Altova XMLSpy 2024 Professional Edition

The XML Signature command is available in Authentic View when the associated SPS has XML Signatures enabled. The XML Signature command is also available as the XML Signature toolbar icon icXMLSignature in the Authentic toolbar.

 

Verification and own certificate/password

Clicking the XML Signature command starts the signature verification process. If no signature is present in the document, a message to that effect is displayed in the XML Signature dialog (see screenshot below), and the dialog will have a button that enables the Authentic View user to sign the document.

XMLSigVerificationFailed

If the Select Own Certificate or Select Own Password button is present in this dialog, it means that the Authentic View has been given the option of selecting an own certificate/password. (Whether a certificate or password is to be chosen has been decided by the SPS designer at the time the signature was configured. The signature will be either certificate-based or password-based.) Clicking either of these buttons, if present in the dialog, enables the Authentic View user to browse for a certificate or to enter a password. The Authentic View user's selection is stored in memory and is valid for the current session only. If, after selecting a certificate or password, the document or application is closed, the certificate/password setting reverts to the setting originally saved with the SPS.

 

Verification and authentication information

If the verification process is run on a signed document, two general situations are possible. First: If the authentication information is available (in the signature or the SPS), then the verification process is executed directly and the result is displayed (screenshot below).

XMLSigVerified

 

Authentication information is either the signing certificate's key information or the signing password. The SPS designer will have specified whether the certificate's key information is saved in the signature when the XML document is signed, or, in the case of a password-based signature, whether the password is saved in the SPS. In either of these cases, the authentication is available. Consequently the verification process will be run directly, without requiring any input from the Authentic View user.

 

The second possible general situation occurs when authentication information is not available in the signature (certificate's key information) or SPS file (password). In this situation, the Authentic View user will be asked to supply the authentication information: a password (see screenshot below) or the location of a certificate. If the SPS allows Authentic View to select their own password or certificate, click Select own Password (or Certificate) to do that.

SigPassword

 

© 2017-2023 Altova GmbH