Discuss this help topic in SecureBlackbox Forum
XML: Choose what data to include to signature
During signing with X.509 certificates you might need to choose, what optional data should be included in the signature. For example, you include or omit <KeyValue> tag or include or omit different parts of the X.509 certificate, which is used for signing. This is done with help of TElXMLKeyInfoX509Data.IncludeKeyValue and TElXMLKeyInfoX509Data.IncludeDataParams properties.
C#:
Signer.SignatureMethodType = SBXMLSec.Unit.xmtSig;
Signer.SignatureMethod = SBXMLSec.Unit.xsmRSA_SHA256;
TElXMLKeyInfoX509Data X509KeyData = new TElXMLKeyInfoX509Data(true); // we set "own" parameter to true value, as we are creating TElX509Certificate object
X509KeyData.Certificate = new TElX509Certificate(null);
int k = X509KeyData.Certificate.LoadFromFileAuto("cert.pfx", "password");
if (k != 0)
throw new Exception("Failed to load certificate. Error code: " + k.ToString());
...
X509KeyData.IncludeKeyValue = false;
X509KeyData.IncludeDataParams = SBXMLSec.Unit.xkidX509Certificate | SBXMLSec.Unit.xkidX509SubjectName;
Signer.KeyData = X509KeyData;
Signer.SignatureMethodType := xmtSig;
Signer.SignatureMethod := xsmRSA_SHA256; // using RSA with SHA 256-bit
...
X509KeyData := TElXMLKeyInfoX509Data.Create(True); // we set "own" parameter to true value, as we are creating TElX509Certificate object
X509KeyData.Certificate := TElX509Certificate.Create(nil);
k := X509KeyData.Certificate.LoadFromFileAuto('cert.pfx', 'password');
if k <> 0 then
raise Exception.Create('Failed to load certificate. Error code: ' + IntToStr(k));
X509KeyData.IncludeKeyValue := false;
X509KeyData.IncludeDataParams := [xkidX509Certificate, xkidX509SubjectName];
Signer.KeyData := X509KeyData;
...
// when signing is finished we need to clear KeyData object
X509KeyData.Free();