Using XPS Digital Signature API
This topic lists considerations for using the XPS Digital Signature API to add digital signatures to an XPS document.
The XPS Digital Signature API enables applications to request users to sign XPS documents and to verify signatures that are found in XPS documents. The XPS Digital Signature API can be applied to an XPS document without loading it into an XPS OM, and it can be used on XPS document streams that are serialized from an XPS OM.
The XPS Digital Signature API Programming Tasks section contains topics that describe how to program with the XPS Digital Signature API. This topic lists the following considerations for using the XPS Digital Signature API when adding digital signature support to an application.
- XPS Digital Signature API Programming Tasks
- Special Notes about XPS Digital Signature API Programming
- Verifying Digital Signatures in an XPS Document
- Digital Signature Signing Policy
- Embedding a Certificate Chain
- Using the CERT_CONTEXT Structure
- Related topics
XPS Digital Signature API Programming Tasks
This section contains topics that describe how to perform programming tasks by using the XPS Digital Signature API.
- Common Digital Signature Programming Tasks Initialize the Signature Manager Sign a Document Add a Signature Request to an XPS Document Verify Document Signatures
- Additional Digital Signature Programming Tasks Load a Certificate From a File Verify That a Certificate Supports a Signature Method Verify the System Supports a Digest Method Embed Certificate Chains in a Document
Special Notes about XPS Digital Signature API Programming
The following topics require some special consideration when you use the XPS Digital Signature API.
- Verifying Digital Signatures in an XPS Document
- Digital Signature Signing Policy
- Embedding a Certificate Chain
- Using the CERT_CONTEXT Structure
Verifying Digital Signatures in an XPS Document
IXpsSignature::Verify checks only the signed content to determine that it has not changed since it was signed. IXpsSignature::Verify does not verify any of the certificates that were used to sign the document content.
For more information about certificates and cryptography, see About Cryptography.
For an example of how to verify document signatures in a program, see Verify Document Signatures and Certificates.
Digital Signature Signing Policy
The digital signature signing policy determines which parts of an XPS document are signed. One signing policy option is to sign the signature relationships that start from the signature origin part. Because the signature relationships change with each signature that is added, signatures that are made under this policy will break when new signatures are added. Make sure that you understand clearly the implications and effects of setting this policy; otherwise, unexpected or undesired behavior might result.
For more information about signing policies, see XPS_SIGN_POLICY.
Embedding a Certificate Chain
The certificates that make up the trust chain of a specific certificate can be added to an XPS document. Embedding these certificates can make it easier, in off-line scenarios, for an application to verify the certificates that a digital signature uses.
For more information about how to embed certificates in an XPS document, see Embed Certificate Chains in a Document.
Using the CERT_CONTEXT Structure
The CERT_CONTEXT and CERT_INFO structures are the main data structures that hold certificate information. For more information about using these structures, see Using a CERT_INFO Data Structure.
CERT_CONTEXT structures that are returned by Crypto API functions must be released when they are no longer needed. To release a CERT_CONTEXT structure, call the CertFreeCertificateContext function.
Related topics
Common Digital Signature Programming Tasks