generating electronic and paper based credit requests
XML signatures are digital signatures designed for use in XML transactions. The W3C standard defines a schema for capturing the result of a digital signature operation applied to an infoset. XML signatures add authentication, data integrity, and support for non-repudiation to the data that they sign.
However, it is beyond the scope of this documentation to explain all details of a signature or the signing process. Detailed information about all aspects of signatures can be found at W3C.
|Boundary conditions and critical aspects|
- the signature is optional!
- if an infoset is signed then the private certificate of the sender must be used and this certificate is applied to the payload element. This inherently qualifies for a detached signature.
In this context sender is used in terms of the communication and therefore is defined as the EAN entity given in the transport@from attribute
- the URI attribute of the reference element must use a XPointer syntax of the payload element, e.g. <ds:Reference URI="#xpointer(/credit:request/credit:payload)">
- it is recommended to add the public key via a X509Data element such that a key store can be built at the recipient's site
- The signature algorithm is fixed to PKCS1 (RSA-SHA1) (RFC 2437: RSA Cryptography Specifications)
- The digest algorithm is fixed to SHA-1
- the used canonicalization algorithm must be http://www.w3.org/2001/10/xml-exc-c14n#, the exclusive XML Canonicalization
The generalCreditRequest module does obey all these conditions whenever signature is "turned on" by setting the private certificate and password of the "fromEAN" entity (cf. IGeneralCreditRequest::SetTransport). This certificate must be in the PFX format.