Discuss this help topic in SecureBlackbox Forum
XML: Create enveloping signature
If the <ds:Signature> element contains the signed data within itself (as the content of a <ds:Object> element), it is called an enveloping signature. For example, the following signature is an enveloping signature in which the element with the text object containing the plain text "Hello, World!" is embedded. To create such signature you would need to create a reference, that points to an enveloping object, set the enveloping object ID and then save the signature either with TElXMLSigner.Save() or TElXMLSigner.SaveEnveloping() method. The component will automatically create the enveloping object for the node that you pass as parameter to the Save*() method.
Original document:
<data>Hello, World!</data>
Signed document:
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#objId">
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>...</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>...</ds:SignatureValue/>
<ds:KeyInfo>...</ds:KeyInfo>
<ds:Object Id="objId"><data>Hello, World!</data></ds:Object>
</ds:Signature>
Code sample:
C#:
void Sign(TElXMLDOMDocument Doc, TElX509Certificate Cert)
{
TElXMLSigner Signer = new TElXMLSigner(null);
TElXMLKeyInfoX509Data X509Data = new TElXMLKeyInfoX509Data(false);
try
{
Signer.SignatureType = SBXMLSec.Unit.xstEnveloping;
Signer.CanonicalizationMethod = SBXMLDefs.Unit.xcmCanon;
Signer.SignatureMethodType = SBXMLSec.Unit.xmtSig;
Signer.SignatureMethod = SBXMLSec.Unit.xsmRSA_SHA1;
TElXMLReference Ref = new TElXMLReference();
Ref.DigestMethod = SBXMLSec.Unit.xdmSHA1;
Ref.URI = "#objId";
Signer.References.Add(Ref);
X509Data.Certificate = Cert;
Signer.KeyData = X509Data;
Signer.EnvelopingObjectID = "objId";
Signer.GenerateSignature();
Signer.SaveEnveloping(Doc.DocumentElement);
}
finally
{
Signer.Dispose();
X509Data.Dispose();
}
}
procedure Sign(Doc : TElXMLDOMDocument; Cert : TElX509Certificate);
var
Signer: TElXMLSigner;
X509Data: TElXMLKeyInfoX509Data;
Ref: TElXMLReference;
begin
Signer:= TElXMLSigner.Create(nil);
X509Data := TElXMLKeyInfoX509Data.Create(false);
try
Signer.SignatureType := xstEnveloping;
Signer.CanonicalizationMethod := xcmCanon;
Signer.SignatureMethodType := xmtSig;
Signer.SignatureMethod := xsmRSA_SHA1;
Ref := TElXMLReference.Create;
Ref.DigestMethod := xdmSHA1;
Ref.URI := '#objId';
Signer.References.Add(Ref);
X509Data.Certificate := Cert;
Signer.KeyData := X509Data;
Signer.EnvelopingObjectID := 'objId';
Signer.GenerateSignature;
Signer.SaveEnveloping(Doc.DocumentElement);
finally
FreeAndNil(Signer);
FreeAndNil(X509Data);
end;
end;