Verify a detached signature using a HMAC key
In the example, you verify the document signed with an HMAC key.
The HMAC key was created in the sample Create a detached signature using a HMAC key, against the original unsigned document ("MyDocument.xml").
If you used the sample content provided in XML document (unsigned) to create the signed document, then you must verify the signature against this document to test the sample code.
IMPORT xml
MAIN
DEFINE doc xml.DomDocument
DEFINE sig xml.Signature
DEFINE key xml.CryptoKey
DEFINE isVerified INTEGER
# Create DomDocument object
LET doc = xml.DomDocument.Create()
# Notice that whitespaces are significant in cryptography,
# therefore it is recommended to remove unnecessary ones
CALL doc.setFeature("whitespace-in-element-content",FALSE)
TRY
# Load Signature into a DomDocument object
CALL doc.load("MyDocumentDetachedSignature.xml")
# Create signature object from DomDocument root node
LET sig = xml.Signature.CreateFromNode(doc.getDocumentElement())
# Create HMAC key and assign it to the signature object
LET key = xml.CryptoKey.Create("http://www.w3.org/2000/09/xmldsig#hmac-sha1")
CALL key.setKey("secretpassword")
CALL sig.setKey(key)
# Load original XML document into a DomDocument object
CALL doc.load("MyDocument.xml")
# Verify detached signature validity of original document
LET isVerified = sig.verify(doc)
# Notice that if something has been modified in the node
# with attribute 'xml:id="code"' of the original XML document,
# the program will display "FAILED".
IF isVerified THEN
DISPLAY "Signature OK"
ELSE
DISPLAY "Signature FAILED"
END IF
CATCH
DISPLAY "Unable to verify the detached signature :",status
END TRY
END MAIN
Note: All keys or certificates in PEM or DER format were created with
the OpenSSL tool. For information on how the OpenSSL tool works, refer to the OpenSSL
documentation.