3. Embedding Objects in the Signature
The signature that you created in the previous
section is separate from the data it relates to, as are the other
signatures you created in this article. The XMLDSIG
standard supports including the original data as part of the XML
signature document.
To include your sample XML document, load the XML document and use it
to create a new instance of the DataObject class:
# C#
// load the XML document
XmlDocument x_xml_doc = new XmlDocument( );
x_xml_doc.Load("book.xml");
// create the data object for the xml document
DataObject x_obj = new DataObject( );
x_obj.Data = x_xml_doc.ChildNodes;
x_obj.Id = "book";
# Visual Basic .NET
' load the XML document
Dim x_xml_doc As XmlDocument = New XmlDocument( )
x_xml_doc.Load("book.xml")
' create the data object for the xml document
Dim x_obj As DataObject = New DataObject( )
x_obj.Data = x_xml_doc.ChildNodes
x_obj.Uri = "book"
Assign the XML data to the DataObject using the
Data property, and assign an ID to the object
using the URI property; for example, choose the ID
"book." Continue by creating a new
reference, but instead of using a URL or a stream for the data, use a
"local" reference, where you place
a # symbol in front of our object ID (in this case, the local
reference is #book):
# C#
// create the local reference
Reference x_local_reference = new Reference( );
x_local_reference.Uri = "#book";
# Visual Studio .NET
' create the local reference
Dim x_local_reference As Reference = New Reference( )
x_local_reference.Uri = "#book"
Create a new instance of the SignedXml class, and
use the AddReference and
AddObjects methods to add your reference and data:
# C#
// create the SignedXml instance
SignedXml x_signed_xml = new SignedXml( );
// add the local reference
x_signed_xml.AddReference(x_local_reference);
// add the data object
x_signed_xml.AddObject(x_obj);
# Visual Basic .NET
' create the SignedXml instance
Dim x_signed_xml As SignedXml = New SignedXml( )
' add the local reference
x_signed_xml.AddReference(x_local_reference)
' add the data object
x_signed_xml.AddObject(x_obj)
Finally, set the instance of the signing algorithm and compute the
signature:
# C#
// create a new instance of the DSA algorithm
DSA x_dsa = DSA.Create( );
// configure the signing key
// ...
// set the algorithm for the SignedXml
x_signed_xml.SigningKey = x_dsa;
// compute the signature
x_signed_xml.ComputeSignature( );
Console.WriteLine(x_signed_xml.GetXml( ).OuterXml);
# Visual Basic .NET
' create a new instance of the DSA algorithm
Dim x_dsa As DSA = DSA.Create( )
' configure the signing key
' ...
' set the algorithm for the SignedXml
x_signed_xml.SigningKey = x_dsa
' compute the signature
x_signed_xml.ComputeSignature( )
Console.WriteLine(x_signed_xml.GetXml( ).OuterXml)
The resulting signature is shown below; the included data is
hightlighted:
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1" />
<Reference URI="#book">
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>1UhFInEywZYY/3eLgCqg5w+IROI=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>DUuD4ZJd8YiDLIr7HimDWGmCXYQDpX1jv1xRxKLgccw/lTyh3XjB6Q==
</SignatureValue>
<Object Id="book">
<book xmlns="">
<title>Programming .NET Security</title>
<author>Adam Freeman</author>
<author>Allen Jones</author>
</book>
</Object>
</Signature>
By including the data in this way, you create an XML document that
contains the data that was signed, details of how the signature was
created (hashing and signature algorithms), and the signature itself,
which allows Alice to send a single XML
document to Bob when exchanging signed messages.
