Discuss this help topic in SecureBlackbox Forum
XML: Create detached signature
If the XML signature used to sign a resource outside its containing XML document, then it is called a detached signature (also an externally detached signature).
Detached signature:
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="http://www.w3.org/TR/xml-stylesheet">
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>...</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>...</ds:SignatureValue/>
<ds:KeyInfo>...</ds:KeyInfo>
</ds:Signature>
Code sample:
C#:
void Sign(byte[] Data, string URI, TElX509Certificate Cert)
{
TElXMLSigner Signer = new TElXMLSigner(null);
TElXMLKeyInfoX509Data X509Data = new TElXMLKeyInfoX509Data(false);
try
{
Signer.SignatureType = SBXMLSec.Unit.xstDetached;
Signer.CanonicalizationMethod = SBXMLDefs.Unit.xcmCanon;
Signer.SignatureMethodType = SBXMLSec.Unit.xmtSig;
Signer.SignatureMethod = SBXMLSec.Unit.xsmRSA_SHA1;
TElXMLReference Ref = new TElXMLReference();
Ref.DigestMethod = SBXMLSec.Unit.xdmSHA1;
Ref.URI = URI;
Ref.URIData = Data;
Signer.References.Add(Ref);
X509Data.Certificate = Cert;
Signer.KeyData = X509Data;
Signer.UpdateReferencesDigest();
Signer.GenerateSignature();
Signer.SaveDetached();
}
finally
{
Signer.Dispose();
X509Data.Dispose();
}
}
procedure Sign(const Data : ByteArray; const URI: string; Cert : TElX509Certificate);
var
Signer: TElXMLSigner;
X509Data: TElXMLKeyInfoX509Data;
Ref: TElXMLReference;
begin
Signer:= TElXMLSigner.Create(nil);
X509Data := TElXMLKeyInfoX509Data.Create(false);
try
Signer.SignatureType := xstDetached;
Signer.CanonicalizationMethod := xcmCanon;
Signer.SignatureMethodType := xmtSig;
Signer.SignatureMethod := xsmRSA_SHA1;
Ref := TElXMLReference.Create;
Ref.DigestMethod := xdmSHA1;
Ref.URI := URI;
Ref.URIData := Data;
Signer.References.Add(Ref);
X509Data.Certificate := Cert;
Signer.KeyData := X509Data;
Signer.UpdateReferencesDigest;
Signer.GenerateSignature;
Signer.SaveDetached();
finally
FreeAndNil(Signer);
FreeAndNil(X509Data);
end;
end;