Microsoft XML Core Services (MSXML) 5.0 for Microsoft Office - Digital Signatures

createKeyFromNode Method

[This feature was first implemented for MSXML 5.0.]

Generates a key object from the DOM node corresponding to the <ds:KeyInfo> and one of its descendant elements. The createKeyFromNode method is used to acquire the public key for signature verification.

[JScript]

Script Syntax

var objKey = objXMLDigitalSignature.createKeyFromNode(node);
[Visual Basic]

Visual Basic Syntax

Set objKey = objXMLDigitalSignature.createKeyFromNode(node)
[C/C++]

C/C++ Syntax Using Smart Pointers

IXMLDSigKeyPtr objKey=IXMLDigitalSignature->createKeyFromNode(node);

C/C++ Syntax

HRESULT createKeyFromNode (
    IXMLDOMNode* node,
    IXMLDSigKey** objKey);

Parameters

node [in]
An XML DOM node corresponding to a child element of the <ds:KeyInfo> element. For more information, see the Remarks section below.
objKey [out]
In C/C++, this is a reference to the resultant key object implementing the IXMLDSigKey interface. In Visual Basic, scripting languages, and C/C++ with smart pointers, this is the key object itself.

Return Values

This methods returns the standard CryptoAPI return values, including the following:

S_OK
The key object was created successfully.
E_FAIL
The key object could not be created. Possible reasons include that the <ds:KeyInfo> node contained insufficient information, or the caller was not authorized.
E_ACCESSDENIED
The key object could not be created because the user does not have access to the security item.

Remarks

The actions performed by createKeyFromNode during key generation depend on the input node. This method can use any of the following types of nodes to create the key.

Input node Actions performed
<ds:KeyValue> Searches for the <ds:DSAKeyValue> or <ds:RSAKeyValue> node.
<ds:DSAKeyValue> Loads the DSA key.
<ds:RSAKeyValue> Loads the RSA key.
<ds:X509Data> Searches for the <ds:X509Certificate> node.
<ds:X509Certificate> Loads the X509 certificate, extracts the embedded key, and loads it into the calling application.
<ds:RetrievalMethod> Obtains additional key information based, on the URI and the transformation specified.

The resultant key object does not contain any certificate information. Calling IXMLDSigKey::getStore or IXMLDSigKeyEx::getStoreHandle on this key object will result in NULL.

An error occurs when the input node is a <ds:KeyInfo> element containing any X509 certificates, either explicitly (by way of <ds:X509Certificate>), or implicitly (by way of <ds:RetrievalMethod>). In this case, calling IXMLDSigKey::getStore or IXMLDSigKeyEx::getStoreHandle on the resultant key object will return an IStore object or a memory store object containing the certificates.

Example

This example illustrates how to verify a signature on signed data. The example uses the createKeyFromNode method to obtain the signature. We've provided source files for the sample in three languages: JScript, Visual Basic, and C++. The output is the same in each language.

Applies To

IXMLDigitalSignature | IXMLDigitalSignatureEx

Versioning

MSXML 5.0 and later

To view reference information for Visual Basic, C/C++, or Script only, click the Language Filter button Language Filter in the upper-left corner of the page.

See Also

verify Method