iDEAL Signature Element

Note: Signature is an XML Signature data element that is defined in the XML-Signature Syntax and Processing W3C Recommendation 12 February 2002. The XML Digital Signature Schema is available from W3C at the following URL: http://www.w3.org/2000/09/xmldsig#.

(Sub-)element

Description

Signature

SignedInfo

This element contains information about the signature and the content that needs to be signed. See below.

SignatureValue

The value of the electronic signature. 

KeyInfo

This value indicates the certificate to be used for validating the signature. See below.

SignedInfo

Canonicalization Method

Specified Algorithm = http://www.w3.org/2001/10/xml-exc-c14n#

 More info

The XML content has to be canonicalized. Canonicalization (c14n) is a process for converting data that has more than one possible representation into a canonical form.

  1. For the purpose of generating the digest of the main message, the inclusive canonicalization algorithm must be used http://www.w3.org/TR/2001/REC-xml-c14n-20010315
  2. For the purpose of generating the signature value, the exclusive http://www.w3.org/2001/10/xml-exc-c14n canonicalization algorithm must be used.

SignatureMethod

Specified Algorithm = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256

 More info
For iDEAL RSAwithSHA256 must be used as signature algorithm

Reference

See below

Reference

URI (attribute)

This value must be "" and it indicates that the entire XML document will be signed.

Transforms

Specified Algorithm = http://www.w3.org/2000/09/xmldsig#enveloped-signature

 More info
This is a list of Transform elements, each of which specifies a processing step before feeding the document to the digest algorithm. 
iDEAL uses an enveloped signature: the signature is contained within the signed document. A transform is required to remove the signature from the signed data. The mentioned transform performs this action.

DigestMethod

Specified Algorithm = http://www.w3.org/2001/04/xmlenc#sha256

 More info
This element specifies the hashing algorithm. The value of the DigestMethod/Algorithm attribute must indicate SHA256

DigestValue

This is the Base64 value of the hash of the content.

KeyInfo

KeyName

This value holds the fingerprint which indicates the certificate to be used for validating the signature. 

Example Message fragment

....
	<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
		<SignedInfo>
			<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
			<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
			<Reference URI="">
				<Transforms>
					<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
				</Transforms>
				<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
				<DigestValue>VW+VjenRyZVFCNfBTeoxDflQ4yfR8KYFvwPVinVPqBs=</DigestValue>
			</Reference>
		</SignedInfo>
		<SignatureValue>
IELLwKSGFMk64US23YrpZ8//hJ8DeJEtYht5knlxJvBOr8dcI+aJTBq+YtyzP9ClcK62Obs5aynHBE/GPHZShuMw+8WHq4fCMInOwKURgwjDOz8UYaIMqG0Ojiz8dFYGn+dH2lL0QVss4jmIIAD8MCijb27oqij6PclXw9Y9veI=
</SignatureValue>
		<KeyInfo>
			<KeyName>7D665C81ABBE1A7D0E525BFC171F04D276F07BF2</KeyName>
		</KeyInfo>
	</Signature>
....

Copyright © Currence iDEAL B.V. All rights reserved.