Verify a detached signature using a HMAC key

IMPORT xml

MAIN
  DEFINE doc xml.DomDocument
  DEFINE sig xml.Signature
  DEFINE key xml.CryptoKey
  DEFINE isVerified INTEGER
  # Create DomDocument object
  LET doc = xml.DomDocument.Create()
  # Notice that whitespaces are significant in cryptography, 
  # therefore it is recommended to remove unnecessary ones 
  CALL doc.setFeature("whitespace-in-element-content",FALSE)
  TRY
    # Load Signature into a DomDocument object
    CALL doc.load("MyDocumentDetachedSignature.xml")
    # Create signature object from DomDocument root node
    LET sig = xml.Signature.CreateFromNode(doc.getDocumentElement())
    # Create HMAC key and assign it to the signature object
    LET key = xml.CryptoKey.Create("http://www.w3.org/2000/09/xmldsig#hmac-sha1")
    CALL key.setKey("secretpassword")
    CALL sig.setKey(key)
    # Load original XML document into a DomDocument object
    CALL doc.load("MyDocument.xml")
    # Verify detached signature validity of original document
    LET isVerified = sig.verify(doc)
    # Notice that if something has been modified in the node 
    # with attribute 'xml:id="code"' of the original XML document,
    # the program will display "FAILED".
    IF isVerified THEN
      DISPLAY "Signature OK"
    ELSE
      DISPLAY "Signature FAILED"
    END IF
  CATCH
    DISPLAY "Unable to verify the detached signature :",STATUS
  END TRY
END MAIN
Note: All keys or certificates in PEM or DER format were created with the OpenSSL tool.