Sign with the originator private RSA or DSA key, and verify with the originator X509 certificate associated to the private RSA or DSA key
Use if the receiver of the XML document has the X509 certificate associated to the RSA or DSA private key.
Only the originator can sign a message with this specific pair of keys. Any other peer needs the corresponding public key and does not have access to the private key.
How to sign
- Create a RSA or DSA key with the constructor of the CryptoKey class.
- Load the RSA or DSA private key into the CryptoKey object.
- Create a blank signature with the constructor of the Signature class.
- Assign the CryptoKey object to the Signature object.
- Create one or more references to be signed.
- Compute the signature.
- Retrieve the XML signature document from the Signature object.
How to verify
- Create a X509 certificate with the constructor of the CryptoX509 class.
- Load the X509 certificate into the CryptoKey object.
- Create the RSA or DSA public key from the X509 certificate of the CryptoX509 object.
- Create a signature with the constructor of the Signature class and from a XML signature node obtained after the above compute operation.
- Assign the CryptoKey object containing the public key to the Signature object.
- Verify the signature validity.