XMLDSIG_WRITEKEYINFO Enum
[This sample code uses features that were implemented in MSXML 5.0 for Microsoft Office Applications. XML digital signatures are not supported in MXSML 6.0 and later.]
The XMLDSIG_WRITEKEYINFO enumeration defines flags used to specify how the <ds:KeyInfo> element of a signed signature document will be filled in after the XML data is signed successfully. Each of the element is passed in as an input parameter in the sign Method.
Syntax
enum _XMLDSIG_WRITEKEYINFO
{
NOKEYINFO = 0,
KEYVALUE = 1,
CERTIFICATES = 2,
PURGE = 4
};
Values
NOKEYINFO
No information will be inserted into the <ds:KeyInfo> element. Any existing content of the <ds:KeyInfo> element remains intact.
KEYVALUE
Add an appropriate <ds:KeyValue> element and its relevant child elements to the <ds:KeyInfo> element, leaving other elements intact.
CERTIFICATES
Add available, certificates to <ds:KeyInfo>, leaving other elements intact. In this case, the <ds:KeyInfo> element will contain the <ds:X509Data> element and its relevant child elements. See Remarks below for more information.
PURGE
The <ds:KeyInfo> element will be empty. Any existing content is purged.
Remarks
The fWriteKeyInfo parameter value passed in to the sign method can take an individual elemental value listed above or a combination of them. The combined values have the following meaning:
| fWriteKeyInfo | Description |
|---|---|
| KEYVALUE | CERTIFICATES | Add key value and certificates to <ds:KeyInfo>, leaving anything else intact. |
| KEYVALUE | CERTIFICATES | PURGE | Remove everything from <ds:KeyInfo> first and then add key value and certificates. |
| KEYVALUE | PURGE | Remove everything from <ds:KeyInfo> first and then add key value. |
| CERTIFICATES | PURGE | Remove everything from <ds:KeyInfo> first and then add certificates. |
When you sign data with the CERTIFICATES flag and the key has a matching certificate in the "MY" certificate store, the certificate will be inserted into the resultant signature document. A key has a matching certificate if any of the following conditions are true:
It is created using the createKeyFromCertContext method.
It is create using the createKeyFromCSP method and there is a corresponding certificate in the "MY" certificate store.
A certificate store has been set using the
putref_storeproperty method or thesetStoreHandlemethod.
Example
See the example given for the sign Method.