Sign with the originator private RSA or DSA key, and verify with a RSA or DSA retrieval method

Use if the sender of the XML document provides the public RSA or DSA key in XML form (and via http, tcp or a file protocol).

Only the originator can sign a message with this specific pair of keys. Any other peer needs the corresponding public key and does not have access to the private key.

How to sign

  1. Create a RSA or DSA key with the constructor of the CryptoKey class.
  2. Load the RSA or DSA private key into the CryptoKey object.
  3. Set the RetrievalMethod feature on the CryptoKey object with the URL where the XML form of the public RSA or DSA key is available.
  4. Create a blank signature with the constructor of the Signature class.
  5. Assign the CryptoKey object to the Signature object.
  6. Create one or more references to be signed.
  7. Compute the signature.
  8. Retrieve the XML signature document from the Signature object.

How to verify

  1. Create a signature with the constructor of the Signature class and from a XML signature node obtained after the above compute operation.
  2. Verify the signature validity.
    Note: There is no key nor certificate to set in the Signature object during validation.