Microsoft XML Core Services (MSXML) 5.0 for Microsoft Office - Digital Signatures

Enveloped Signatures

In an enveloped signature, the signed or to-be-signed data is an XML document and contains the <ds:Signature> element as its child element.

Note   The content of <ds:Signature> element is excluded from the calculations of the signature value (that is, the content of <ds:SignatureValue>) of an enveloped signature.

The following is an example of enveloped signatures.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE Envelope [
  <!ENTITY ds "http://www.w3.org/2000/09/xmldsig#">
  <!ENTITY c14n "http://www.w3.org/TR/2001/REC-xml-c14n-20010315">
  <!ENTITY xpath "http://www.w3.org/TR/1999/REC-xpath-19991116">
  <!ENTITY xslt "http://www.w3.org/TR/1999/REC-xslt-19991116">
  <!ENTITY digest "http://www.w3.org/2000/09/xmldsig#sha1">
]>
<Letter>
   <Return-address>...</Return-address>
   <To>...</To>
   <Message>...</Message>
   <From>
      <ds:Signature xmlns:ds="&ds;">
         <ds:SignedInfo>
         ...
         <ds:Reference URI="">
             <ds:Transforms>
                <ds:Transform Algorithm="&xpath;">
                    <XPath xmlns:dsig="&ds;">
                       not(ancestor-or-self::dsig:Signature)
                    </XPath>
                </ds:Transform>
             </ds:Transforms>
             <ds:DigestMethod Algorithm="&digest;"/>
             <ds:DigestValue></ds:DigestValue>
         </ds:Reference>
         </ds:SignedInfo>
      </ds:Signature>
   </From>
   <Attach>...</Attach>
</Letter>

The data referenced in the <ds:Signature> element and specified by the "URI=''" attribute of the <ds:Reference> descendant element is the entire <Letter> element, including <ds:Signature> itself.