diff --git a/xml/System.IdentityModel.Tokens/EncryptedKeyIdentifierClause.xml b/xml/System.IdentityModel.Tokens/EncryptedKeyIdentifierClause.xml
index df3ec120849..795cdf8e2d7 100644
--- a/xml/System.IdentityModel.Tokens/EncryptedKeyIdentifierClause.xml
+++ b/xml/System.IdentityModel.Tokens/EncryptedKeyIdentifierClause.xml
@@ -256,7 +256,7 @@
property is serialized into XML, it is placed in the <`CarriedKeyName`> element. For encrypted keys, the <`CarriedKeyName`> element is an optional element that associates a user-readable name with a key value. This name can then be used to reference the key using the <`KeyName`> element within the <`KeyInfo`> element. The same <`CarriedKeyName`> element value, unlike an ID value, can occur multiple times within a single document. The value of the key must be the same in all <`EncryptedKey`> elements identified with the same <`CarriedKeyName`> name within an XML document.
+ When the property is serialized into XML, it is placed in the `` element. For encrypted keys, the `` element is an optional element that associates a user-readable name with a key value. This name can then be used to reference the key using the `` element within the `` element. The same `` element value, unlike an ID value, can occur multiple times within a single document. The value of the key must be the same in all `` elements identified with the same `` name within an XML document.
]]>
diff --git a/xml/System.Security.Cryptography.Xml/CipherData.xml b/xml/System.Security.Cryptography.Xml/CipherData.xml
index 85cf8658fe2..775d21e943e 100644
--- a/xml/System.Security.Cryptography.Xml/CipherData.xml
+++ b/xml/System.Security.Cryptography.Xml/CipherData.xml
@@ -36,7 +36,7 @@
## Examples
- The following code example uses the class to create an <`EncryptedData`> element that contains a <`CipherData`> element, and then writes the XML to an XML file.
+ The following code example uses the class to create an `` element that contains a `` element, and then writes the XML to an XML file.
[!code-cpp[cryptgraphy.Xml.EncryptedData#1](~/samples/snippets/cpp/VS_Snippets_CLR/cryptgraphy.Xml.EncryptedData/cpp/encrypteddata.cpp#1)]
[!code-csharp[cryptgraphy.Xml.EncryptedData#1](~/samples/snippets/csharp/VS_Snippets_CLR/cryptgraphy.Xml.EncryptedData/CS/encrypteddata.cs#1)]
diff --git a/xml/System.Security.Cryptography.Xml/EncryptedXml.xml b/xml/System.Security.Cryptography.Xml/EncryptedXml.xml
index 7d5a4c338dc..becb8e0a91f 100644
--- a/xml/System.Security.Cryptography.Xml/EncryptedXml.xml
+++ b/xml/System.Security.Cryptography.Xml/EncryptedXml.xml
@@ -398,7 +398,7 @@
## Remarks
Use the method to decrypt an element using a symmetric key.
- Note that the method only decrypts top-level <`EncryptedData`> tags. In cases where one or more <`EncryptedData`> tags have been encrypted and are contained within higher level <`EncryptedData`> tags, you can call the method separately for each one. See the method for a code example.
+ Note that the method only decrypts top-level `` tags. In cases where one or more `` tags have been encrypted and are contained within higher level `` tags, you can call the method separately for each one. See the method for a code example.
@@ -471,7 +471,7 @@
[!code-csharp[Cryptography.XML.XMLEncMapKeyX509#1](~/samples/snippets/csharp/VS_Snippets_CLR/Cryptography.XML.XMLEncMapKeyX509/CS/sample.cs#1)]
[!code-vb[Cryptography.XML.XMLEncMapKeyX509#1](~/samples/snippets/visualbasic/VS_Snippets_CLR/Cryptography.XML.XMLEncMapKeyX509/VB/sample.vb#1)]
- The following code example demonstrates how to decrypt a high level <`EncryptedData`> tag that contains another encrypted <`EncryptedData`> tag.
+ The following code example demonstrates how to decrypt a high level `` tag that contains another encrypted `` tag.
[!code-csharp[Cryptography.XML.EncryptedDocument.DecryptDocument-SuperEncryption#1](~/samples/snippets/csharp/VS_Snippets_Misc/Cryptography.XML.EncryptedDocument.DecryptDocument-SuperEncryption/CS/sample.cs#1)]
[!code-vb[Cryptography.XML.EncryptedDocument.DecryptDocument-SuperEncryption#1](~/samples/snippets/visualbasic/VS_Snippets_Misc/Cryptography.XML.EncryptedDocument.DecryptDocument-SuperEncryption/VB/sample.vb#1)]
diff --git a/xml/System.Security.Cryptography.Xml/KeyInfoX509Data.xml b/xml/System.Security.Cryptography.Xml/KeyInfoX509Data.xml
index a9fd0e3de4a..21a2be2155a 100644
--- a/xml/System.Security.Cryptography.Xml/KeyInfoX509Data.xml
+++ b/xml/System.Security.Cryptography.Xml/KeyInfoX509Data.xml
@@ -546,7 +546,7 @@
property represents the ` element of an XML digital signature using a list of structures contained within. The ` element represents an issuer name and serial number pair, which identify a specific X.509v3 certificate.
+ The property represents the `` element of an XML digital signature using a list of structures contained within. The `` element represents an issuer name and serial number pair, which identify a specific X.509v3 certificate.
The issuer of an X.509 certificate is the name of the certification authority that issued the certificate. Certification authorities assign each certificate they issue a unique serial number.
diff --git a/xml/System.Security.Cryptography.Xml/Signature.xml b/xml/System.Security.Cryptography.Xml/Signature.xml
index c2b33e6aabc..32b3196f62d 100644
--- a/xml/System.Security.Cryptography.Xml/Signature.xml
+++ b/xml/System.Security.Cryptography.Xml/Signature.xml
@@ -27,9 +27,9 @@
class represents the <`Signature`> element of an XML signature defined by the XML digital signature specification. The <`Signature`> element is the root element of an XML digital signature. The , , , and properties encapsulate the subelements of the <`Signature`> element.
+ The class represents the `` element of an XML signature defined by the XML digital signature specification. The `` element is the root element of an XML digital signature. The , , , and properties encapsulate the subelements of the `` element.
- For more information about the <`Signature`> element, see the [W3C specification](https://www.w3.org/TR/xmldsig-core/).
+ For more information about the `` element, see the [W3C specification](https://www.w3.org/TR/xmldsig-core/).
@@ -236,7 +236,7 @@
property uses a object to represent the <`KeyInfo`> element of an XML digital signature.
+ The property uses a object to represent the `` element of an XML digital signature.
For more information about XML digital signatures, see the [W3C specification](https://www.w3.org/TR/xmldsig-core/).
@@ -329,7 +329,7 @@
property uses a collection of objects to represent the <`Object`> tag of an XML digital signature.
+ The property uses a collection of objects to represent the `` tag of an XML digital signature.
You can also add a to this collection using the method.
@@ -370,7 +370,7 @@
property uses a byte array to represent the <`SignatureValue`> element of an XML digital signature contained within.
+ The property uses a byte array to represent the `` element of an XML digital signature contained within.
For more information about XML digital signatures, see the [W3C specification](https://www.w3.org/TR/xmldsig-core/).
@@ -409,7 +409,7 @@
property uses the class to represent the <`SignedInfo`> element of an XML digital signature contained within.
+ The property uses the class to represent the `` element of an XML digital signature contained within.
For more information about XML digital signatures, see the [W3C specification](https://www.w3.org/TR/xmldsig-core/).
diff --git a/xml/System.Security.Cryptography.Xml/SignedXml.xml b/xml/System.Security.Cryptography.Xml/SignedXml.xml
index f1d11eff770..572cb31c1c3 100644
--- a/xml/System.Security.Cryptography.Xml/SignedXml.xml
+++ b/xml/System.Security.Cryptography.Xml/SignedXml.xml
@@ -27,25 +27,25 @@
class is the .NET Framework implementation of the World Wide Web Consortium (W3C) [XML Signature Syntax and Processing Specification](https://www.w3.org/TR/xmldsig-core/), also known as XMLDSIG (XML Digital Signature). XMLDSIG is a standards-based, interoperable way to sign and verify all or part of an XML document or other data that is addressable from a Uniform Resource Identifier (URI).
+ The class is the .NET implementation of the World Wide Web Consortium (W3C) [XML Signature Syntax and Processing Specification](https://www.w3.org/TR/xmldsig-core/), also known as XMLDSIG (XML Digital Signature). XMLDSIG is a standards-based, interoperable way to sign and verify all or part of an XML document or other data that is addressable from a Uniform Resource Identifier (URI).
- Use the class whenever you need to share signed XML data between applications or organizations in a standard way. Any data signed using this class can be verified by any conforming implementation of the W3C specification for XMLDSIG.
+ Use the class whenever you need to share signed XML data between applications or organizations in a standard way. Any data signed using this class can be verified by any conforming implementation of the W3C specification for XMLDSIG.
The class allows you to create the following three kinds of XML digital signatures:
|Signature Type|Description|
|--------------------|-----------------|
|Enveloped signature|The signature is contained within the XML element being signed.|
-|Enveloping signature|The signed XML is contained within the <`Signature`> element.|
+|Enveloping signature|The signed XML is contained within the `` element.|
|Internal detached signature|The signature and signed XML are in the same document, but neither element contains the other.|
There is also a fourth kind of signature called an external detached signature which is when the data and signature are in separate XML documents. External detached signatures are not supported by the class.
-## The structure of an XML Signature
- XMLDSIG creates a <`Signature`> element, which contains a digital signature of an XML document or other data that is addressable from a URI. The <`Signature`> element can optionally contain information about where to find a key that will verify the signature and which cryptographic algorithm was used for signing. The basic structure is as follows:
-
-```xml
+## The structure of an XML Signature
+
+XMLDSIG creates a `` element, which contains a digital signature of an XML document or other data that is addressable from a URI. The `` element can optionally contain information about where to find a key that will verify the signature and which cryptographic algorithm was used for signing. The basic structure is as follows:
+```xml
AnotherBase64EncodedValue===
-
-
+
```
- The main parts of this structure are:
-
- The <`CanonicalizationMethod`> element
- Specifies the rules for rewriting the `Signature` element from XML/text into bytes for signature validation. The default value in the .NET Framework is https://www.w3.org/TR/2001/REC-xml-c14n-20010315, which identifies a trustworthy algorithm. This element is represented by the property.
+The main parts of this structure are:
- The <`SignatureMethod`> element
- Specifies the algorithm used for signature generation and validation, which was applied to the <`Signature`> element to produce the value in <`SignatureValue`>. In the example above, the value http://www.w3.org/2000/09/xmldsig#rsa-sha1 identifies an RSA PKCS1 SHA-1 signature. This element is represented by the property.
+- The `` element
+
+ Specifies the rules for rewriting the `Signature` element from XML/text into bytes for signature validation. The default value in .NET is , which identifies a trustworthy algorithm. This element is represented by the property.
- The <`SignatureValue`> element
- Specifies the cryptographic signature for the <`Signature`> element. If this signature does not verify, then some portion of the <`Signature`> block was tampered with, and the document is considered invalid. As long as the <`CanonicalizationMethod`> value is trustworthy, this value is highly resistant to tampering. This element is represented by the property.
+- The `` element
+
+ Specifies the algorithm used for signature generation and validation, which was applied to the `` element to produce the value in ``. In the previous example, the value identifies an RSA PKCS1 SHA-1 signature. This element is represented by the property.
- The `URI` attribute of the <`Reference`> element
- Specifies a data object using a URI reference. This attribute is represented by the property.
+- The `` element
+
+ Specifies the cryptographic signature for the `` element. If this signature does not verify, then some portion of the `` block was tampered with, and the document is considered invalid. As long as the `` value is trustworthy, this value is highly resistant to tampering. This element is represented by the property.
-- Not specifying the `URI` attribute, that is, setting the property to `null`, means that the receiving application is expected to know the identity of the object. In most cases, a `null` URI will result in an exception being thrown. Do not use a `null` URI, unless your application is interoperating with a protocol which requires it.
+- The `URI` attribute of the `` element
+
+ Specifies a data object using a URI reference. This attribute is represented by the property.
-- Setting the `URI` attribute to an empty string indicates that the root element of the document is being signed, a form of enveloped signature.
+ - Not specifying the `URI` attribute, that is, setting the property to `null`, means that the receiving application is expected to know the identity of the object. In most cases, a `null` URI will result in an exception being thrown. Do not use a `null` URI, unless your application is interoperating with a protocol which requires it.
-- If the value of `URI` attribute starts with #, then the value must resolve to an element in the current document. This form can be used with any of the supported signature types (enveloped signature, enveloping signature or internal detached signature).
+ - Setting the `URI` attribute to an empty string indicates that the root element of the document is being signed, a form of enveloped signature.
-- Anything else is considered an external resource detached signature and is not supported by the class.
+ - If the value of `URI` attribute starts with #, then the value must resolve to an element in the current document. This form can be used with any of the supported signature types (enveloped signature, enveloping signature or internal detached signature).
- The <`Transforms`> element
- Contains an ordered list of <`Transform`> elements that describe how the signer obtained the data object that was digested. A transform algorithm is similar to the canonicalization method, but instead of rewriting the <`Signature`> element, it rewrites the content identified by the `URI` attribute of the <`Reference`> element. The <`Transforms`> element is represented by the class.
+ - Anything else is considered an external resource detached signature and is not supported by the class.
-- Each transform algorithm is defined as taking either XML (an XPath node-set) or bytes as input. If the format of the current data differs from the transform input requirements, conversion rules are applied.
+- The `` element
+
+ Contains an ordered list of `` elements that describe how the signer obtained the data object that was digested. A transform algorithm is similar to the canonicalization method, but instead of rewriting the `` element, it rewrites the content identified by the `URI` attribute of the `` element. The `` element is represented by the class.
-- Each transform algorithm is defined as producing either XML or bytes as the output.
+ - Each transform algorithm is defined as taking either XML (an XPath node-set) or bytes as input. If the format of the current data differs from the transform input requirements, conversion rules are applied.
-- If the output of the last transform algorithm is not defined in bytes (or no transforms were specified), then the [canonicalization method](https://www.w3.org/TR/2001/REC-xml-c14n-20010315) is used as an implicit transform (even if a different algorithm was specified in the <`CanonicalizationMethod`> element).
+ - Each transform algorithm is defined as producing either XML or bytes as the output.
-- A value of http://www.w3.org/2000/09/xmldsig#enveloped-signature for the transform algorithm encodes a rule which is interpreted as remove the <`Signature`> element from the document. Otherwise, a verifier of an enveloped signature will digest the document, including the signature, but the signer would have digested the document before the signature was applied, leading to different answers.
+ - If the output of the last transform algorithm is not defined in bytes (or no transforms were specified), then the [canonicalization method](https://www.w3.org/TR/2001/REC-xml-c14n-20010315) is used as an implicit transform (even if a different algorithm was specified in the `` element).
- The <`DigestMethod`> element
- Identifies the digest (cryptographic hash) method to apply on the transformed content identified by the `URI` attribute of the <`Reference`> element. This is represented by the property.
+ - A value of for the transform algorithm encodes a rule which is interpreted as remove the `` element from the document. Otherwise, a verifier of an enveloped signature will digest the document, including the signature, but the signer would have digested the document before the signature was applied, leading to different answers.
+
+- The `` element
+
+ Identifies the digest (cryptographic hash) method to apply on the transformed content identified by the `URI` attribute of the `` element. This is represented by the property.
## Choosing a canonicalization method
- Unless interoperating with a specification which requires the use of a different value, we recommend that you use the default canonicalization method in the .NET Framework which is the XML-C14N 1.0 algorithm, whose value is https://www.w3.org/TR/2001/REC-xml-c14n-20010315. The XML-C14N 1.0 algorithm is required to be supported by all implementations of XMLDSIG, particularly as it is an implicit final transform to apply.
+ Unless interoperating with a specification which requires the use of a different value, we recommend that you use the default .NET canonicalization method, which is the XML-C14N 1.0 algorithm, whose value is . The XML-C14N 1.0 algorithm is required to be supported by all implementations of XMLDSIG, particularly as it is an implicit final transform to apply.
- There are versions of canonicalization algorithms which support preserving comments. Comment-preserving canonicalization methods are not recommended because they violate the "sign what is seen" principle. That is, the comments in a <`Signature`> element will not alter the processing logic for how the signature is performed, merely what the signature value is. When combined with a weak signature algorithm, allowing the comments to be included gives an attacker unnecessary freedom to force a hash collision, making a tampered document appear legitimate. In the .NET Framework, only built-in canonicalizers are supported by default. To support additional or custom canonicalizers, see the property. If the document uses a canonicalization method that is not in the collection represented by the property, then the method will return `false`.
+ There are versions of canonicalization algorithms which support preserving comments. Comment-preserving canonicalization methods are not recommended because they violate the "sign what is seen" principle. That is, the comments in a `` element will not alter the processing logic for how the signature is performed, merely what the signature value is. When combined with a weak signature algorithm, allowing the comments to be included gives an attacker unnecessary freedom to force a hash collision, making a tampered document appear legitimate. In the .NET Framework, only built-in canonicalizers are supported by default. To support additional or custom canonicalizers, see the property. If the document uses a canonicalization method that is not in the collection represented by the property, then the method will return `false`.
> [!NOTE]
> An extremely defensive application can remove any values it does not expect signers to use from the collection.
## Are the Reference values safe from tampering?
- Yes, the <`Reference`> values are safe from tampering. The .NET framework verifies the <`SignatureValue`> computation before processing any of the <`Reference`> values and their associated transforms, and will abort early to avoid potentially malicious processing instructions.
+ Yes, the `` values are safe from tampering. .NET verifies the `` computation before processing any of the `` values and their associated transforms, and will abort early to avoid potentially malicious processing instructions.
## Choosing the elements to sign
We recommend that you use the value of "" for the `URI` attribute (or set the property to an empty string), if possible. This means the whole document is considered for the digest computation, which means the whole document is protected from tampering.
@@ -120,20 +125,20 @@
If you need to accept documents which are only partially protected and you want to ensure that you are reading the same content that the signature protected, use the method.
## Security considerations about the KeyInfo element
- The data in the optional <`KeyInfo`> element (that is, the property), which contains a key to validate the signature, should not be trusted.
+ The data in the optional `` element (that is, the property), which contains a key to validate the signature, should not be trusted.
In particular, when the value represents a bare RSA, DSA or ECDSA public key, the document could have been tampered with, despite the method reporting that the signature is valid. This can happen because the entity doing the tampering just has to generate a new key and re-sign the tampered document with that new key. So, unless your application verifies that the public key is an expected value, the document should be treated as if it were tampered with. This requires that your application examine the public key embedded within the document and verify it against a list of known values for the document context. For example, if the document could be understood to be issued by a known user, you'd check the key against a list of known keys used by that user.
You can also verify the key after processing the document by using the method, instead of using the method. But, for the optimal security, you should verify the key beforehand.
- Alternately, consider trying the user's registered public keys, rather than reading what's in the <`KeyInfo`> element.
+ Alternately, consider trying the user's registered public keys, rather than reading what's in the `` element.
## Security considerations about the X509Data element
- The optional <`X509Data`> element is a child of the <`KeyInfo`> element and contains one or more X509 certificates or identifiers for X509 certificates. The data in the <`X509Data`> element should also not be inherently trusted.
+ The optional `` element is a child of the `` element and contains one or more X509 certificates or identifiers for X509 certificates. The data in the `` element should also not be inherently trusted.
- When verifying a document with the embedded <`X509Data`> element, the .NET Framework verifies only that the data resolves to an X509 certificate whose public key can be successfully used to validate the document signature. Unlike calling the method with the `verifySignatureOnly` parameter set to `false`, no revocation check is performed, no chain trust is checked, and no expiration is verified. Even if your application extracts the certificate itself and passes it to the method with the `verifySignatureOnly` parameter set to `false`, that is still not sufficient validation to prevent document tampering. The certificate still needs to be verified as being appropriate for the document being signed.
+ When verifying a document with the embedded `` element, .NET verifies only that the data resolves to an X509 certificate whose public key can be successfully used to validate the document signature. Unlike calling the method with the `verifySignatureOnly` parameter set to `false`, no revocation check is performed, no chain trust is checked, and no expiration is verified. Even if your application extracts the certificate itself and passes it to the method with the `verifySignatureOnly` parameter set to `false`, that is still not sufficient validation to prevent document tampering. The certificate still needs to be verified as being appropriate for the document being signed.
- Using an embedded signing certificate can provide useful key rotation strategies, whether in the <`X509Data`> section or in the document content. When using this approach an application should extract the certificate manually and perform validation similar to:
+ Using an embedded signing certificate can provide useful key rotation strategies, whether in the `` section or in the document content. When using this approach an application should extract the certificate manually and perform validation similar to:
- The certificate was issued directly or via a chain by a Certificate Authority (CA) whose public certificate is embedded in the application.
@@ -146,9 +151,9 @@
- The certificate subject is verified as being appropriate to the current document.
## Choosing the transform algorithm
- If you are interoperating with a specification which has dictated specific values (such as XrML), then you need to follow the specification. If you have an enveloped signature (such as when signing the whole document), then you need to use http://www.w3.org/2000/09/xmldsig#enveloped-signature (represented by the class). You can specify the implicit XML-C14N transform as well, but it's not necessary. For an enveloping or detached signature, no transforms are required. The implicit XML-C14N transform takes care of everything.
+ If you are interoperating with a specification which has dictated specific values (such as XrML), then you need to follow the specification. If you have an enveloped signature (such as when signing the whole document), then you need to use (represented by the class). You can specify the implicit XML-C14N transform as well, but it's not necessary. For an enveloping or detached signature, no transforms are required. The implicit XML-C14N transform takes care of everything.
- With the security updated introduced by the [Microsoft Security Bulletin MS16-035](https://docs.microsoft.com/security-updates/securitybulletins/2016/ms16-035), the .NET Framework has restricted what transforms can be used in document verification by default, with untrusted transforms causing to always return `false`. In particular, transforms which require additional input (specified as child elements in the XML) are no longer allowed due to their susceptibility of abuse by malicious users. The W3C advises avoiding the XPath and XSLT transforms, which are the two main transforms affected by these restrictions.
+ With the security updated introduced by the [Microsoft Security Bulletin MS16-035](https://docs.microsoft.com/security-updates/securitybulletins/2016/ms16-035), .NET has restricted what transforms can be used in document verification by default, with untrusted transforms causing to always return `false`. In particular, transforms which require additional input (specified as child elements in the XML) are no longer allowed due to their susceptibility of abuse by malicious users. The W3C advises avoiding the XPath and XSLT transforms, which are the two main transforms affected by these restrictions.
## The problem with external references
If an application does not verify that external references seem appropriate for the current context, they can be abused in ways that provide for many security vulnerabilities (including Denial of Service, Distributed Reflection Denial of Service, Information Disclosure, Signature Bypass, and Remote Code Execution). Even if an application were to validate the external reference URI, there would remain a problem of the resource being loaded twice: once when your application reads it, and once when reads it. Since there's no guarantee that the application read and document verify steps have the same content, the signature does not provide trustworthiness.
@@ -351,7 +356,7 @@
method adds an <`Object`> element that represents an object to be signed to the <`Signature`> element of an XML digital signature.
+ The method adds an `` element that represents an object to be signed to the `` element of an XML digital signature.
The method internally calls the method of the object encapsulated by the object. You can also add a object by directly calling the method from the property.
@@ -402,7 +407,7 @@
method adds a <`Reference`> element to the object that describes a digest method, digest value, and transform to use for creating an XML digital signature. The <`Reference`> element is a subelement of the <`SignedInfo`> element.
+ The method adds a `` element to the object that describes a digest method, digest value, and transform to use for creating an XML digital signature. The `` element is a subelement of the `` element.
The method internally calls the method of the object encapsulated by the object. You can also add a object by directly calling the method from the property.
@@ -1072,7 +1077,7 @@
property represents the <`KeyInfo`> element of an XML digital signature using a object contained within the property. The <`KeyInfo`> element is a subelement of the <`Signature`> element.
+ The property represents the `` element of an XML digital signature using a object contained within the property. The `` element is a subelement of the `` element.
Use the property to embed key-related information intended to help identify the key necessary for validating an XML document.
@@ -1307,7 +1312,7 @@
property represents the <`Signature`> element of an XML digital signature using a object contained within the property. The <`Signature`> element is the root element used for XML digital signature creation and verification.
+ The property represents the `` element of an XML digital signature using a object contained within the property. The `` element is the root element used for XML digital signature creation and verification.
Use the property to retrieve the object used by the object.
@@ -1432,9 +1437,9 @@
property represents the <`SignatureMethod`> element of an XML digital signature using a Uniform Resource Identifier (URI) string contained within the property. The <`SignatureMethod`> element is a subelement of the <`SignedInfo`> element.
+ The property represents the `` element of an XML digital signature using a Uniform Resource Identifier (URI) string contained within the property. The `` element is a subelement of the `` element.
- Use the property to retrieve the <`SignatureMethod`> URI used by the object. This property is read only. For more information about programmatically specifying a URI for the <`SignatureMethod`> element, see the property.
+ Use the property to retrieve the `` URI used by the object. This property is read only. For more information about programmatically specifying a URI for the `` element, see the property.
For more information about the `` element, see the [XMLDSIG specification](https://www.w3.org/TR/xmldsig-core/).
@@ -1472,7 +1477,7 @@
property represents the <`SignatureValue`> element of an XML digital signature using an array of bytes contained within the property. The <`SignatureValue`> element is a subelement of the <`Signature>` element.
+ The property represents the `` element of an XML digital signature using an array of bytes contained within the property. The `` element is a subelement of the `` element.
Use the property to retrieve the value of the XML digital signature. This property is automatically populated when you make a successful call to the method.
@@ -1512,7 +1517,7 @@
property represents the <`SignedInfo`> element of an XML digital signature using an array of bytes contained within the property. The <`SignedInfo`> element is a subelement of the <`Signature>` element.
+ The property represents the `` element of an XML digital signature using an array of bytes contained within the property. The `` element is a subelement of the `` element.
Use the property to retrieve the object that is used by the object to create an XML digital signature.
@@ -1636,11 +1641,11 @@
field is "http://www.w3.org/2002/07/decrypt#XML".
+ The value of the field is .
Use this field to conveniently supply a value to one of the URI attributes of an element used for XMLDSIG.
- For more information, see the World Wide Web Consortium (W3C) specification at http://www.w3.org/2002/07/decrypt#XML.
+ For more information, see the [World Wide Web Consortium (W3C) specification](https://www.w3.org/2002/07/decrypt#XML).
]]>
@@ -1674,13 +1679,13 @@
field is "http://www.w3.org/2000/09/xmldsig#base64".
+ The value of the field is .
Use this field to conveniently supply a value to one of the URI attributes of an element used for XMLDSIG.
The class implements the transform described by the field.
- For more information, see the World Wide Web Consortium (W3C) specification at http://www.w3.org/2000/09/xmldsig#base64.
+ For more information, see the [World Wide Web Consortium (W3C) schema](https://www.w3.org/2000/09/xmldsig#base64).
@@ -1723,7 +1728,7 @@
field is `http://www.w3.org/TR/2001/REC-xml-c14n-20010315`.
+ The value of the field is .
Use this field to conveniently supply a value to one of the URI attributes of an element used for XMLDSIG.
@@ -1774,7 +1779,7 @@
field is `http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments`.
+ The value of the field is .
Use this field to conveniently supply a value to one of the URI attributes of an element used for XMLDSIG.
@@ -1817,7 +1822,7 @@
field is `http://www.w3.org/TR/2001/REC-xml-c14n-20010315`.
+ The value of the field is .
Use this field to conveniently supply a value to one of the URI attributes of an element used for XMLDSIG.
@@ -1860,7 +1865,7 @@
field is `http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments`.
+ The value of the field is .
Use this field to conveniently supply a value to one of the URI attributes of an element used for XMLDSIG.
@@ -1903,11 +1908,11 @@
field is "http://www.w3.org/2000/09/xmldsig#dsa-sha1".
+ The value of the field is .
Use this field to conveniently supply a value to one of the URI attributes of an element used for XMLDSIG.
- For more information, see the World Wide Web Consortium (W3C) specification at http://www.w3.org/2000/09/xmldsig#dsa-sha1.
+ For more information, see the [World Wide Web Consortium (W3C) schema](https://www.w3.org/2000/09/xmldsig#dsa-sha1).
]]>
@@ -1941,13 +1946,13 @@
field is "http://www.w3.org/2000/09/xmldsig#enveloped-signature".
+ The value of the field is .
Use this field to conveniently supply a value to one of the URI attributes of an element used for XMLDSIG.
The class implements the transform described by the field.
- For more information, see the World Wide Web Consortium (W3C) specification at http://www.w3.org/2000/09/xmldsig#enveloped-signature.
+ For more information, see the [World Wide Web Consortium (W3C) schema](https://www.w3.org/2000/09/xmldsig#enveloped-signature).
@@ -1990,13 +1995,13 @@
field is "http://www.w3.org/2001/10/xml-exc-c14n#".
+ The value of the field is .
Use this field to conveniently supply a value to one of the URI attributes of an element used for XMLDSIG.
The class implements the transform described by the field.
- For more information, see the World Wide Web Consortium (W3C) specification at http://www.w3.org/2001/10/xml-exc-c14n#.
+ For more information, see the [World Wide Web Consortium (W3C) specification](https://www.w3.org/2001/10/xml-exc-c14n).
@@ -2039,13 +2044,13 @@
field is "http://www.w3.org/2001/10/xml-exc-c14n#WithComments".
+ The value of the field is .
Use this field to conveniently supply a value to one of the URI attributes of an element used for XMLDSIG.
The class implements the transform described by the field.
- For more information, see the World Wide Web Consortium (W3C) specification at http://www.w3.org/2001/10/xml-exc-c14n#WithComments.
+ For more information, see the [World Wide Web Consortium (W3C) specification](https://www.w3.org/2001/10/xml-exc-c14n#WithComments).
@@ -2089,11 +2094,11 @@
field is "http://www.w3.org/2000/09/xmldsig#hmac-sha1".
+ The value of the field is .
Use this field to conveniently supply a value to one of the URI attributes of an element used for XMLDSIG.
- For more information, see the World Wide Web Consortium (W3C) specification at http://www.w3.org/2000/09/xmldsig#hmac-sha1.
+ For more information, see the [World Wide Web Consortium (W3C) specification](https://www.w3.org/2000/09/xmldsig#hmac-sha1).
]]>
@@ -2128,11 +2133,11 @@
field is "http://www.w3.org/2000/09/xmldsig#minimal".
+ The value of the field is .
Use this field to conveniently supply a value to one of the URI attributes of an element used for XMLDSIG.
- For more information, see the World Wide Web Consortium (W3C) specification at http://www.w3.org/2000/09/xmldsig#minimal.
+ For more information, see the [World Wide Web Consortium (W3C) specification](https://www.w3.org/2000/09/xmldsig#minimal).
]]>
@@ -2167,11 +2172,11 @@
field is "http://www.w3.org/2000/09/xmldsig#".
+ The value of the field is .
Use this field to conveniently supply a value to one of the URI attributes of an element used for XMLDSIG.
- For more information, see the World Wide Web Consortium (W3C) specification at http://www.w3.org/2000/09/xmldsig#.
+ For more information, see the [World Wide Web Consortium (W3C) schema](https://www.w3.org/2000/09/xmldsig).
]]>
@@ -2206,11 +2211,11 @@
field is "http://www.w3.org/2000/09/xmldsig#rsa-sha1".
+ The value of the field is .
Use this field to conveniently supply a value to one of the URI attributes of an element used for XMLDSIG.
- For more information, see the World Wide Web Consortium (W3C) specification at http://www.w3.org/2000/09/xmldsig#rsa-sha1.
+ For more information, see the [World Wide Web Consortium (W3C) schema](https://www.w3.org/2000/09/xmldsig#rsa-sha1).
]]>
@@ -2241,11 +2246,11 @@
field is "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256".
+ The value of the field is .
Use this field to conveniently supply a value to one of the URI attributes of an element used for XMLDSIG.
- For more information, see the World Wide Web Consortium (W3C) specification at [https://www.w3.org/2001/04/xmldsig-more#rsa-sha256](https://www.w3.org/2001/04/xmldsig-more#rsa-sha256).
+ For more information, see the [World Wide Web Consortium (W3C) specification](https://www.w3.org/2001/04/xmldsig-more#rsa-sha256).
]]>
@@ -2276,11 +2281,11 @@
field is "http://www.w3.org/2001/04/xmldsig-more#rsa-sha384".
+ The value of the field is .
Use this field to conveniently supply a value to one of the URI attributes of an element used for XMLDSIG.
- For more information, see the World Wide Web Consortium (W3C) specification at [https://www.w3.org/2001/04/xmldsig-more#rsa-sha384](https://www.w3.org/2001/04/xmldsig-more#rsa-sha384).
+ For more information, see the [World Wide Web Consortium (W3C) specification](https://www.w3.org/2001/04/xmldsig-more#rsa-sha384).
]]>
@@ -2311,11 +2316,11 @@
field is "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512".
+ The value of the field is .
Use this field to conveniently supply a value to one of the URI attributes of an element used for XMLDSIG.
- For more information, see the World Wide Web Consortium (W3C) specification at [https://www.w3.org/2001/04/xmldsig-more#rsa-sha512](https://www.w3.org/2001/04/xmldsig-more#rsa-sha512).
+ For more information, see the [World Wide Web Consortium (W3C) specification](https://www.w3.org/2001/04/xmldsig-more#rsa-sha512).
]]>
@@ -2350,11 +2355,11 @@
field is "http://www.w3.org/2000/09/xmldsig#sha1".
+ The value of the field is .
Use this field to conveniently supply a value to one of the URI attributes of an element used for XMLDSIG.
- For more information, see the World Wide Web Consortium (W3C) specification at http://www.w3.org/2000/09/xmldsig#sha1.
+ For more information, see the [World Wide Web Consortium (W3C) schema](https://www.w3.org/2000/09/xmldsig#sha1).
]]>
@@ -2385,11 +2390,11 @@
field is "http://www.w3.org/2001/04/xmlenc#sha256".
+ The value of the field is .
Use this field to conveniently supply a value to one of the URI attributes of an element used for XMLDSIG.
- For more information, see the World Wide Web Consortium (W3C) specification at [http://www.w3.org/2001/04/xmlenc#sha256](https://www.w3.org/2001/04/xmlenc#sha256).
+ For more information, see the [World Wide Web Consortium (W3C) specification](https://www.w3.org/2001/04/xmlenc#sha256).
]]>
@@ -2420,11 +2425,11 @@
field is "http://www.w3.org/2001/04/xmldsig-more#sha384".
+ The value of the field is .
Use this field to conveniently supply a value to one of the URI attributes of an element used for XMLDSIG.
- For more information, see the World Wide Web Consortium (W3C) specification at [https://www.w3.org/2001/04/xmldsig-more#sha384](https://www.w3.org/2001/04/xmldsig-more#sha384).
+ For more information, see the [World Wide Web Consortium (W3C) specification](https://www.w3.org/2001/04/xmldsig-more#sha384).
]]>
@@ -2455,11 +2460,11 @@
field is "http://www.w3.org/2001/04/xmlenc#sha512".
+ The value of the field is .
Use this field to conveniently supply a value to one of the URI attributes of an element used for XMLDSIG.
- For more information, see the World Wide Web Consortium (W3C) specification at [http://www.w3.org/2001/04/xmlenc#sha512](https://www.w3.org/2001/04/xmlenc#sha512).
+ For more information, see the [World Wide Web Consortium (W3C) specification](https://www.w3.org/2001/04/xmlenc#sha512).
]]>
@@ -2493,13 +2498,13 @@
field is "http://www.w3.org/TR/1999/REC-xpath-19991116".
+ The value of the field is .
Use this field to conveniently supply a value to one of the URI attributes of an element used for XMLDSIG.
The class implements the transform described by the field.
- For more information, see the World Wide Web Consortium (W3C) specification at http://www.w3.org/TR/1999/REC-xpath-19991116.
+ For more information, see the [World Wide Web Consortium (W3C) specification](https://www.w3.org/TR/1999/REC-xpath-19991116).
@@ -2541,13 +2546,13 @@
field is "http://www.w3.org/TR/1999/REC-xslt-19991116".
+ The value of the field is .
Use this field to conveniently supply a value to one of the URI attributes of an element used for XMLDSIG.
The class implements the transform described by the