[This sample code uses features that were implemented in MSXML 5.0 for Microsoft Office Applications. XML digital signatures are not supported in MXSML 6.0 and later.]
Signs the document referenced in the
<ds:Signature> element that has been assigned to the signature property of this
IXMDigitalSignature object. The key object supplied must contain a private key and can be generated from one of the following methods:
var oSignedKey = objXMLDigitalSignature.sign(oKey, fwWriteKeyInfo);
Visual Basic Syntax
Set oSignedKey = objXMLDigitalSignature.sign (oKey, fwWriteKeyInfo)
C/C++ Syntax Using Smart Pointers
IXMLDSigKeyPtr oSignedKey = objXMLDigitalSignature->sign(oKey, fwWriteKeyInfo);
HRESULT sign( IXMLDSigKey* oKey, XMLDSIG_WRITEKEYINFO fwWriteKeyInfo, IXMLDSigKey** oSignedKey);
A key object implementing the
IXMLDSigKey interface. This object cannot be NULL.
A flag to specify how the key information should be handled in the resultant signature object. Possible values are discussed in XMLDSIG_WRITEKEYINFO enum.
IXMLDSigKey object used in signing. The return parameter is NULL if the method failed. Otherwise it is the same object passed in the
The value returned if the method call was successful.
The value returned if the implementation failed to get the data for CryptoAPI.
The value returned if the method is called in a non-trusted context or the caller lacks a sufficient permission to access the supplied key.
In addition, the method passes the failure codes from CryptoAPI that are not covered by S_FALSE or NULL.
Signing using this method amounts to performing the following tasks:
Calculate digest values for the document referenced in every
URIattribute of the
<ds:Reference>element. If the
URIattribute is absent, data set by
Perform the transformations specified in the optional
Calculate the digest of the referenced data using the algorithm named in the
<ds:DigestMethod>child element in the signature template and output the hash value as the text value of the
Fill in the
<ds:SignatureMethod>element with the name of the algorithm determined by the signing key. For HMAC,
<ds:HMACOutputLength>is created, if absent, and its content is set according to the value of the
lengthparameter of the
Canonicalize the content of the
<ds:SignedInfo>element using the algorithm named in the
Calculate the digest of the canonicalized
<ds:SignedInfo>to produce the signature hash.
Sign the signature hash using the private key provided and saves this signed signature as the text value of the
Save the information of the key and certificates to the
<ds:KeyInfo>element according the value of
fWriteKeyInfoparameter passed to the
Return the key in the
oSignedKeyparameter if signing succeeded. Otherwise return NULL.
From this we see how a signature template might be set up. For more information on how to set up the signature template, see the discussions given in the
signature Property topic.
sign method is the only method that can change the
<ds:Signature> element specified by the
You cannot sign any data in a non-trusted context, such as a script embedded in an HTML page. Doing so will result in an error.
The following example illustrates how the
sign method is used to sign data with XML digital signature. It uses a simple signature template (signature_template.sign.rsa.xml) as the input. The template has three empty sub elements:
<ds:KeyInfo>. The first two will be filled in after
sign returns. The last one will be filled in when
sign is called with
fwWriteKeyInfo=KEYVALUE. It is left intact if
fwWriteKeyInfo=NOKEYINFO and all the existing content is cleared if
<X509Data> element is inserted when the certificate of the key used is available.
We've provided source files for the sample in three languages: JScript, Visual Basic, and C++. The output is the same in each language.
MSXML 5.0 for Microsoft Office Applications and later