Sign a Document
This topic describes how to sign an XPS document.
Before using the following code examples in your program, read the disclaimer in Common Digital Signature Programming Tasks.
To sign an XPS document, first load it into a signature manager as described in Initialize the Signature Manager.
To sign a document that has been loaded into a signature manager:
- Instantiate an IXpsSigningOptions interface.
- Set the signing policy.
- Set the signature method. Signature method URI string constants are defined in cryptxml.h. For more information about valid signature method values, see IXpsSigningOptions::SetSignatureMethod.
- Set the digest method. Digest method URI string constants are defined in cryptxml.h. For information about valid digest method values, see IXpsSigningOptions::SetDigestMethod.
- Load the certificate as described in Load a Certificate From a File.
- Verify that the certificate supports the signature method, as described in Verify That a Certificate Supports a Signature Method.
- Verify that the digest method is supported by the system, as described in Verify the System Supports a Digest Method.
- If required, embed the certificates of the certificate trust chain in the XPS document as described in Embed Certificate Chains in a Document.
- Sign the XPS document.
The following code example illustrates how to use the preceding steps in a program.
// this example requires:
// cryptxml.h
// and refers to local methods that are described
// in other topics
HRESULT hr = S_OK;
BOOL supported = FALSE;
BOOL succeeded = FALSE;
IXpsSigningOptions *signingOptions = NULL;
IXpsSignature *signature = NULL;
PCCERT_CONTEXT certificate = NULL;
// Instantiate an IXpsSigningOptions interface.
hr = signatureManager->CreateSigningOptions (&signingOptions);
if (SUCCEEDED(hr)) {
// Set the signing policy to indicate the document parts
// to sign.
hr = signingOptions->SetPolicy (XPS_SIGN_POLICY_CORE_PROPERTIES);
}
if (SUCCEEDED(hr)) {
// Set the digital signature method to use to generate the
// signature hash value.
//
// The signature method used in this example is
// defined in cryptxml.h.
hr = signingOptions->SetSignatureMethod (
wszURI_XMLNS_DIGSIG_RSA_SHA1);
}
if (SUCCEEDED(hr)) {
// Set the digest method to use.
//
// The digest method used in this example is
// defined in cryptxml.h.
hr = signingOptions->SetDigestMethod (wszURI_XMLNS_DIGSIG_SHA1);
}
if (SUCCEEDED(hr)) {
// Load a certificate from a certificate file
hr = LoadCertificateFromFile (signingCertificate, &certificate);
}
if (SUCCEEDED(hr)) {
// Verify the certificate supports the digest method
supported = SupportsDigestAlgorithm (
wszURI_XMLNS_DIGSIG_SHA1);
if (!supported) hr = E_FAIL;
}
if (SUCCEEDED(hr)) {
// Verify the signature method is supported by the certificate
// and the system
supported = SupportsSignatureAlgorithm(
wszURI_XMLNS_DIGSIG_RSA_SHA1, certificate);
if (!supported) hr = E_FAIL;
}
if (SUCCEEDED(hr)) {
// Embed the certificate trust chain in the XPS package (optional).
hr = EmbedCertificateChainInXpsPackage (signingOptions, certificate);
}
if (SUCCEEDED(hr)) {
// Sign the XPS document
hr = signatureManager->Sign (signingOptions, certificate, &signature);
}
//<Free the certificate context
if (NULL != certificate) CertFreeCertificateContext (certificate);
if (NULL != signingOptions) signingOptions->Release();
if (NULL != signature) signature->Release();
Next Steps
Add a Signature Request to an XPS Document
Used in This Section
IXpsSignatureManager::CreateSigningOptions
IXpsSigningOptions::SetDigestMethod
IXpsSigningOptions::SetSignatureMethod
For More Information
Load a Certificate From a File
Verify a Certificate Supports a Signature Method
Verify the System Supports a Digest Method
Embed Certificate Chains in a Document