Поделиться через


Offline Signing XML Example

[The AD RMS SDK leveraging functionality exposed by the client in Msdrm.dll is available for use in Windows Server 2008, Windows Vista, Windows Server 2008 R2, Windows 7, Windows Server 2012, and Windows 8. It may be altered or unavailable in subsequent versions. Instead, use Active Directory Rights Management Services SDK 2.1, which leverages functionality exposed by the client in Msipc.dll.]

An issuance license can be signed offline to minimize the number of connections that must be made to an Active Directory Rights Management Services (AD RMS) server. The following issuance license was created by using the Offline Signing Code Example and was signed offline by using the client licensor certificate. The client licensor certificate, also shown, is included in the certificate chain. The issuance license contains the following information:

  • The issue date and time.
  • The validity period.
  • The name and public key of the license issuer.
  • The nonsilent license acquisition URL.
  • The content ID and descriptive information. The content covered by the license is included in the WORK node.
  • The users and groups that can be granted issuance licenses and the rights available to them. These are encrypted by using the AD RMS server public key and included in the AUTHENTICATEDDATA node.
  • The content key. This is encrypted by using the AD RMS server public key and included in the AUTHENTICATEDDATA node with the users and rights information.
  • The exclusion policy associated with the license.
  • The digital signature of the license contents.
- <XrML version="1.2" xmlns="">
  - <BODY type="Microsoft Rights Label" version="3.0">
      <ISSUEDTIME>2008-04-02T17:23</ISSUEDTIME> 
    - <VALIDITYTIME>
        <FROM>2008-04-02T17:23</FROM> 
        <UNTIL>2009-04-02T17:23</UNTIL> 
      </VALIDITYTIME>
    - <ISSUER>
      - <OBJECT type="Group-Identity">
          <ID type="Windows">
            S-1-5-21-1226287486-3652005974-3671177567-1114
          </ID> 
          <NAME>someone@example.com</NAME> 
        </OBJECT>
      - <PUBLICKEY>
          <ALGORITHM>RSA</ALGORITHM> 
        - <PARAMETER name="public-exponent">
            <VALUE encoding="integer32">65537</VALUE> 
          </PARAMETER>
        - <PARAMETER name="modulus">
            <VALUE encoding="base64" size="1024">
               8y1eCRDpqOTD8BXewzapBrZAPFWmiOPP8rEF/gOTKPHXSSlxN
               APxd+SO7D/ZG4htYspE1swc+4dSTZYA33U0kaPsaY7XSz2MTA
               HFwDijS1B0/ix6QfK487OfYCJmjjnHYPcgTk5A9Aho8bViZx7
               0egTHA+ZOgEh8BE6JLJEfzuE=
            </VALUE> 
          </PARAMETER>
        </PUBLICKEY>
        <SECURITYLEVEL name="SDK" value="6.0.6000.16386"/> 
      </ISSUER>
      <DISTRIBUTIONPOINT>
      - <OBJECT type="License-Acquisition-URL">
          <ID type="MS-GUID">
            {0F45FD50-383B-43EE-90A4-ED013CD0CFE5}
          </ID> 
          <NAME>DRM Server Cluster</NAME> 
          <ADDRESS type="URL">
            http://example.com/_wmcs/licensing
          </ADDRESS> 
        </OBJECT>
      </DISTRIBUTIONPOINT>
    - <ISSUEDPRINCIPALS>
      - <PRINCIPAL internal-id="1">
        - <OBJECT type="MS-DRM-Server">
            <ID type="MS-GUID">
              {e03ee46f-e62a-48d7-81f0-2d8d5d522c9d}
            </ID> 
            <NAME>SREVER2008</NAME> 
            <ADDRESS type="URL">
              HTTP://example.com:80/_wmcs
            </ADDRESS> 
          </OBJECT>
        - <PUBLICKEY>
            <ALGORITHM>RSA</ALGORITHM> 
          - <PARAMETER name="public-exponent">
              <VALUE encoding="integer32">65537</VALUE> 
            </PARAMETER>
          - <PARAMETER name="modulus">
              <VALUE encoding="base64" size="1024">
                 1fn3bqaD3kdFtl+uo1mc/PKPNZyIjJ+KN+EACM72bSZwswcU
                 Tc8u75H0rllk9bgonpFTt9MCdfl7f+NC2OuWv2rC9nuBKt6C
                 N/wMEVpF+ByjkUzMTA1Ktu/ziS4BJ9L7t1bUWEqa3nWb1B6M
                 V/M+jeNgjiRMpGi+vzn3sD/d8Oo=</VALUE> 
            </PARAMETER>
          </PUBLICKEY>
          <SECURITYLEVEL name="Server-Version" value="6.0.0.0"/> 
          <SECURITYLEVEL name="Server-SKU" value="RMS 2.0"/> 
        - <ENABLINGBITS type="sealed-key">
            <VALUE encoding="base64" size="1536">
               Jl6MTBC91+Px8Z1b696BgcDhRKW5v1t+wv+xt7Cw+d38jROikf
               yRPcuGHaTp7f1aDdAXPpdX6Wuk8i8evjrFRxr6DT7SHyTa+rDA
               xhG2SDTw04b4fpf6S2uYaWkqbM5JwYyBFtJbHXHOQkwqlMjrk4
               hAFbI3v3GfI4GYmqdAiQIWsEg9/PA2CmqL9EAwNDru3d3/pTJx
               CBQLwzPvBcQdMsYv8a7sFleN4dzuG95T+9A0eVfUeHmfPzt6jB
               DfbyqQ</VALUE> 
          </ENABLINGBITS>
        </PRINCIPAL>
      </ISSUEDPRINCIPALS>
    - <WORK>
      - <OBJECT type="ContentType">
          <ID type="MS-GUID">
            {81E778EB-734B-47F8-8C43-82BF829918FA}
          </ID> 
          <NAME>ContentName</NAME> 
        </OBJECT>
      - <METADATA>
          <SKU type="SKUIdType">SKUId</SKU> 
        </METADATA>
      </WORK>
      <AUTHENTICATEDDATA id="Encrypted-Rights-Data">
         dC79wbnVJS3ecBCoARwLSuY5hY/gtg8hP3yqAjvDfK3+ygaA893/V9C2
         UcCcOB5gSghtjE3jok1s9KYXx/Ro09hPFjU0qhznThF+KKY6HTJOO+Fw
         VSQ6eO8VHkef6vfAWqAfroYyPSmebMSBWcTxHMSiaoaSoZcQUDAMvNwr
         I7foiS28Al40X+cvrke430hCC8sHKcx+l8hu3w7+r1bYLzHhY+jT8+Tx
         KTNSsmATP1bp3qF6enX565EHba1RN/QCJJU+72+MY3O64IUZJzmplR6g
         J1m3A08Ize1e8gx45qEyPHBrZbBo+zul0jX277eNmDlsXuXpOrri+si9
         wSIB5Eppx0R3GPF8wc/NCLgkA11R5Hs88EHpE0gKJcA7q2MZidrhJZOb
         3bQb91HTWQfPEXyLTlnz8LB1zJoFKbuqZ4dSZ1JB30o+df7ZWmmYcDVx
         r+TiHpuIjdHdvb75hnazwTrTsxU3WF88Tvkmn6TKWxrcP0hLIGTsHa3D
         XehChkSPZiE5OPCs+BXGlBpF+NxMwZI/ZeihM5eU0nzPzvmrVpnhfC0A
         O9hsPo+HHYjdM2eHdKS2Slz/b2zYrF6cuXX/H2iOyqwt6Zpojr6bXnV5
         0CCiYNVpvY68Tvx8pDnoxtsIloiECLBg/n+5FQ34qf85vopsL//ZojTc
         oMEkBy1wRcD5rjypynn/BSVfHgL0m7MtQ3f3oPwwEYCURctKrK0j3H85
         2V86f9mUWUKnAHECWFaeCAQ3rAvTabcZ+FoVbloC6nqAB8uq4xzshbRp
         ZAjnKhEXH+IXTkPcPYK3lFNeAJ2lfVBqsjz6CLnquWpSsrxvA3ofG3uM
         pvc9lP7oxvHdC2N7FUPdWXqnpvS3DtqjOxXMDDmZ2Di2LC22Ya3/WGqX
         ZaGfu8JEQZwmsux4w1DF8MLD7CzTOF7J2fBBpTSQ6f9IXxtgdzN3drlO
         wDhp5WYtBP4I1RkwPV8NVt3Vx74ky+0CAmj0EIzM6xxUcbAcIYYcpaEB
         yKXZuIXjNTpr8AeNIDtn5xQ/mWKlhyZXAIm2P+zlF3YiOB8dCXoN/FCQ
         g6oRrkvEOzyroUvc36kbQN37oRORecV/fwwT12SZL9rH6C/3qSGZPmlU
         1TzVmbD0aHz3aDd8GZjn1xuAsmydLQRyCmlKb6WhxSlKvRFi0w88hn+P
         P+NA9z6nrckS+SAfD4YK0NUJfA7IFfJbluq8KbQS96G+bpmJ6cpQ6iST
         en5KsrqqBXAZ9X6gqAACRiz2oDDJQB5RgBR4S8gB7sp+j8Jj3CA8x0z7
         O814WWZweB2CjOnNbr0be/mySzvUoiXdUrG5BiPNWSdwZClRP1n41R6f
         qAm/9jRYP0s6VJyv+K7/9k2PyJctH/4E5O9jDu5ZggrLXCYnTzcQt7YJ
         kz1cYkX5NQjLbYxyfHcSLtHWZ0h3nIyddoSyQ1XptrW6RVKe/xoQF89R
         ZEyWIl2xvaBrDv99SKuuvFVojOP9mLdf5edqPGtMyXadOnvJlrCriAoD
         GIPno+2sC4WRLEw0j75La4W9KZNA1/aE2N2ezP/ObmWEGVHkezzwQekT
         SAolwDurYxmJ2uElk5vdtBv3UdNZB88RfItOWfPwsHXMmgUpu6pnh1Jn
         UkHfSj51/tlaaZhwNXGv5OIem4iN0d29vvmGdrPBOtOzFTdYXzxO+Saf
         pMpbGtw/SEsgZOwdrcNd6EKGRI9ygiXHThfoeGnRQIWQeuosKZNA1/aE
         2N2ezP/ObmWEGT1pXORuySQOFif/Clb37v0KxRlEcMXQN9BSnWti3/rH
         4YuGqlsB89qozev0YZmWg0dRml4r7ZSTY4nqqWBd7n5d0TP1zoeCJtVc
         jGu67fCwtPJ2qgsZvK+uu7eii8FnAyD3B5DayRGJvU2h0zBVapmxO8na
         j24YC9C/1ThbPD5NcWHV96xf6OamAJXJ9Mv6TIpu4KJZ2V/SRrjsJf7l
         bU1sTukCJfExCaFthKi9mV4W1X8F9mi+LhzbbaiplpF2sh31ElUEIyKm
         YoAvDr1oz7dkszZnbNM5iLqCVHJBzh6E5l5RExw1X4A7SHPy19doGt+K
         BAoT5j5lOl47OFyyYuGEvnboyHmy0W4FcAaBH6pXHfuvG/Mx4QiUEUVo
         u7OiDuEs9C19lrhqvQktPxHteAlgjkpStQNECbeUqQpLeBrlB3pR8Fc+
         uw8k07hrH0WHtwq7mDUsFkDyNlCfnhhsofd4tRk9iFbG9Rk1Kn6BxOaw
         4doVk60brzRdLfJJQPf0gT5BA3fS9fV8a3inDDC1b7eSQ16/IZuWNnZv
         F/BJa1K/doQpma9ak/XwaNvc/0Rrg1Qme76o9brIjLNAGSu37D+uaAXg
         VdUfdja8YTvnvwU8jQdr24YRD18qmf+N3ZOEmIAGkwVtYtd9rNJu5Aqh
         aNDMKLD0pQhVKQHFgKFWYUqdmlPJIG9G9i3Oy2DQh/5J5OqBQc7e1H0E
         cpzTLHBJJ79ztZ16PXUl8bM2xbiuj89TVdYWm9xqy5qvld2GwPsqObWg
         xcjdp6SUaST+fsN9zvnri/xHW+41IB4WnE8uF2j/S/EZiOX88j35XoSe
         P9YCsUctGqp1vniXgjw5dssKbSMRr7/YN/dixfpqenBNaBWdJhKE6hHO
         7dktU0Qotym+DZxoNiRyYxqQdkDO5pgoAY9X+eL1f3xI7pk1hbttqfxb
         pSWMncNf+oOTEDNBU3YtFA==
       </AUTHENTICATEDDATA> 
    - <POLICYLIST type="exclusion">
      - <POLICY>
        - <OBJECT>
            <ID type="filename">ApplicationName</ID> 
            <VERSIONSPAN min="1.0.0.0" max="3.0.0.0"/> 
          </OBJECT>
        </POLICY>
      </POLICYLIST>
    </BODY>
  - <SIGNATURE>
      <ALGORITHM>RSA PKCS#1-V1.5</ALGORITHM> 
    - <DIGEST>
        <ALGORITHM>SHA1</ALGORITHM> 
      - <PARAMETER name="codingtype">
          <VALUE encoding="string">surface-coding</VALUE> 
        </PARAMETER>
        <VALUE encoding="base64" size="160">
          uF6wuBIXbm8241WXZwkKbyqN9Dw=
        </VALUE> 
      </DIGEST>
      <VALUE encoding="base64" size="1024">
        JyyBZPBLAzX0FxElj775Wycztet3K+9tVQ66qXleg6fbBsGfgcX6EFbFu
        wDauRlC1eAYltyZcIF7JaO2dspfgBoBcVznwG66vGZvYg0BLTSI5DjlQ6
        0u3AfduQn6oEVCSx9+QwUm2rlV2YUEwLTf+4l9ZPibRSMGZknQadhkE4w=
      </VALUE> 
    </SIGNATURE>
  </XrML>

- <XrML xmlns="" version="1.2">
  - <BODY type="LICENSE" version="3.0">
      <ISSUEDTIME>2008-03-19T17:30</ISSUEDTIME> 
    - <DESCRIPTOR>
      - <OBJECT type="Client-Licensor-Certificate">
          <ID type="MS-GUID">
            {458afc58-393a-42ce-aa59-8f488b47b095}
          </ID> 
        </OBJECT>
      </DESCRIPTOR>
    - <ISSUER>
      - <OBJECT type="MS-DRM-Server">
          <ID type="MS-GUID">
            {e03ee46f-e62a-48d7-81f0-2d8d5d522c9d}
          </ID> 
          <NAME>Server2008</NAME> 
          <ADDRESS type="URL">
            HTTP://example.com:80/_wmcs
          </ADDRESS> 
        </OBJECT>
      - <PUBLICKEY>
          <ALGORITHM>RSA</ALGORITHM> 
        - <PARAMETER name="public-exponent">
            <VALUE encoding="integer32">65537</VALUE> 
          </PARAMETER>
        - <PARAMETER name="modulus">
            <VALUE encoding="base64" size="1024">
               1fn3bqaD3kdFtl+uo1mc/PKPNZyIjJ+KN+EACM72bSZwswcUT
               c8u75H0rllk9bgonpFTt9MCdfl7f+NC2OuWv2rC9nuBKt6CN/
               wMEVpF+ByjkUzMTA1Ktu/ziS4BJ9L7t1bUWEqa3nWb1B6MV/M
               +jeNgjiRMpGi+vzn3sD/d8Oo=
            </VALUE> 
          </PARAMETER>
        </PUBLICKEY>
        <SECURITYLEVEL name="Server-Version" value="6.0.0.0"/> 
        <SECURITYLEVEL name="Server-SKU" value="RMS 2.0"/> 
      </ISSUER>
    - <DISTRIBUTIONPOINT>
      - <OBJECT type="License-Acquisition-URL">
          <ID type="MS-GUID">
            {0F45FD50-383B-43EE-90A4-ED013CD0CFE5}
          </ID> 
          <NAME>DRM Server Cluster</NAME> 
          <ADDRESS type="URL">
            http://example.com/_wmcs/licensing
          </ADDRESS> 
        </OBJECT>
      </DISTRIBUTIONPOINT>
    - <ISSUEDPRINCIPALS>
      - <PRINCIPAL internal-id="1">
        - <OBJECT type="Group-Identity">
            <ID type="Windows">
              S-1-5-21-1226287486-3652005974-3671177567-1114
            </ID> 
            <NAME>someone@example.com</NAME> 
          </OBJECT>
        - <PUBLICKEY>
            <ALGORITHM>RSA</ALGORITHM> 
          - <PARAMETER name="public-exponent">
              <VALUE encoding="integer32">65537</VALUE> 
            </PARAMETER>
          - <PARAMETER name="modulus">
              <VALUE encoding="base64" size="1024">
                 8y1eCRDpqOTD8BXewzapBrZAPFWmiOPP8rEF/gOTKPHXSSlx
                 NAPxd+SO7D/ZG4htYspE1swc+4dSTZYA33U0kaPsaY7XSz2M
                 TAHFwDijS1B0/ix6QfK487OfYCJmjjnHYPcgTk5A9Aho8bVi
                 Zx70egTHA+ZOgEh8BE6JLJEfzuE=
               </VALUE> 
            </PARAMETER>
          </PUBLICKEY>
        </PRINCIPAL>
      </ISSUEDPRINCIPALS>
    - <WORK>
      - <OBJECT type="Client-Licensor-Certificate">
          <ID type="MS-GUID">
            {458afc58-393a-42ce-aa59-8f488b47b095}
          </ID> 
        </OBJECT>
      - <RIGHTSGROUP name="Main-Rights">
        - <RIGHTSLIST>
          - <RIGHT name="ISSUE">
            - <CONDITIONLIST>
              - <TIME>
                - <RANGETIME>
                    <FROM>2008-03-16T16:04</FROM> 
                    <UNTIL>2009-03-17T16:04</UNTIL> 
                  </RANGETIME>
                </TIME>
              - <ACCESS>
                - <PRINCIPAL internal-id="1">
                  - <ENABLINGBITS type="sealed-key">
                      <VALUE encoding="base64" size="6144">
                         jqTGMR6qms6zIJUy7yCOUZ5Rj1ICTUGvw1j72Jdk1
                         gRHnUsdXj0wAot/iwc/Z31gElEw9VZT65iIKKoMdg
                         2EHmyQck1S2STAchWq34RPBP4oIgjvpGC3tul8TTI
                         9d1Kr/1/0BJcezv6MGSgtLRlEoEpwY7Hx+xbyX32u
                         zGL2RVsCL1johsiXJnBwFLXB249Sm9lXAjK0S5yCD
                         9f8jGq86Umavxjuh0P2Ah1KqaP9e3Aia33aQugkY+
                         Bxgtv8m03jUWRiG6vrgG2zRq/R/rLZH1vQfb8GNwE
                         xRBzO3jwxAtonihhrMMOqq26F+xRxfeJLPsasalwL
                         GchvD+wd/Pa7C5h7cXuN6ZXM2fsUKd6C32J9kl97u
                         jkB9hY4jbbWxlj4KavShvcU5RqZZfFX6cpUFIhm7N
                         GniSQtujV/oJ1xygkCbvq1Lu23RdnU5T2LiDaqR8u
                         HyTeVCSFV47y9wW02kuU1++b5j2V6MlcQnRSTDQ17
                         M3tvoOv5QrWUftm2QqCyHKCh5ZQzLXadl1V1dsp5S
                         uKiYvA0ViLmcZYxOC4CUKeVwqQIFIl2KMQi5m9bQA
                         pT6xrP+KJVEKlVnPkrmYyuiQra6R73XBLEBMwtBPq
                         3+g49B1wUyNvmyuQvxfc9qfbyrlnNO1K0pbl7arIe
                         /T28c42uoJxA7oMA+Punsj6Y4IPo06cWmBDSR0PDI
                         gKhfnQcfsHNONSETohgjiTdB2nR8gkmv5uH7vr4jg
                         prFRsRQb4dJBkMtXRFiKXWCNaX9oyusnq+Ib6IvSY
                         n+0ojMg9ARYtNGS9go7RDvqAyfWjrHgT0diHonrPd
                         xiV0tg2MYoDp5T645GpfUoxYxKQi2wp8OBf1W2mSz
                         uQU4AcCykJyhXGnMOw9KJf6CNeD0CcvjMfoVADa0B
                         iCjzfX3rDFwsRtZwKjpKo3mjK8V0OVnGixvwOYMWT
                         Ukr+SzZqm3y2UgYVQ3qN89j3dLl9C3CIGX0oqshaK
                         ++7q+ECTLn3FOlpCWZBXw7bQ4ZvCRII0oIbK4u58
                      </VALUE> 
                    </ENABLINGBITS>
                  </PRINCIPAL>
                </ACCESS>
              </CONDITIONLIST>
            </RIGHT>
          </RIGHTSLIST>
        </RIGHTSGROUP>
      </WORK>
    </BODY>
  - <SIGNATURE>
    - <DIGEST>
        <ALGORITHM>SHA1</ALGORITHM> 
      - <PARAMETER name="codingtype">
          <VALUE encoding="string">surface-coding</VALUE> 
        </PARAMETER>
        <VALUE encoding="base64" size="160">
          LKS4pZO5RXo6Ih27OgFQxMCrtq0=
        </VALUE> 
      </DIGEST>
      <ALGORITHM>RSA PKCS#1-V1.5</ALGORITHM>
      <VALUE encoding="base64" size="1024">
         NpXPDoYX9MjDOq1rHyqj//Pvbtlg+fcGXewthT/jc4vpHpkaNRjCIU3A
         VNbDo3FNt0VZitrV+sFhIOrXSHPmmyp6pR3h3zz+U8sI4VyF+l2f7E7g
         eRRg4DfV6wGqjN1a789pbAyAlkX9mNrIFStvpAwCIRP1Wf6JDrVJ8n64
         s/Y=
      </VALUE> 
    </SIGNATURE>
  </XrML>

Issuance License XML Examples

Offline Signing Code Example

Online Signing XML Example