ds:Transforms>
<ds:Transform Algorithm="http://www.oxygenxml.com/">
</ds:Transform>
<ds:Transform Algorithm="http://www.oxygenxml.com/">
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.oxygenxml.com/">
</ds:DigestMethod>
<ds:DigestValue>ZGVmYXVsdA==</ds:DigestValue>
</ds:Reference>
<ds:Reference Id="ID004" URI="http://www.oxygenxml.com/" Type="http://www.oxygenxml.com/">
<ds:Transforms>
<ds:Transform Algorithm="http://www.oxygenxml.com/">
<ds:XPath>XPath0</ds:XPath>
</ds:Transform>
<ds:Transform Algorithm="http://www.oxygenxml.com/">
<ds:XPath>XPath1</ds:XPath>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.oxygenxml.com/">
</ds:DigestMethod>
<ds:DigestValue>ZGVmYXVsdA==</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
Required, information that has been signed.
##CanonicalizationMethod
<ds:CanonicalizationMethod Algorithm="http://www.oxygenxml.com/" />
Method used for C14N.
Supported Canonicalization Algorithm:
- http://www.w3.org/2001/10/xml-exc-c14n#
http://www.w3.org/TR/2001/REC-xml-c14n-20010315http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithCommentshttp://www.w3.org/2006/12/xml-c14n11http://www.w3.org/2006/12/xml-c14n11#WithComments
##SignatureMethod
<ds:SignatureMethod Algorithm="http://www.oxygenxml.com/" />
Signature Method.
Supported SignatureMethod Algorithm
##Reference
<ds:Reference Id="ID003" URI="http://www.oxygenxml.com/" Type="http://www.oxygenxml.com/">
<ds:Transforms>
<ds:Transform Algorithm="http://www.oxygenxml.com/">
</ds:Transform>
<ds:Transform Algorithm="http://www.oxygenxml.com/">
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.oxygenxml.com/">
</ds:DigestMethod>
<ds:DigestValue>ZGVmYXVsdA==</ds:DigestValue>
</ds:Reference>
Reference to the signed content, enforced rules:
- We only support the use of 1 Reference, multiple References will cause an error.
- We only support References with an empty URI (URI="") or an XPointer to the parent ID (
URI="#ASSERTION-ID-1"
). - The parent element MUST haven an ID attribute.
- The ID element MUST be unique in the document.
##Transforms
<ds:Transforms>
<ds:Transform Algorithm="http://www.oxygenxml.com/">
</ds:Transform>
<ds:Transform Algorithm="http://www.oxygenxml.com/">
</ds:Transform>
</ds:Transforms>
Supported Transforms:
- http://www.w3.org/2000/09/xmldsig#enveloped-signature
- http://www.w3.org/2001/10/xml-exc-c14n#
http://www.w3.org/TR/1999/REC-xslt-19991116http://www.w3.org/TR/1999/REC-xpath-19991116
##DigestMethod
<ds:DigestMethod Algorithm="http://www.oxygenxml.com/">
</ds:DigestMethod>
Supported Digest Algorithm:
##DigestValue
<ds:DigestValue>ZGVmYXVsdA==</ds:DigestValue>
Must contain Digest of referenced content.
##SingatureValue
<ds:SignatureValue Id="ID005">ZGVmYXVsdA==</ds:SignatureValue>
Must contain signature value.
##KeyInfo
<ds:KeyInfo Id="ID006">
...
</ds:KeyInfo>
We do not use this, this element is entirely ignored.
##Object
<ds:Object Id="ID007" MimeType="MimeType0" Encoding="http://www.oxygenxml.com/">
</ds:Object>
<ds:Object Id="ID008" MimeType="MimeType1" Encoding="http://www.oxygenxml.com/">
</ds:Object>
While Signatures may contain custom Objects, these are not used by EngineBlock.
##Full example
<ds:Signature Id="ID001">
<ds:SignedInfo Id="ID002">
<ds:CanonicalizationMethod Algorithm="http://www.oxygenxml.com/" />
<ds:SignatureMethod Algorithm="http://www.oxygenxml.com/" />
<ds:Reference Id="ID003" URI="http://www.oxygenxml.com/" Type="http://www.oxygenxml.com/">
<ds:Transforms>
<ds:Transform Algorithm="http://www.oxygenxml.com/">
</ds:Transform>
<ds:Transform Algorithm="http://www.oxygenxml.com/">
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.oxygenxml.com/">
</ds:DigestMethod>
<ds:DigestValue>ZGVmYXVsdA==</ds:DigestValue>
</ds:Reference>
<ds:Reference Id="ID004" URI="http://www.oxygenxml.com/" Type="http://www.oxygenxml.com/">
<ds:Transforms>
<ds:Transform Algorithm="http://www.oxygenxml.com/">
<ds:XPath>XPath0</ds:XPath>
</ds:Transform>
<ds:Transform Algorithm="http://www.oxygenxml.com/">
<ds:XPath>XPath1</ds:XPath>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.oxygenxml.com/">
</ds:DigestMethod>
<ds:DigestValue>ZGVmYXVsdA==</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue Id="ID005">ZGVmYXVsdA==</ds:SignatureValue>
<ds:KeyInfo Id="ID006">
<ds:KeyValue>
<ds:DSAKeyValue>
<ds:P>ZGVmYXVsdA==</ds:P>
<ds:Q>ZGVmYXVsdA==</ds:Q>
<ds:G>ZGVmYXVsdA==</ds:G>
<ds:Y>ZGVmYXVsdA==</ds:Y>
<ds:J>ZGVmYXVsdA==</ds:J>
<ds:Seed>ZGVmYXVsdA==</ds:Seed>
<ds:PgenCounter>ZGVmYXVsdA==</ds:PgenCounter>
</ds:DSAKeyValue>
</ds:KeyValue>
</ds:KeyInfo>
<ds:Object Id="ID007" MimeType="MimeType0" Encoding="http://www.oxygenxml.com/">
</ds:Object>
<ds:Object Id="ID008" MimeType="MimeType1" Encoding="http://www.oxygenxml.com/">
</ds:Object>
</ds:Signature>