Partager via


Sign a Document

This topic describes how to sign an XPS document.

Before using the following code examples in your program, read the disclaimer in Common Digital Signature Programming Tasks.

To sign an XPS document, first load it into a signature manager as described in Initialize the Signature Manager.

To sign a document that has been loaded into a signature manager:

  1. Instantiate an IXpsSigningOptions interface.
  2. Set the signing policy.
  3. Set the signature method. Signature method URI string constants are defined in cryptxml.h. For more information about valid signature method values, see IXpsSigningOptions::SetSignatureMethod.
  4. Set the digest method. Digest method URI string constants are defined in cryptxml.h. For information about valid digest method values, see IXpsSigningOptions::SetDigestMethod.
  5. Load the certificate as described in Load a Certificate From a File.
  6. Verify that the certificate supports the signature method, as described in Verify That a Certificate Supports a Signature Method.
  7. Verify that the digest method is supported by the system, as described in Verify the System Supports a Digest Method.
  8. If required, embed the certificates of the certificate trust chain in the XPS document as described in Embed Certificate Chains in a Document.
  9. Sign the XPS document.

The following code example illustrates how to use the preceding steps in a program.

    // this example requires:
    //        cryptxml.h
    // and refers to local methods that are described
    // in other topics

    HRESULT                hr               = S_OK;
    BOOL                   supported        = FALSE;
    BOOL                   succeeded        = FALSE;
    IXpsSigningOptions     *signingOptions  = NULL;
    IXpsSignature          *signature       = NULL;
    PCCERT_CONTEXT         certificate      = NULL;
    
    // Instantiate an IXpsSigningOptions interface.
    hr = signatureManager->CreateSigningOptions (&signingOptions);
    
    if (SUCCEEDED(hr)) {
        // Set the signing policy to indicate the document parts 
        //  to sign.
        hr = signingOptions->SetPolicy (XPS_SIGN_POLICY_CORE_PROPERTIES);
    }

    if (SUCCEEDED(hr)) {
        // Set the digital signature method to use to generate the 
        //    signature hash value. 
        //
        // The signature method used in this example is 
        //    defined in cryptxml.h.
        hr = signingOptions->SetSignatureMethod (
            wszURI_XMLNS_DIGSIG_RSA_SHA1);
    }

    if (SUCCEEDED(hr)) {
        // Set the digest method to use.
        //
        // The digest method used in this example is 
        //    defined in cryptxml.h.
        hr = signingOptions->SetDigestMethod (wszURI_XMLNS_DIGSIG_SHA1);
    }

    if (SUCCEEDED(hr)) {
        // Load a certificate from a certificate file
        hr = LoadCertificateFromFile (signingCertificate, &certificate);
    }

    if (SUCCEEDED(hr)) {
        // Verify the certificate supports the digest method
        supported = SupportsDigestAlgorithm (
            wszURI_XMLNS_DIGSIG_SHA1);
        if (!supported) hr = E_FAIL;
    }

    if (SUCCEEDED(hr)) {
        // Verify the signature method is supported by the certificate
        //  and the system
        supported = SupportsSignatureAlgorithm(
            wszURI_XMLNS_DIGSIG_RSA_SHA1, certificate);
        if (!supported) hr = E_FAIL;
    }

    if (SUCCEEDED(hr)) {
        // Embed the certificate trust chain in the XPS package (optional).
        hr = EmbedCertificateChainInXpsPackage (signingOptions, certificate);
    }

    if (SUCCEEDED(hr)) {
        // Sign the XPS document
        hr = signatureManager->Sign (signingOptions, certificate, &signature);
    }

 //<Free the certificate context
    if (NULL != certificate) CertFreeCertificateContext (certificate);

    if (NULL != signingOptions) signingOptions->Release();
    if (NULL != signature) signature->Release();

Next Steps

Add a Signature Request to an XPS Document

Verify Document Signatures

Used in This Section

CertFreeCertificateContext

IXpsSignatureManager

IXpsSignatureManager::CreateSigningOptions

IXpsSignatureManager::Sign

IXpsSigningOptions

IXpsSigningOptions::SetDigestMethod

IXpsSigningOptions::SetPolicy

IXpsSigningOptions::SetSignatureMethod

XPS_SIGN_POLICY

For More Information

Cryptography API

Cryptography Functions

Load a Certificate From a File

Verify a Certificate Supports a Signature Method

Verify the System Supports a Digest Method

Embed Certificate Chains in a Document

XPS Digital Signature API Errors

XPS Document Errors

XML Paper Specification