Discuss this help topic in SecureBlackbox Forum

XML: Add Enveloped Signature transform to reference

TElXMLEnvelopedSignatureTransform class represents the enveloped signature transform for an XML digital signature as defined by the XML-DSig standard.

To add enveloped signature transform to the reference transform chain do the following: either create an instance of TElXMLEnvelopedSignatureTransform class and then add it to the chain or use AddEnvelopedSignatureTransform() method.

C#:

TElXMLReference Ref = new TElXMLReference();
Ref.TransformChain.AddEnvelopedSignatureTransform();
// OR
Ref.TransformChain.Add(new TElXMLEnvelopedSignatureTransform());

Delphi:

var Ref : TElXMLReference;
...
Ref := TElXMLReference.Create;
Ref.TransformChain.AddEnvelopedSignatureTransform();
// OR
Ref.TransformChain.Add(TElXMLEnvelopedSignatureTransform.Create());

Note: If you are adding more than one signature into the xml document (under the same parent element) and both signatures uses enveloped signature transform to exclude the signature element from the referenced node, then you may need to additionally tune-up enveloped signature transform StrictMode property, otherwise you can get an invalid reference. This happens because the enveloped signature transform in SecureBlackbox has two modes:

1. It ignores all signatures in the processed nodes (by default, for backward compatibility)
2. It skips only the current signature (as per XML-DSig standard)

To switch between those modes you need to use GetDefaultStrictMode()/ SetDefaultStrictMode() static methods of TElXMLEnvelopedSignatureTransform class or StrictMode property of TElXMLEnvelopedSignatureTransform instance.

Sample code (that should be added into initialization section):

C#, Delphi:

TElXMLEnvelopedSignatureTransform.SetDefaultStrictMode(true);

How To articles about XML signing (XMLDSig and XAdES)

Discuss this help topic in SecureBlackbox Forum