XML digital signatures will enable a sender to cryptographically sign data, and
the signatures can then be used as authentication credentials or a way to check
data integrity. XML signatures can be applied to any XML resource, such as XML,
an HTML page, binary-encoded data such as a gif file, and XML-encoded data. The
standout feature of the XML digital signature is its ability to sign only specific
portions of the XML document.
This article will now discuss the three types of XML signatures:
An enveloped signature is the signature applied over the XML content that
contains the signature as an element. The signature element is excluded
from the calculation of the signature value. The signed XML element in
Figure 1 represents the signed XML resource fragment. Click here to look
at a sample SOAP message with an enveloped signature.
Figure 1: Enveloped Signatures
An enveloping signature is the signature applied over the content found within
an Object element of the signature itself. The object or its content is
identified through a Reference element by way of a Uniform Resource Identifier
(URI) fragment identifier or transform. The signed XML element in Figure 1
represents the signed XML resource fragment.
Figure 2: Enveloping Signatures
A detached signature (see Figure 3) is the signature applied over the content external
to the Signature element, and it can be identified by way of a URI or a transform. The
signed XML resource can be present within the same document as the Signature element,
or it can be external to the XML document. Click here to look at a sample SOAP message
with a detached signature.
Figure 3: Detached Signatures