XML Digital Signature API Functionality
CryptXML provides a low level set of APIs that allow applications to create and verify enveloped, enveloping, and detached signatures. You can use CryptXML to create and verify content stored in signature object elements, including manifests. A public/private, shared key, or an X.509 certificate or certificate chain can be used to sign and verify the XML digital signature.
Applications that use CryptXML to verify external references (references that target an external document or file outside of the document context) must resolve the external URIs and retrieve the data to be digested.
For information about the cryptographic algorithms supported by CryptXML, see XML Digital Signature Cryptographic Algorithms.
CryptXML provides support for the canonicalization algorithms with the following identifiers.
| Constant | URI value |
|---|---|
| wszURI_CANONICALIZATION_C14N |
"https://www.w3.org/TR/2001/REC-xml-c14n-20010315" |
| wszURI_CANONICALIZATION_C14NC |
"https://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments" |
| wszURI_CANONICALIZATION_EXSLUSIVE_C14N |
"https://www.w3.org/2001/10/xml-exc-c14n#" |
| wszURI_CANONICALIZATION_EXSLUSIVE_C14NC |
"https://www.w3.org/2001/10/xml-exc-c14n#WithComments" |
CryptXML provides support for the enveloped signature transform.
| Constant | URI value |
|---|---|
| wszURI_XMLNS_TRANSFORM_ENVELOPED |
"https://www.w3.org/2000/09/xmldsig#enveloped-signature" |
By default, CryptXML does not support XPath or XSLT transforms. If required, applications can implement these transforms on top of CryptXML.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for