DocumentID: ECMA-376/Part2/12.4
Title: ECMA-376, Part2: 12.4 Generating Signatures
Extracted-From: ECMA-376 Office Open XML File Formats, 1st Edition / December 2006
Warning: Coverted to HTML format by a script known to have bugs
Navigation:

12.4 Generating Signatures

The steps for signing package contents follow the algorithm outlined in §3.1 of the W3C Recommendation "XML-Signature Syntax and Processing," with some modification for package-specific constructs.

The steps below might not be sufficient for generating signatures that contain application-specific Object elements. Format designers that utilize application-specific Object elements shall also define the additional steps that shall be performed to sign the application-specific Object elements.

To generate references:

  1. For each package part being signed:
  • The package implementer shall a pply the transforms, as determined by the producer, to the contents of the part. [Note: Relationships transforms are applied only to Relationship parts. When applied, the relationship transform filters the subset of relationships within the entire Relationship part for purposes of signing. end note]
  • The package implementer shall c alculate the digest value using the resulting contents of the part.
    1. The package implementer shall create a Reference element that includes the reference of the part with the query component matching the content type of the target part, necessary Transform elements, the DigestMethod element and the DigestValue element.
    2. The package implementer shall construct the package-specific Object element containing a Manifest element with both the child Reference elements obtained from the preceding step and a child SignatureProperties element, which, in turn, contains a child SignatureTime element.
    3. The package implementer shall create a reference to the resulting package-specific Object element.

    When signing Object element data, package implementers shall follow the generic reference creation algorithm described in §3.1 of the W3C Recommendation "XML-Signature Syntax and Processing". [M6.28]

    To generate signatures:

    1. The package implementer shall create the SignedInfo element with a SignatureMethodelement, a CanonicalizationMethod element, and at least one Reference element.
    2. The package implementer shall canonicalize the data and then calculate the SignatureValue element using the SignedInfo element based on the algorithms specified in the SignedInfo element.
    3. The package implementer shall construct a Signature element that includes SignedInfo, Object, and SignatureValue elements. If a certificate is embedded in the signature, the package implementer shall also include the KeyInfo element.
    Converted to HTML format by ooxmlspec2html 0.1, a Perl script provided by OpenISO.org.