XML Digital Signature API Functionality

CryptXML provides a low level set of APIs that allow applications to create and verify enveloped, enveloping, and detached signatures. You can use CryptXML to create and verify content stored in signature object elements, including manifests. A public/private, shared key, or an X.509 certificate or certificate chain can be used to sign and verify the XML digital signature.

Applications that use CryptXML to verify external references (references that target an external document or file outside of the document context) must resolve the external URIs and retrieve the data to be digested.

For information about the cryptographic algorithms supported by CryptXML, see XML Digital Signature Cryptographic Algorithms.

CryptXML provides support for the canonicalization algorithms with the following identifiers.

Constant URI value


CryptXML provides support for the enveloped signature transform.

Constant URI value


By default, CryptXML does not support XPath or XSLT transforms. If required, applications can implement these transforms on top of CryptXML.