Verify a detached signature using a HMAC key

In the example, you verify the document signed with an HMAC key.

The HMAC key was created in the sample Create a detached signature using a HMAC key, against the original unsigned document ("MyDocument.xml").

If you used the sample content provided in XML document (unsigned) to create the signed document, then you must verify the signature against this document to test the sample code.

IMPORT xml

MAIN
  DEFINE doc xml.DomDocument
  DEFINE sig xml.Signature
  DEFINE key xml.CryptoKey
  DEFINE isVerified INTEGER
  # Create DomDocument object
  LET doc = xml.DomDocument.Create()
  # Notice that whitespaces are significant in cryptography, 
  # therefore it is recommended to remove unnecessary ones 
  CALL doc.setFeature("whitespace-in-element-content",FALSE)
  TRY
    # Load Signature into a DomDocument object
    CALL doc.load("MyDocumentDetachedSignature.xml")
    # Create signature object from DomDocument root node
    LET sig = xml.Signature.CreateFromNode(doc.getDocumentElement())
    # Create HMAC key and assign it to the signature object
    LET key = xml.CryptoKey.Create("http://www.w3.org/2000/09/xmldsig#hmac-sha1")
    CALL key.setKey("secretpassword")
    CALL sig.setKey(key)
    # Load original XML document into a DomDocument object
    CALL doc.load("MyDocument.xml")
    # Verify detached signature validity of original document
    LET isVerified = sig.verify(doc)
    # Notice that if something has been modified in the node 
    # with attribute 'xml:id="code"' of the original XML document,
    # the program will display "FAILED".
    IF isVerified THEN
      DISPLAY "Signature OK"
    ELSE
      DISPLAY "Signature FAILED"
    END IF
  CATCH
    DISPLAY "Unable to verify the detached signature :",status
  END TRY
END MAIN

All keys or certificates in PEM or DER format were created with the OpenSSL tool. For information on how the OpenSSL tool works, refer to the OpenSSL documentation.