To verify a signature in a Web browser, follow these steps:
<% ' load the document that was signed in browser Set doc = CreateObject("Msxml2.FreeThreadedDOMDocument.4.0") doc.preserveWhiteSpace=true ' Important! if not doc.load(Server.MapPath("uploaded.xml")) then Err.Raise 8, "" , doc.parseError.reason ' Create a signature object set cs = CreateObject("CreaSignClientIE.XmlSignature") ' Find the first signature in the document Set SignatureNode=doc.SelectSingleNode("//*[local-name(.)='Signature' and namespace-uri(.)='http://www.w3.org/2000/09/xmldsig#']") Set cs.XmlNode=SignatureNode set vr=cs.Verify(1) ' 1 = do not check for revocation in demo version %>
When the signature is invalid, the document should be rejected. The application should also implement additional checks to make sure that the document is valid. In this demo, we just print out the verification result and the document.
<table width="500px" border="0px" class="text"> <tr> <td valign="top" align="left"> <img src="<%if vr.OK then Response.Write("../images/signature_1.gif") else Response.Write("../images/signature_0.gif")%>"> </td> </tr> <tr> <td>Signature OK:</td> <td class="value"><%= vr.OK %></font><td> </tr> <tr> <td width="120px">Signed by:</td> <td class="value"><%= vr.Signer.DisplayName %></td> </tr> <tr> <td width="120px">Issued by:</td> <td class="value"><%= vr.Signer.IssuerName %></td> </tr> <tr> <td valign="top">Error message:</td> <td class="value"><%= vr.ErrorMessage %></td> </tr> </table>
See the demo in "Verify a Signature of a CreaDoc Document" for a detailed example of signature verification.
(c) CREA 2002-2007 www.creasign.si