Use if the receiver of the XML document has the X509 certificate associated to the RSA or
DSA private key.
Only the originator can sign a message with this specific pair of
keys. Any other peer needs the corresponding public key and does not have access to the private
key.
How to sign
- Create a RSA or DSA key with the constructor of the CryptoKey
class.
- Load the RSA or
DSA private key into the CryptoKey object.
- Create a blank signature with the constructor of the Signature
class.
- Assign the
CryptoKey object to the Signature object.
- Create one or more
references to be signed.
- Compute the
signature.
- Retrieve
the XML signature document from the Signature object.
How to verify
- Create a X509 certificate with the constructor of the
CryptoX509 class.
- Load the X509
certificate into the CryptoKey object.
- Create the RSA or DSA public
key from the X509 certificate of the CryptoX509 object.
- Create a signature with the constructor
of the Signature class and from a XML signature node obtain after the above compute operation.
- Assign the
CryptoKey object containing the public key to the Signature object.
- Verify the
signature validity.