Discuss this help topic in SecureBlackbox Forum

Verify the signature

Verification of the signed document consists of two steps - validation of the signature and reference validation.

First you need to load the signature from the document. To do this, call Load() method of TElXMLVerifier class and pass an element, which contains a signature node. The element need not be a signature node itself -- it can contain a signature as one of the children nodes.

Next, call ValidateSignature() method of TElXMLVerifier class. This method will return true if the signature could be verified and was correct. The method will return false in 2 cases - the signature is incorrect (altered, broken etc.) or there's not enough information to validate the signature. KeyDataNeeded property is true if there was not enough information or false if the signature is incorrect.

If there's not enough information, you need to provide the missing key. First, you need to check whether the signature is regular or MAC. Use SignatureMethodType property of TElXMLVerifier for this.

In case of MAC signature, you need to set the HMAC key, used to decrypt the signature data. To set this key,

  1. create an instance of TElXMLKeyInfoHMACData class;
  2. place the key to Key property of TElXMLKeyInfoHMACData class;
  3. assign the created instance to HMACKey property of TElXMLVerifier class.

In case of the regular signature, you need to provide a certificate or a key against which verification is performed. You will need only a public key or certificate without a private key for verification of the signature. KeyName property of TElXMLVerifier can contain the name of the key, which will help you locate the key. Note, that the presence of this value is optional. Load the key data to the instance of the corresponding key data class and set KeyData property of TElXMLVerifier class to reference the instance of the key data class.

After the key data is set call ValidateSignature() once again.

Reference validation is described in the corresponding how-to article.

Discuss this help topic in SecureBlackbox Forum