Verify a detached signature using a HMAC key
IMPORT xml
MAIN
DEFINE doc xml.DomDocument
DEFINE sig xml.Signature
DEFINE key xml.CryptoKey
DEFINE isVerified INTEGER
# Create DomDocument object
LET doc = xml.DomDocument.Create()
# Notice that whitespaces are significant in cryptography,
# therefore it is recommended to remove unnecessary ones
CALL doc.setFeature("whitespace-in-element-content",FALSE)
TRY
# Load Signature into a DomDocument object
CALL doc.load("MyDocumentDetachedSignature.xml")
# Create signature object from DomDocument root node
LET sig = xml.Signature.CreateFromNode(doc.getDocumentElement())
# Create HMAC key and assign it to the signature object
LET key = xml.CryptoKey.Create("http://www.w3.org/2000/09/xmldsig#hmac-sha1")
CALL key.setKey("secretpassword")
CALL sig.setKey(key)
# Load original XML document into a DomDocument object
CALL doc.load("MyDocument.xml")
# Verify detached signature validity of original document
LET isVerified = sig.verify(doc)
# Notice that if something has been modified in the node
# with attribute 'xml:id="code"' of the original XML document,
# the program will display "FAILED".
IF isVerified THEN
DISPLAY "Signature OK"
ELSE
DISPLAY "Signature FAILED"
END IF
CATCH
DISPLAY "Unable to verify the detached signature :",STATUS
END TRY
END MAIN
Note: All keys or certificates in PEM or DER format were
created with the OpenSSL tool.