DI Management Home > Cryptography > Signing XML documents using XMLDSIG (Part 3)

Signing XML documents using XMLDSIG (Part 3)

On this page we look at four common types of XML documents signed using XML-DSIG and techniques to identify and sign them. This is part 3 of a series. Part 1 looked at an enveloping signature and Part 2 looked at an enveloped signature.

The four types of signed documents we consider on this page are
  1. Enveloped signature (revisited) {example}
  2. Signed document with ID {example}
  3. Signed SOAP document {example}
  4. XAdES-BES {example}

In the first section of this page, we show how to identify these particular types of signed documents.

In the second section, we give examples starting with a base document with placeholders to be completed. We show how to interpret the requirements of the <Signature> element and present the final signed versions signed using a test RSA key. There are links to code to carry out the signing procedure.

Contents

Section 1: Identifying the document type

Enveloped Signature

An enveloped-signature document is signed over the entire document excluding the actual Signature element itself. A generic structure is

<Envelope>
  <Body>...</Body>
  <Signature>
    <SignedInfo>
      ...
      <Reference URI="">
        <Transforms>
          <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
        </Transforms>
        ...
      </Reference>
    </SignedInfo>
    ...
  </Signature>
</Envelope>

The Signature may be a descendent of the root element 

<Envelope>
  <Body>
    <Etc/>
    <Signature/>
  </Body>
</Envelope>

The two clues to look for in the Signature element are the following 

<Reference URI="">
  <Transforms>
    <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
  </Transforms>
</Reference>

where URI="" (a "null URI") means include every non-comment node of the XML document that contains it, and the transform algorithm enveloped-signature means that the whole Signature element should be removed before computing the signature.

For an example of this type of document, see Sign enveloped signature document below.

Signed document with ID

These documents usually have two parts inside an outer envelope. 

<Envelope>
  <ToBeSigned/>
  <Signature/>
</Envelope>

The first part contains the data to be signed with a unique ID, in this example MyID, and the second part is the signature itself. A generic structure is

<Envelope>
  <ToBeSigned ID="MyID">...</ToBeSigned>
  <Signature>
    <SignedInfo>
      ...
      <Reference URI="#MyID">
      ...
      </Reference>
    </SignedInfo>
    ...
  </Signature>
</Envelope>

In this example outline, the reference URI is specific URI="#MyID" which means the signature should be computed over the element with ID attribute value MyID, including all descendents and attributes.

For an example of this type of document, see Sign document with ID below.

Signed SOAP document with WSS

WSS soap message security is a specification prepared by the OASIS Web Services Security (WSS) technical committee. It provides enhancements to SOAP messaging to provide message integrity and confidentiality.

<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
  <soap:Header>
    <wsse:Security
        xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" ...>
      <wsse:BinarySecurityToken ...> ...  </wsse:BinarySecurityToken>
      ...
      <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        ...
          <ds:Reference URI="#TheBody">
        ...
      </ds:Signature>
    </wsse:Security>
  </soap:Header>
  <soap:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="TheBody">
    ...
  </soap:Body>
</soap:Envelope>

The prefix doesn't have to be xmlns:soap. It could be xmlns:SOAP-ENV or xmlns:S11 or xmlns:s. So long as it's used consistently.

The XML-DSIG signature <ds:Signature> is included in the soap:Header along with other WS security enhancements. In the above outlined example, the signature is computed over the element with wsu:Id="TheBody", which in this case is the entire <soap:Body> element.

For an example of this type of document, see Sign SOAP document with WSS below.

XAdES-BES

The XML Advanced Electronic Signatures (XAdES) standard is an extension of the IETF XMLDSIG specification. XAdES is a set of XML schema definitions that define an object to be inserted into the <ds:Object> node of an XMLDSIG signature.

A Basic Electronic Signature (XAdES-BES) builds on XMLDSIG by incorporating certain qualifying properties. It provides basic authentication and integrity protection. 

<Envelope>
  <Invoice ID="MyInvoice">...</Invoice>
  <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="xmldsig-signature">
    <ds:SignedInfo>
      <ds:Reference URI="#MyInvoice" Id="xmldsig-ref0">...</ds:Reference>
      <ds:Reference URI="#xmldsig-keyinfo">...</ds:Reference>
      <ds:Reference Type="http://uri.etsi.org/01903#SignedProperties" URI="#xmldsig-signedprops">...
      </ds:Reference>
    </ds:SignedInfo>
    <ds:SignatureValue>...</ds:SignatureValue>
    <ds:KeyInfo Id="xmldsig-keyinfo">...</ds:KeyInfo>
    <ds:Object>
      <xades:QualifyingProperties xmlns:xades="http://uri.etsi.org/01903/v1.3.2#" Target="#xmldsig-signature">
        <xades:SignedProperties Id="xmldsig-signedprops">
          <xades:SignedSignatureProperties>
            <xades:SigningTime>...</xades:SigningTime>
            <xades:SigningCertificate>...</xades:SigningCertificate>
          </xades:SignedSignatureProperties>
          <xades:SignedDataObjectProperties>
            <xades:DataObjectFormat ObjectReference="#xmldsig-ref0">...</xades:DataObjectFormat>
          </xades:SignedDataObjectProperties>
        </xades:SignedProperties>
      </xades:QualifyingProperties>
    </ds:Object>
  </ds:Signature>
</Envelope>
The above outline shows a typical example of an XAdES-BES document. This example is signed over three references:
  1. The <Invoice> element with ID MyInvoice, the data we want to protect.
  2. The <ds:KeyInfo> element with Id xmldsig-keyinfo
  3. The <xades:SignedProperties> element inside the <ds:Object> element, with Id xmldsig-signedprops

The SignedProperties element includes a SigningCertificate property, which contains the reference and the digest value of the signing certificate.

In addition, there are cross references embedded inside the signed data between the elements with Id xmldsig-ref0 
    xades:DataObjectFormat ⇌ MyInvoice
and with Id xmldsig-signature 
    xades:QualifyingProperties ⇌ ds:Signature
All these signed cross references prevent an attacker swopping out these elements from the signed document and substituting their own.

For an example of this type of document, see Sign XAdES-BES document below.

Procedure to sign

In all cases, the procedure to sign the documents is the same.
  1. Prepare a base document with all the data in a well-formed XML format with placeholders in the <Signature> element. Be careful, white space is important.
  2. For each <Reference> in the signature,
    1. Compute the C14N transformation for the part of the document given in the reference.
    2. Compute the digest over this C14N transformed data
    3. Substitute the base64-encoded value of the digest in the <DigestValue> element.
  3. Compute the signature value over the C14N transformed <SignedInfo> element. We can do this in two stages.
    1. Compute the C14N transformation of the subset <SignedInfo>
    2. Compute an RSA signature over this using the signer's private key.
  4. Substitute the signature value encoded in base64 in the <SignatureValue> element

In the examples below, we use Alice's private key to do the signing.

Whitespace is important

Whitespace in the document is important!

We cannot emphasise enough that whitespace between the elements is important when signing XML documents.

These three documents have the same semantic content but will have different signature values because the whitespace between the elements is different. 
<Envelope>
  <Body>...</Body>
  <Signature>
    ...
  </Signature>
</Envelope>

<Envelope>
<Body>...</Body>
<Signature>
...
</Signature>
</Envelope>

<Envelope><Body>...</Body><Signature>...</Signature></Envelope>

In the examples on this page, we sign the documents in "pretty-printed" form, nicely indented (with spaces, not tabs), to make it easier to see what is happening.

In practice, we recommend you use the "flattened" one-line approach, like the third case, with no white space at all between the element tags. But make sure you compute the C14N transformations over the flattened base document.

See the Alternative "flattened" version of the SOAP example below.

Section 2: Examples

Sign enveloped signature document: example

Example base document: env-sig1-base.xml
Final signed document: env-sig1-signed.xml

Let's examine the Signature element in the base document for this example

  <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
    <SignedInfo>
      <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
      <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
      <Reference URI="">
        <Transforms>
          <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
        </Transforms>
        <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
        <DigestValue>@!DIGVAL!@</DigestValue>
      </Reference>
    </SignedInfo>
    <SignatureValue>@!SIGVAL!@</SignatureValue>
    <KeyInfo>
      <!-- /CUT/ -->
    </KeyInfo>
  </Signature>

Canonicalization

In earlier pages on XML-DSIG, we showed how you could carry out the Canonicalization of an XML document using "by hand" methods working in a text editor.

Here, we use our SC14N utility on the command line to see the C14N transformed data to be digested. 
sc14n -x Signature env-sig1-base.xml

<Invoice>
  <Client>Marge Simpson</Client>
  <Amount>847.63</Amount>

</Invoice>
where the option -x Signature means exclude the element with name Signature. (Note the white space in this example outside the actual Signature element, which is retained and is important)

We can also compute the SHA-1 digest of this data directly, using the "-d" option.

sc14n -d -x Signature env-sig1-base.xml
wNowPDgtPkF2fZlyGURmSTXmOso=
This base64-encoded digest value is substituted for the @!DIGVAL!@ placeholder inthe base document.

Having completed the SignedInfo element, we can compute the signature over that data. The digest of the C14-transformed <SignedInfo> element can be found as follows.

sc14n -d -s SignedInfo env-sig1-signed.xml
y1r4smbzRRqqH/5unQZ80tgm+e4=
This digest value can be used to compute the final signature value using the signer's private RSA key, which is then substituted for the SignatureValue placeholder. The signed document is now complete.

C# code to do this

Sign an enveloped-signature XML-DSIG document using CryptoSys PKI and SC14N.

Sign document with ID: example

Example base document: sig-id2-base.xml
Final signed document: sig-id2-signed.xml

The Signature element in this example is:

  <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
    <ds:SignedInfo>
      <ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
      <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
      <ds:Reference URI="#MyInvoice">
        <ds:Transforms>
          <ds:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
        </ds:Transforms>
        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
        <ds:DigestValue>@!DIGVAL!@</ds:DigestValue>
      </ds:Reference>
    </ds:SignedInfo>
    <ds:SignatureValue>@!SIGVAL!@</ds:SignatureValue>
    <ds:KeyInfo>
      <!-- /CUT/ -->
    </ds:KeyInfo>
  </ds:Signature>

The C14N transformed data to be digested is as follows:

sc14n -S "ID=MyInvoice" sig-id2-base.xml

<Invoice xmlns="http://example.com/invoice/" ID="MyInvoice">
    <Client>Marge Simpson</Client>
    <Amount>847.63</Amount>
  </Invoice>
where the option -S "ID=MyInvoice" means include the subset with ID. The SHA-256 digest over this transformed data is found as follows: 
sc14n -d2 -S "ID=MyInvoice" sig-id2-base.xml
6+2TsbCd1x+P5vxjuBaC0ocxInh3wYMu6eBZWIyMcjY=

C# code to do this

Sign a XML-DSIG document with an ID reference using CryptoSys PKI and SC14N.

Sign SOAP document with WSS: example

Example base document: soap-example-base.xml
Final signed document: soap-example-signed.xml

The Signature element in this example is:

  <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
    <ds:SignedInfo>
      <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
        <c14n:InclusiveNamespaces xmlns:c14n="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="ds wsu soap" />
      </ds:CanonicalizationMethod>
      <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
      <ds:Reference URI="#TheBody">
        <ds:Transforms>
          <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
            <c14n:InclusiveNamespaces xmlns:c14n="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="wsu soap" />
          </ds:Transform>
        </ds:Transforms>
        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
        <ds:DigestValue>@!DIGVAL!@</ds:DigestValue>
      </ds:Reference>
    </ds:SignedInfo>
    <ds:SignatureValue>@!SIGVAL!@</ds:SignatureValue>
    <ds:KeyInfo>
      <!-- /CUT/ -->
    </ds:KeyInfo>
  </ds:Signature>

The C14N transformed data to be digested is as follows:

> sc14n -e -p "wsu soap" -S "wsu:Id=TheBody" soap-example-base.xml

<soap:Body xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="TheBody">
    <getVersion xmlns="http://msgsec.example.com"></getVersion>
  </soap:Body>
The SHA-256 digest over this transformed data is found as follows: 
> sc14n -d2 -e -p "wsu soap" -S "wsu:Id=TheBody" soap-example-base.xml
m08TWBsFxFQIN3Vuab3HbUcy932fI8DFnf7NedTjF/c=

Alternative "flattened" version

The above example was signed over a "pretty-printed" base with indents and newlines to show the form of the document more easily. In practice, SOAP documents are generally sent in a one-line "flattened" form like this
soap-example-flattened-signed.xml
The semantic content is identical to the pretty example above but the digest value and signature values are different.

C# code to do this

Sign a SOAP document with WSS using CryptoSys PKI and SC14N.

Sign XAdES-BES document: example

Example base document: xades-bes1-base.xml
Final signed document: xades-bes1-signed.xml

The Signature element in this example is:

  <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="xmldsig-signature">
    <ds:SignedInfo>
      <ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
      <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
      <ds:Reference URI="#MyInvoice" Id="xmldsig-ref0">
        <ds:Transforms>
          <ds:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
        </ds:Transforms>
        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
        <ds:DigestValue>@!DIG-REF0!@</ds:DigestValue>
      </ds:Reference>
      <ds:Reference URI="#xmldsig-keyinfo">
        <ds:Transforms>
          <ds:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
        </ds:Transforms>
        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
        <ds:DigestValue>@!DIG-KEYINFO!@</ds:DigestValue>
      </ds:Reference>
      <ds:Reference URI="#xmldsig-signedprops" Type="http://uri.etsi.org/01903#SignedProperties">
        <ds:Transforms>
          <ds:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
        </ds:Transforms>
        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
        <ds:DigestValue>@!DIG-SIGNEDPROPS!@</ds:DigestValue>
      </ds:Reference>
    </ds:SignedInfo>
    <ds:SignatureValue>@!SIGVAL!@</ds:SignatureValue>
    <ds:KeyInfo Id="xmldsig-keyinfo">
      <!-- /CUT/ -->
    </ds:KeyInfo>
  </ds:Signature>

The C14N transformed form of the main element to be signed is:

> sc14n -S "ID=MyInvoice" xades-bes1-base.xml

<Invoice ID="MyInvoice">
    <Client>Marge Simpson</Client>
    <Amount>847.63</Amount>
  </Invoice>
The SHA-256 digests for the three references can be found as follows: 
> sc14n -d2 -S "ID=MyInvoice" xades-bes1-base.xml
r6YfXvQbTc7UvR9HaAwmiVpJvCJoLE8I+iYk8cSpfOY=

> sc14n -d2 -S "xmldsig-keyinfo" xades-bes1-base.xml
gETpjHP4SKV4Wgxpra3123ZhP8Nqfa556+PtxqP+EXw=

> sc14n -d2 -S "xmldsig-signedprops" xades-bes1-base.xml
i07ubwVc8oeOUo3QhaMmg/POnkytK2PxtC3KcYRMc24=

C# code to do this

Sign a XAdES-BES document using CryptoSys PKI and SC14N.

The KeyInfo element

The <KeyInfo> is an optional element that enables the recipient to obtain the key needed to validate the signature.

In the above examples, the <KeyInfo> element is as follows (sometimes with a "ds:" prefix) 

<KeyInfo>
  <KeyValue>
	<RSAKeyValue>
	  <Modulus>
	  4IlzOY3Y9fXoh3Y5f06wBbtTg94Pt6vcfcd1KQ0FLm0S36aGJtTSb6pYKfyX7PqCUQ8wgL6xUJ5GRPEsu9gyz8ZobwfZsGCsvu40CWoT9fcFBZ
	  PfXro1Vtlh/xl/yYHm+Gzqh0Bw76xtLHSfLfpVOrmZdwKmSFKMTvNXOFd0V18=
	  </Modulus>
	  <Exponent>AQAB</Exponent>
	</RSAKeyValue>
  </KeyValue>
  <X509Data>
	<X509Certificate>
	MIICLDCCAZWgAwIBAgIQRjRrx4AAVrwR024uxBCzsDANBgkqhkiG9w0BAQUFADAS
	MRAwDgYDVQQDEwdDYXJsUlNBMB4XDTk5MDkxOTAxMDg0N1oXDTM5MTIzMTIzNTk1
	OVowEzERMA8GA1UEAxMIQWxpY2VSU0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
	AoGBAOCJczmN2PX16Id2OX9OsAW7U4PeD7er3H3HdSkNBS5tEt+mhibU0m+qWCn8
	l+z6glEPMIC+sVCeRkTxLLvYMs/GaG8H2bBgrL7uNAlqE/X3BQWT3166NVbZYf8Z
	f8mB5vhs6odAcO+sbSx0ny36VTq5mXcCpkhSjE7zVzhXdFdfAgMBAAGjgYEwfzAM
	BgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIGwDAfBgNVHSMEGDAWgBTp4JAnrHgg
	eprTTPJCN04irp44uzAdBgNVHQ4EFgQUd9K00bdMioqjzkWdzuw8oDrj/1AwHwYD
	VR0RBBgwFoEUQWxpY2VSU0FAZXhhbXBsZS5jb20wDQYJKoZIhvcNAQEFBQADgYEA
	PnBHqEjME1iPylFxa042GF0EfoCxjU3MyqOPzH1WyLzPbrMcWakgqgWBqE4lradw
	FHUv9ceb0Q7pY9Jkt8ZmbnMhVN/0uiVdfUnTlGsiNnRzuErsL2Tt0z3Sp0LF6DeK
	tNufZ+S9n/n+dO/q+e5jatg/SyUJtdgadq7rm9tJsCI=
	</X509Certificate>
  </X509Data>
</KeyInfo>

In this example, the public key of the signer is provided in two different ways: as an <RSAKeyValue> and inside an <X509Certificate> element.

In general, just the <X509Certificate> is sufficient. The <RSAKeyValue> is provided here so the document can be verified on the Online XML Digital Signature Verifer site. (Hint: always put the KeyValue first otherwise you will get a warning.)

There are many other ways to provide the KeyInfo information. Please refer to the specification documents.

Alice's private key and X.509 certificate

In the examples above, we use Alice's RSA key from [RFC4134] to do the signing, with PKCS#8 encrypted private key AlicePrivRSASign.p8e (password: "password"), and corresponding X.509 certificate AliceRSASignByCarl.cer. 

> python
Python 3.9.1 ...
>>> from cryptosyspki import *
>>> print(X509.text_dump_tostring('AliceRSASignByCarl.cer', X509.Opts.DECIMAL | X509.Opts.LDAP))
X.509 CERTIFICATE
Version: 3
Serial Number:
  93318145165434344057210696409401045936
Issuer:
  CN=CarlRSA
Subject:
  CN=AliceRSA
Validity:
  NotBefore: 1999-09-19T01:08:47Z
  NotAfter:  2039-12-31T23:59:59Z
Subject Public Key Algorithm: rsaEncryption
  RSA key length: 1024 bits
  Modulus:
    E0 89 73 39 8D D8 F5 F5 E8 87 76 39 7F 4E B0 05
    BB 53 83 DE 0F B7 AB DC 7D C7 75 29 0D 05 2E 6D
    12 DF A6 86 26 D4 D2 6F AA 58 29 FC 97 EC FA 82
    51 0F 30 80 BE B1 50 9E 46 44 F1 2C BB D8 32 CF
    C6 68 6F 07 D9 B0 60 AC BE EE 34 09 6A 13 F5 F7
    05 05 93 DF 5E BA 35 56 D9 61 FF 19 7F C9 81 E6
    F8 6C EA 87 40 70 EF AC 6D 2C 74 9F 2D FA 55 3A
    B9 99 77 02 A6 48 52 8C 4E F3 57 38 57 74 57 5F
  Exponent:
    01 00 01
X509v3 Extensions:
  Subject Type: End Entity
  Key Usage[!]:
    digitalSignature,nonRepudiation
  Authority Key Identifier:
    e9e09027ac78207a9ad34cf242374e22ae9e38bb
  Subject Key Identifier:
    77d2b4d1b74c8a8aa3ce459dceec3ca03ae3ff50
  Subject Alternative Name:
    RFC822 Name: AliceRSA@example.com
Signature Algorithm: sha1WithRSAEncryption
Signature Hash Algorithm: sha1
Signature Value:
  3E 70 47 A8 48 CC 13 58 8F CA 51 71 6B 4E 36 18
  5D 04 7E 80 B1 8D 4D CC CA A3 8F CC 7D 56 C8 BC
  CF 6E B3 1C 59 A9 20 AA 05 81 A8 4E 25 AD A7 70
  14 75 2F F5 C7 9B D1 0E E9 63 D2 64 B7 C6 66 6E
  73 21 54 DF F4 BA 25 5D 7D 49 D3 94 6B 22 36 74
  73 B8 4A EC 2F 64 ED D3 3D D2 A7 42 C5 E8 37 8A
  B4 DB 9F 67 E4 BD 9F F9 FE 74 EF EA F9 EE 63 6A
  D8 3F 4B 25 09 B5 D8 1A 76 AE EB 9B DB 49 B0 22
SHA-1 Thumbprint:
  b30c48855055c2e64ce3196492d4b83831a6b3cb
SHA-256 Thumbprint:
  10e79a9993c26a87f2109ec1e81e0ac3ada0ee1bac1fe57fd85450e2c7c2406b

Summary of completed signed files

Summary of example signed files above:

All these examples should verify at the Online XML Digital Signature Verifier site if you copy and paste them.

Succeeded

New2022-03-20: See Troubleshooting problems on the 'Online XML Digital Signature Verifier' site.

What is that !DOCTYPE declaration?

In some examples above you will see a DOCTYPE declaration like this 
<!DOCTYPE Envelope [
<!ATTLIST Invoice ID ID #IMPLIED>
]>
This is needed by the Online XML Digital Signature Verifier site if there is a Reference element with a URI like URI="#MyInvoice". The site that evaluates your XML-DSIG documents may not require this, in which case it can be safely deleted.

Notes on RSA signature algorithm

All the examples on this page use the RSA PKCS1-v1_5 signature algorithm, more formally the RSASSA-PKCS1-v1_5 algorithm, described in s8.2 of RFC 8017 [PKCS #1 v2.2], where RSASSA means "RSA Signature Scheme with Appendix". The algorithms we use have the type identifiers sha1WithRSAEncryption and sha256WithRSAEncryption. In the XML-DSIG world, these are identified as rsa-sha1 and rsa-sha256.

Here are some of the advantages of using RSASSA-PKCS1-v1_5

Downloads

Download example files used above: xmldsig3-examples.zip (14 kB).

References

Contact us

To contact us or comment on this page, please send us a message.

This page first published 24 February 2022. Last updated 15 November 2022.