CreaSign

Verify signature in a Web browser

To verify a signature in a Web browser, follow these steps:

  1. Server must obtain signed document
  2. Load xml document from file to MSXML XmlDOMDocument.
  3. Create XmlSignature object.
  4. Find signature node and attach it to XmlSignature object.
  5. Verify the signature.
  6. Validate the document.

<% ' load the document that was signed in browser Set doc = CreateObject("Msxml2.FreeThreadedDOMDocument.4.0") doc.preserveWhiteSpace=true ' Important! if not doc.load(Server.MapPath("uploaded.xml")) then Err.Raise 8, "" , doc.parseError.reason ' Create a signature object set cs = CreateObject("CreaSignClientIE.XmlSignature") ' Find the first signature in the document Set SignatureNode=doc.SelectSingleNode("//*[local-name(.)='Signature' and namespace-uri(.)='http://www.w3.org/2000/09/xmldsig#']") Set cs.XmlNode=SignatureNode set vr=cs.Verify(1) ' 1 = do not check for revocation in demo version %>

When the signature is invalid, the document should be rejected. The application should also implement additional checks to make sure that the document is valid. In this demo, we just print out the verification result and the document.


<table width="500px" border="0px" class="text"> <tr> <td valign="top" align="left"> <img src="<%if vr.OK then Response.Write("../images/signature_1.gif") else Response.Write("../images/signature_0.gif")%>"> </td> </tr> <tr> <td>Signature OK:</td> <td class="value"><%= vr.OK %></font><td> </tr> <tr> <td width="120px">Signed by:</td> <td class="value"><%= vr.Signer.DisplayName %></td> </tr> <tr> <td width="120px">Issued by:</td> <td class="value"><%= vr.Signer.IssuerName %></td> </tr> <tr> <td valign="top">Error message:</td> <td class="value"><%= vr.ErrorMessage %></td> </tr> </table>

See the demo in "Verify a Signature of a CreaDoc Document" for a detailed example of signature verification.


Send comments on this topic.

(c) CREA 2002-2007 www.creasign.si