iDEAL Signature Element

Note: Signature is an XML Signature data element that is defined in the XML-Signature Syntax and Processing W3C Recommendation 12 February 2002. The XML Digital Signature Schema is available from W3C at the following URL: http://www.w3.org/2000/09/xmldsig#.

(Sub-)element	Description
`Signature`
`SignedInfo`	This element contains information about the signature and the content that needs to be signed. See below.
`SignatureValue`	The value of the electronic signature.
`KeyInfo`	This value indicates the certificate to be used for validating the signature. See below.
`SignedInfo`
`Canonicalization Method`	Specified Algorithm = http://www.w3.org/2001/10/xml-exc-c14n# More info The XML content has to be canonicalized. Canonicalization (c14n) is a process for converting data that has more than one possible representation into a canonical form. For the purpose of generating the digest of the main message, the inclusive canonicalization algorithm must be used http://www.w3.org/TR/2001/REC-xml-c14n-20010315 For the purpose of generating the signature value, the exclusive http://www.w3.org/2001/10/xml-exc-c14n canonicalization algorithm must be used.
`SignatureMethod`	Specified Algorithm = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 More info For iDEAL RSAwithSHA256 must be used as signature algorithm
`Reference`	See below
`Reference`
`URI (attribute)`	This value must be "" and it indicates that the entire XML document will be signed.
`Transforms`	Specified Algorithm = http://www.w3.org/2000/09/xmldsig#enveloped-signature More info This is a list of Transform elements, each of which specifies a processing step before feeding the document to the digest algorithm. iDEAL uses an enveloped signature: the signature is contained within the signed document. A transform is required to remove the signature from the signed data. The mentioned transform performs this action.
`DigestMethod`	Specified Algorithm = http://www.w3.org/2001/04/xmlenc#sha256 More info This element specifies the hashing algorithm. The value of the DigestMethod/Algorithm attribute must indicate SHA256
`DigestValue`	This is the Base64 value of the hash of the content.
`KeyInfo`
`KeyName`	This value holds the fingerprint which indicates the certificate to be used for validating the signature.

Example Message fragment

....
	<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
		<SignedInfo>
			<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
			<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
			<Reference URI="">
				<Transforms>
					<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
				</Transforms>
				<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
				<DigestValue>VW+VjenRyZVFCNfBTeoxDflQ4yfR8KYFvwPVinVPqBs=</DigestValue>
			</Reference>
		</SignedInfo>
		<SignatureValue>
IELLwKSGFMk64US23YrpZ8//hJ8DeJEtYht5knlxJvBOr8dcI+aJTBq+YtyzP9ClcK62Obs5aynHBE/GPHZShuMw+8WHq4fCMInOwKURgwjDOz8UYaIMqG0Ojiz8dFYGn+dH2lL0QVss4jmIIAD8MCijb27oqij6PclXw9Y9veI=
</SignatureValue>
		<KeyInfo>
			<KeyName>7D665C81ABBE1A7D0E525BFC171F04D276F07BF2</KeyName>
		</KeyInfo>
	</Signature>
....

Schematic representation