SecureBlackbox 16: How do I include certificates when creating an XML signature?


First of all, to include a signing key or certificate with the signature you need to set the TElXMLSigner.IncludeKey property to true (this is the default value).

If you need to include just one certificate with the signature, take these steps:

  1. Set the Certificate property of the TElXMLKeyInfoX509Data instance to reference the certificate that will be used for signing.
  2. Ensure that the TElXMLKeyInfoX509Data.IncludeDataParams property includes the xkidX509Certificate option (it is included by default).

Follow the steps below to include a complete or partial certificate chain:

  1. Add all needed certificates (including the one being used for signing) to the instance of the TElMemoryCertStorage class.
  2. Set the Certificate property of the TElXMLKeyInfoX509Data instance to reference the certificate that will be used for signing. This should be the certificate taken from the instance of the TElMemoryCertStorage class.
  3. Set the CertStorage property of the TElXMLKeyInfoX509Data instance to reference the above-mentioned instance of the TElMemoryCertStorage class.
  4. Ensure that the TElXMLKeyInfoX509Data.IncludeDataParams property includes the xkidX509Certificate option (it is included by default).

If you are creating a XAdES signature, you need to set the TElXAdESSigner.SigningCertificates property to reference the above-mentioned instance of the TElMemoryCertStorage class.

We appreciate your feedback. If you have any questions, comments, or suggestions about this article please contact our support team at support@nsoftware.com.