Microsoft XML Core Services (MSXML) 5.0 for Microsoft Office - Digital Signatures

XMLDSIG_WRITEKEYINFO Enum

The XMLDSIG_WRITEKEYINFO enumeration defines flags used to specify how the <ds:KeyInfo> element of a signed signature document will be filled in after the XML data is signed successfully. Each of the element is passed in as an input parameter in the sign Method.

Syntax

enum _XMLDSIG_WRITEKEYINFO
{
    NOKEYINFO = 0,
    KEYVALUE = 1,
    CERTIFICATES = 2,
    PURGE = 4
};

Values

NOKEYINFO
No information will be inserted into the <ds:KeyInfo> element. Any existing content of the <ds:KeyInfo> element remains intact.
KEYVALUE
Add an appropriate <ds:KeyValue> element and its relevant child elements to the <ds:KeyInfo> element, leaving other elements intact.
CERTIFICATES
Add available, certificates to <ds:KeyInfo>, leaving other elements intact. In this case, the <ds:KeyInfo> element will contain the <ds:X509Data> element and its relevant child elements. See Remarks below for more information.
PURGE
The <ds:KeyInfo> element will be empty. Any existing content is purged.

Remarks

The fWriteKeyInfo parameter value passed in to the sign method can take an individual elemental value listed above or a combination of them. The combined values have the following meaning:

fWriteKeyInfo Description
KEYVALUE | CERTIFICATES Add key value and certificates to <ds:KeyInfo>, leaving anything else intact.
KEYVALUE | CERTIFICATES | PURGE Remove everything from <ds:KeyInfo> first and then add key value and certificates.
KEYVALUE | PURGE Remove everything from <ds:KeyInfo> first and then add key value.
CERTIFICATES | PURGE Remove everything from <ds:KeyInfo> first and then add certificates.

When you sign data with the CERTIFICATES flag and the key has a matching certificate in the "MY" certificate store, the certificate will be inserted into the resultant signature document. A key has a matching certificate if any of the following conditions are true:

Example

See the example given for the sign Method.