With XML ValidatorBuddy it is easy and convenient to sign and verify XML documents with digital signatures. Use the toolbar on the main window to issue all of the commands necessary to sign and verify your XML data or use the related commands from the XML menu. You can also put certificates on the XML Digital Signatures toolbar to select them quickly if you need some of them frequently to sign XML documents or to verify an existing signature.
The picture below shows the XML Digital Signatures toolbar with a user-defined button to quickly select the sample RSA SHA-2 certificate:
How to sign an XML document
1. Open or select XML document(s)
Open any XML document in the editor or select one or more XML files which should be signed with a digital signature from the File Explorer window of XML ValidatorBuddy. All of the selected files will be signed using the same certificate. Any selected folder is skipped during the signing operation.
2. Use the sign command
Use the "Sign XML with Digital Signature" command either from the toolbar or from the XML menu to start the signing operation. This command is enabled when a document is loaded in the editor or if one or more files are selected on the File Explorer tab. A dialog will be displayed to set additional options for the signing operation:
Use certificate option
To sign one or more documents you can specify a certificate which holds the private key for the signing operation.
If there is no certificate selected on the XML Digital Signatures toolbar the fields on the dialog for the currently active certificate will be empty. Use the "Select..." button to select a certificate in this case.
Select the "Use file or password" option to read the key from an external .PFX file or to enter the password manually in the "Password:" edit field. On using a password, the key type and hash method can be selected. If a .PFX file is used key type and hash algorithm are specified by the file. Any required password to access the key from the .PFX file can be entered at the "Password:" field.
Select HMAC as key type if you want to use a password to sign the XML data. Again use the "Password" field to enter the password.
You can also sign only parts of the XML if you don't need to have the complete XML content in the signature. Use the ID values of the XML elements to select the fragments to add to the signature. You can add as many references as you like using the "Add" button. Delete a reference with the "Remove" button. If the ID can be found in the XML, the XPath is displayed in the "Location" column.
As the dialog shows, the DSIG implementation of XML ValidatorBuddy offers all of the important methods and types of XML digital signatures.
3. Saving signed files
After a document has been signed from the File Explorer tab it needs to be saved. You can tell XML ValidatorBuddy to automatically append an arbitrary string to the end of the current name of the file, or you can choose to display a standard file dialog for each signed file to set the name and destination of the new document. The controls to select how to save the signed files are on the bottom of the dialog.
On signing the active document a new window containing the signed XML is opened directly in the editor.
Verification of digital signatures
You can use XML ValidatorBuddy to verify the digital signatures of one or multiple files at once. The implementation also supports multiple signatures in one file and shows a detailed report about the verification results for each file separately:
1. Open or select XML document(s)
Open an XML document in the editor or select one or more XML files which should be verified from the File Explorer window of XML ValidatorBuddy. Any selected folder is skipped during the verify operation.
2. Use the verify command
Use the "Verify XML Digital Signature" command either from the toolbar or from the XML menu to verify XML digital signatures. This command is enabled if there is an active document in the editor or if one or more files are selected in the File Explorer.
The public key to verify the signature of an XML document is either taken from the certificate selected on the toolbar or, if the signature of the XML document contains aKeyInfoelement, directly from the file. Any selected certificate has priority over the public key from the KeyInfo element.
The results of the verification process are displayed on the standard results pane or as a separate dialog if multiple XML documents were selected on the File Explorer tab.
Working with certificates
Certificates are used to hold the private and public keys to sign and verify XML documents with digital signatures.
Certificates holding RSA, DSA and HMAC keys can be used.
MD5, SHA and SHA-2 (SHA-256, SHA-384, SHA-512) hash algorithms are supported.
To put a certificate on the XML Digital Signatures toolbar in XML ValidatorBuddy open the "Certificates" page on the Options dialog. Use the "New" button to add a new line to the list of certificates. You can assign a title by clicking the line of the certificate on the list. The title will be displayed on the toolbar to identify the certificate.
To select a certificate use the "Assign Certificate..." button. Set the "Show on toolbar" check to show the certificate as a button on the XML Digital Signatures toolbar.