The XMLDSIG_WRITEKEYINFO enumeration defines flags used to specify how the <ds:KeyInfo>
element of a signed signature document will be filled in after the XML data is signed successfully. Each of the element is passed in as an input parameter in the sign Method.
Syntax
enum _XMLDSIG_WRITEKEYINFO { NOKEYINFO = 0, KEYVALUE = 1, CERTIFICATES = 2, PURGE = 4 };
<ds:KeyInfo>
element. Any existing content of the <ds:KeyInfo>
element remains intact.<ds:KeyValue>
element and its relevant child elements to the <ds:KeyInfo>
element, leaving other elements intact.<ds:KeyInfo>
, leaving other elements intact. In this case, the <ds:KeyInfo>
element will contain the <ds:X509Data>
element and its relevant child elements. See Remarks below for more information.<ds:KeyInfo>
element will be empty. Any existing content is purged.The fWriteKeyInfo
parameter value passed in to the sign
method can take an individual elemental value listed above or a combination of them. The combined values have the following meaning:
fWriteKeyInfo | Description |
---|---|
KEYVALUE | CERTIFICATES | Add key value and certificates to <ds:KeyInfo> , leaving anything else intact. |
KEYVALUE | CERTIFICATES | PURGE | Remove everything from <ds:KeyInfo> first and then add key value and certificates. |
KEYVALUE | PURGE | Remove everything from <ds:KeyInfo> first and then add key value. |
CERTIFICATES | PURGE | Remove everything from <ds:KeyInfo> first and then add certificates. |
When you sign data with the CERTIFICATES flag and the key has a matching certificate in the "MY" certificate store, the certificate will be inserted into the resultant signature document. A key has a matching certificate if any of the following conditions are true:
putref_store
property method or the setStoreHandle
method.See the example given for the sign Method.