Verifying XML Signatures
An XML signature will be correctly verified if the XML file has not been changed since having been signed. Otherwise the verification will fail. XML signatures can be verified in XMLSpy in the following circumstances as described below:
•XML file contains certificate-based signature, certificate key information included in signature
•Certificate-based signature in external file, certificate key information contained in signature
•Certificate-based signature in external file, certificate key information not contained in signature
•XML file contains password-based signature
•Password-based signature in external file
Start the verification by clicking XML | Verify XML Signature. Before the verification process starts, the Verify XML Signature dialog (screenshot below) appears.
Select the options you want:
•Ignore certificate errors: Selecting this option enables you to verify the signatures a document despite certificate errors such as an expiry date that has passed. This is of course only relevant if the document contains a signature that was created from a certificate.
•Show verification details: Selecting this option is useful for tracing the verification steps. If the document has multiple signatures, for example, seeing the details will enable you to discover which signatures could be verified and which could not be. If this option is not selected and verification details are, as a result, not shown, then the verification process simply returns the overall result: whether all signatures were verified or not.
After selecting your options, click OK to proceed with the verification.
XML file contains certificate-based signature, key information included in signature
To verify the XML signature in this scenario, make the XML file active in XMLSpy. On clicking the XML | Verify XML Signature command, the verification process will be executed and the result will be displayed in the Messages window (verification succeeded or failed).
XML file contains certificate-based signature, key information not contained in signature
If no key information is contained in the certificate-based signature, XMLSpy will prompt you for the certificate from which public-key information for the verification can be read. Verification is done with the XML file active in XMLSpy. On clicking the XML | Verify XML Signature command, you will be prompted to select the certificate store in which the certificate is stored (screenshot below).
On selecting a certificate store and clicking OK, a dialog displaying the certificates in that store pops up (screenshot below). Select the certificate required for the verification and click OK.
The verification process is executed and the result is displayed in the Messages window.
Certificate-based signature in external file, key information contained in signature
If a certificate-based XML signature is in an external file, the signature is verified with the signature file active in XMLSpy. On clicking the XML | Verify XML Signature command, the verification process will be executed and the result will be displayed in the Messages window (verification succeeded or failed).
Certificate-based signature in external file, key information not contained in signature
If a certificate-based XML signature is in an external file, the signature is verified with the signature file active in XMLSpy. On clicking the XML | Verify XML Signature command, XMLSpy will prompt you for the certificate from which public-key information for the verification can be read. Select the certificate as described in the section: XML file contains certificate-based signature, key information not contained in signature. The verification process will be executed and the result will be displayed in the Messages window (verification succeeded or failed).
XML file contains password-based signature
If the XML file contains a password-based XML signature, the signature is verified with the XML file active in XMLSpy. On clicking the XML | Verify XML Signature command, a dialog pops up prompting you for the password (screenshot below).
Enter the password, which must be five to sixteen characters long, and then click OK. The verification process will be executed and the result will be displayed in the Messages window (verification succeeded or failed).
Password-based signature in external file
If a password-based XML signature is in an external file, the signature is verified with the signature file active in XMLSpy. On clicking the XML | Verify XML Signature command, a dialog pops up prompting you for the password (screenshot below).
Enter the password, which must be five to sixteen characters long, and then click OK. The verification process will be executed and the result will be displayed in the Messages window (verification succeeded or failed).