See Also: SignedXml Members
The System.Security.Cryptography.Xml.SignedXml class is the main class used for XML signing and verification (XMLDSIG) in the .NET Framework. XMLDSIG is a standards-based, interoperable way to sign and verify all or part of an XML document or other data that is addressable from a Uniform Resource Identifier (URI). The .NET Framework XMLDSIG classes implement the World Wide Web Consortium (W3C) specification for XML signing and verification located at http://www.w3.org/TR/xmldsig-core/.
Use the System.Security.Cryptography.Xml.SignedXml class whenever you need to share signed XML data between applications or organizations in a standard way. Any data signed using this class can be verified by any conforming implementation of the W3C specification for XMLDSIG.
XMLDSIG creates a <Signature> element, which contains a digital signature of an XML document or other data that is addressable from a URI. The <Signature> element can optionally contain information about where to find a key that will verify the signature and which cryptographic algorithm was used for signing.
The System.Security.Cryptography.Xml.SignedXml class allows you to create the following three kinds of XML digital signatures:
Enveloped signature |
The signature is contained within the XML document being signed. |
Enveloping signature |
The signed XML is contained within the <Signature> element. |
Detached signature |
The signature is in a separate document from the data being signed. |
Use one of the following methods to exchange key information:
Do not include any key information. If you choose this option, both parties must agree on an algorithm and key before they exchange a digital signature.
Include a public key in the <EncryptedKey> element.
Include the location of the key in the URI attribute of the <RetrievalMethod> element. Both parties must agree on the key location ahead of time and this location must be kept secret.
Include a string name that maps to a key in the <KeyName> element. Both parties must agree on the key name mapping before they exchange encrypted data and this mapping must be kept secret.