ProductsXMLSpyXML Digital Signatures

As XML security becomes increasingly important, XMLSpy® 2012 provides easy-to-use functionality for assigning digital XML signatures to XML documents via XML Signature technology.

XML digital signature technology allows you to confirm the authenticity and integrity of XML files, as well as the identity of the signing party. The security XML Signature provides for XML data is important for transmission of files for everyday business transactions as well as XBRL, patent, tax, and other official filing documents that are submitted digitally and will likely require the use of digital signatures in the future.

XMLSpy supports the creation and verification of XML digital signatures. An XML file is signed using either the private key of a digital certificate or a password. The signature can be subsequently verified using either the public key that corresponds to the selected certificate or the password specified during the signing process.

Adding XML Signatures to XML Documents

XML digital signature functionality is available in the XML menu.

The Create XML Signature lets you choose from various options. First, choose the authentication method: digital certificate or password. Under Transformations, you can specify whether or not to strip non-significant whitespace and optionally select a canonicalization algoritm to apply to to the XML data prior to performing signature calculations. Transformation options are shown in the screenshot below.

Next, choose the location of the signature:

• Enveloped: The signature element is created as the last child element of the root element
• Enveloping: The signature element is created as the root element, and the XML document is inserted as a child element
• Detatched: The XML signature is created as a separate file

Note: XML Schema and XBRL files can only be signed with detatched signature files. WSDL files can be signed using enveloped or detached signatures.

The Append KeyInfo option is used with certificate-based signatures. Checking this box places the certificates's public key information in the signature. The advantage of including key information is that the certificate itself (specifically the public-key information in it) will not be required for the verification process (since the key information is present in the signature).

In the example below, the document is signed with an enveloped signature, i.e., the XML digital signature is inserted in the existing XML document as the last child element of the root element.

Verifying XML Signatures

It's just as easy to verify the XML signature on an XML file you've received. To verify an XML digital signature in a detached signature file, the signature file must be active; for documents signed with an enveloped or enveloping signature, the document itself should be active. Select Verify XML Signature from the XML menu, and follow the prompts to select the required certificate and/or password, as applicable. If the XML file is unchanged since it was signed, the verification is successful.

However, if the document was at all altered during transit, the XML signature verification will fail.

See how easy it is to add security measures to your XML files using XML signature functionality in XMLSpy.

 Click here to download a fully functional, free 30-day trial of Altova XMLSpy!