Digital Signatures

www.altova.com Print this Topic Previous Page Up One Level Next page

Home >  Data Sources and Targets > XML and XML schema >

Digital Signatures

Digital signatures are a W3C specification to digitally sign an XML document with an encrypted code that can be used to verify that the XML document has not been altered. The XML Signature feature in MapForce supports only certificates of type RSA-SHA1 and DSA-SHA1.

 

For more details about XML signatures, see the W3C specification for XML signatures at https://www.w3.org/TR/xmldsig-core/

 

MapForce supports creating XML digital signatures for XML and XBRL output files. Digital signatures can only be generated when the output target is BUILT-IN and only in the preview. A signature is created for the generated result file, when the output button is pressed, and the result file is saved.

 

Note: MapForce Server does not support digital signatures.

 

Digital signatures can be embedded as the last element of the output document or stored in a separate signature file.

 

If "Enveloped" is selected, then the signature is the last child element below the root element of the XML file.
If "Detached" is selected, then the signature file is generated as a separate document.

 

 

To activate generation of digital signatures:

1.Open the Component Settings dialog box of the output component, by double-clicking its header, or by selecting Component | Properties.
2.Select the Create digital signature check box.

dlg_component_settings_xml_sig

3.The XML Signature Settings dialog box opens, where you can define the required settings (see XML Signature Settings).

 

 

To change settings for digital signatures:

1.Open the Component Settings dialog box of the output component, by double-clicking its header, or by selecting Component | Properties.
2.Click the "Signature Settings" button to open the XML Signature Settings dialog box.
3.Enter settings and click OK.

 

Using the MarketingExpenses_DetachedSignature.mfd file in the ...\MapForceExamples folder, as an example:

 

1.Double click the MarketingExpenses target component, then click the "Signature Settings" button. The selected options are shown.
2.Click OK to close the dialog box.
3.Click the Output button to see the mapping result.

 

Two files are generated in the preview window. The first file, MarketingExpenses.xml, is the mapping result of that target component.

xmlsig01

The second file, MarketingExpenses.xml.xsig, is the temporary digital signature file generated by the target component.

xmlsig02

To generate the signature file, click the Save all generated outputs ic-save-all-out toolbar button.

This generates the .xml and .xsig files in the output directory.

 

The MarketingExpenses_EnvelopedSignature.mfd file in the ...\MapForceExamples folder shows the result when the signature placement is "Enveloped".

xmlsig03

 

XML document validity

If an XML signature is embedded in the XML document, a Signature element in the namespace http://www.w3.org/2000/09/xmldsig# is added to the XML document. In order for the document to remain valid according to a schema, the schema must contain the appropriate element declarations. MapForce embeds signatures using the Enveloped option:

 

Enveloped: The Signature element is created as the last child element of the root (or document) element.

 

If you do not wish to modify the schema of the XML document, the XML signature can be created in an external file using the "Detached" option.

 

Given below are excerpts from XML Schemas that show how the Signature element of an enveloped signature can be allowed. You can use these examples as guides to modify your own schemas.

 

In the first of the two listings below, the XML Signature Schema is imported into the user's schema. The XML Signature Schema is located at the web address: https://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd

 

<?xml version="1.0" encoding="UTF-8"?>

<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema"

          xmlns:xsig="http://www.w3.org/2000/09/xmldsig#" 

           elementFormDefault="qualified" 

           attributeFormDefault="unqualified">

  <xs:import namespace="http://www.w3.org/2000/09/xmldsig#"

            schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>

   <xs:element name="Root">

      <xs:complexType>

         <xs:sequence>

            <xs:element ref="FirstChildOfRoot"/>

            <xs:element ref="SecondChildOfRoot" minOccurs="0"/>

            <xs:element ref="ThirdChildOfRoot" minOccurs="0"/>

            <xs:element ref="xsig:Signature" minOccurs="0"/>

         </xs:sequence>

      </xs:complexType>

   </xs:element>

   ...

</xs:schema>

 

A second option (listing below) is to add a generic wildcard element which matches any element from other namespaces. Setting the processContents attribute to lax causes the validator to skip over this element—because no matching element declaration is found. Consequently, the user does not need to reference the XML Signatures Schema. The drawback of this option, however, is that any element (not just the Signature element) can be added at the specified location in the XML document without invalidating the XML document.

 

<?xml version="1.0" encoding="UTF-8"?>

<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" 

           elementFormDefault="qualified" 

           attributeFormDefault="unqualified">

   <xs:element name="Root">

      <xs:complexType>

         <xs:sequence>

            <xs:element ref="selection"/>

            <xs:element ref="newsitems" minOccurs="0"/>

            <xs:element ref="team" minOccurs="0"/>

            <xs:any namespace="##other" minOccurs="0" processContents="lax"/>

         </xs:sequence>

      </xs:complexType>

   </xs:element>

   ...

</xs:schema>


© 2019 Altova GmbH