First XML digital signature created
This is the first fully standards-compliant XML digital signature created by Open eSignForms software. It uses our first standard format, an Enveloped Signature that encompasses the entire XML source document as well as a special Seal containing platform identity information. It was captured on 23 February 2011 on a developer's PC in Kirkland, Washington. It can still be validated by any compliant XML Digital Signature implementation, including our XmlDigitalSignatureSimpleVerifier. Of course, the 2011 and 2019 versions of the Open eSignForms XML Digital Signature format is more robust than this first signature.
<?xml version="1.0" encoding="UTF-8" standalone="no"?><onerootonly><myxml>my xml data</myxml><needRoot>some root</needRoot><Signature xmlns="http://www.w3.org/2000/09/xmldsig#" Id="OpenESignForms_Seal"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><Reference URI=""><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><DigestValue>GWV+f3kPfE70H+5hqSHK4l4Qj7IOdxxY1J0qgX2ivQQ=</DigestValue></Reference><Reference URI="#OpenESignForms_Seal_ID"><DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><DigestValue>TfXGCUKsxSc6UzDN3rF/lS7I8IIaFoDTTGqLhtj76lk=</DigestValue></Reference></SignedInfo><SignatureValue>YTttBYx7BHT5uVN41OMKApdic8OeQzEQV8fhPEgHDT3W4Hsat8Lyiff84j8RPNAsUFWjjeXtmEJD
Z/ewQrgye0V8Db/Q/dTXAJiOD88b+bXok/l6zK8EW+sNW02+XCM2LeUS6Wo30Jghddtw6Y9pwRly
vwBEbFuKzMDpXjkWnVY8iBuyRtoDUEAgkg281QwqsPZXQWHmGTBqaMjAvl+1Kg+lYo3YEnhHbP+W
UoPYPVR/DBs/jgDnzUSE5PaLbT7JLeJE/1mBxCorxNnNHhfijGqF+VkNxUaxotlUC9mPWr/FaWUW
0aG13oPdcOo0+U7uahVcCbsonEfKzSkAM6YLQQ==</SignatureValue><KeyInfo><KeyName>ac6186d4-e5f0-43ba-96e5-44f5e96e504d</KeyName><KeyValue><RSAKeyValue><Modulus>3nIDqFP4KfGv8Wft+9IRIoOkSm/DQwdgFQZdK1lLBXGqlfhQ99Nven21sHaNHchEbOACSc+Eu3I5
6YT7BaDl9Bf851eg6uhbir/JA2cWn5ANaN+TN1s1F6Ircuk77ST2AVwhzDhSZdBVWg3qmv1On2p2
QWWElGBXrW1UDxl3auKdibkTxqe5kZMaB4juWzvajz4JcdmGJs0AjpXUBLWdltXWDEzpIH3rPbZk
gBxSqlynaiKjXiNNkr2TWL3uOnlwJ3qkqgeJQTavVN9DkzkWWTm3UH0RQW8XhfXYFJa9iauLQ3c1
srFORgaSH1QmuNKdX/0N9mYbetGIVUrfSdultw==</Modulus><Exponent>AQAB</Exponent></RSAKeyValue></KeyValue></KeyInfo><Object><SignatureProperties><SignatureProperty Id="OpenESignForms_Seal_ID" Target="OpenESignForms_Seal"><OpenESignForms_XmlDigitalSignatureSeal DeploymentId="b6b88d6c-bbbc-40a0-8c16-b9cbad9b8ee9" HostAddress="192.168.1.10" HostName="DavidHP2009" Timestamp="2011-02-23T14:09:06-08:00" Version="0.8.7_0223"/></SignatureProperty></SignatureProperties></Object></Signature></onerootonly>
This explains the XML digital signature in a bit more detail:
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!-- The XML digital signature encompasses everything in the
root element <onerootonly> except for the <Signature> element itself,
though the <SignatureProperty> is included. -->
<onerootonly>
<myxml>my xml data</myxml>
<needRoot>some root</needRoot>
<!-- Standard XML Digital Signature inserted into the XML data via Open eSignForms -->
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#" Id="OpenESignForms_Seal">
<SignedInfo>
<!-- Uniform XML formatting before signature is applied -->
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
<!-- We use 2048-bit RSA public/private keypairs, managed by the server, with encrypted private key storage.
While the digital signature is currently limited to SHA1, we do use SHA-256 for data digests -->
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<!-- The "empty" URI points to the root element, in this case <onerootonly>,
and its contents in full -->
<Reference URI="">
<Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></Transforms>
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<DigestValue>GWV+f3kPfE70H+5hqSHK4l4Qj7IOdxxY1J0qgX2ivQQ=</DigestValue>
</Reference>
<!-- We include extra deployment identifiers regarding the generating system -->
<Reference URI="#OpenESignForms_Seal_ID">
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<DigestValue>TfXGCUKsxSc6UzDN3rF/lS7I8IIaFoDTTGqLhtj76lk=</DigestValue>
</Reference>
</SignedInfo>
<!-- This is the actual digital signature created across the above
two References (the XML root element as well as the Open eSignForms Seal) -->
<SignatureValue>YTttBYx7BHT5uVN41OMKApdic8OeQzEQV8fhPEgHDT3W4Hsat8Lyiff84j8RPNAsUFWjjeXtmEJD
Z/ewQrgye0V8Db/Q/dTXAJiOD88b+bXok/l6zK8EW+sNW02+XCM2LeUS6Wo30Jghddtw6Y9pwRly
vwBEbFuKzMDpXjkWnVY8iBuyRtoDUEAgkg281QwqsPZXQWHmGTBqaMjAvl+1Kg+lYo3YEnhHbP+W
UoPYPVR/DBs/jgDnzUSE5PaLbT7JLeJE/1mBxCorxNnNHhfijGqF+VkNxUaxotlUC9mPWr/FaWUW
0aG13oPdcOo0+U7uahVcCbsonEfKzSkAM6YLQQ==</SignatureValue>
<!-- The public key that can verify the digital signature,
along with its assigned UUID which also points to the
private key used to create the signature -->
<KeyInfo>
<KeyName>ac6186d4-e5f0-43ba-96e5-44f5e96e504d</KeyName>
<KeyValue><RSAKeyValue>
<Modulus>3nIDqFP4KfGv8Wft+9IRIoOkSm/DQwdgFQZdK1lLBXGqlfhQ99Nven21sHaNHchEbOACSc+Eu3I5
6YT7BaDl9Bf851eg6uhbir/JA2cWn5ANaN+TN1s1F6Ircuk77ST2AVwhzDhSZdBVWg3qmv1On2p2
QWWElGBXrW1UDxl3auKdibkTxqe5kZMaB4juWzvajz4JcdmGJs0AjpXUBLWdltXWDEzpIH3rPbZk
gBxSqlynaiKjXiNNkr2TWL3uOnlwJ3qkqgeJQTavVN9DkzkWWTm3UH0RQW8XhfXYFJa9iauLQ3c1
srFORgaSH1QmuNKdX/0N9mYbetGIVUrfSdultw==</Modulus>
<Exponent>AQAB</Exponent>
</RSAKeyValue></KeyValue>
</KeyInfo>
<!-- Standard extension for the Open eSignForms XML Digital Signature Seal.
Includes the deployment UUID of the instance of Open eSignForms that created the signature.
It also includes the Host TCP/IP name and address, along with the timestamp and version of the
software used when it was signed. -->
<Object><SignatureProperties>
<SignatureProperty Id="OpenESignForms_Seal_ID" Target="OpenESignForms_Seal">
<OpenESignForms_XmlDigitalSignatureSeal
DeploymentId="b6b88d6c-bbbc-40a0-8c16-b9cbad9b8ee9"
HostAddress="192.168.1.10"
HostName="DavidHP2009"
Timestamp="2011-02-23T14:09:06-08:00"
Version="0.8.7_0223"
/>
</SignatureProperty>
</SignatureProperties></Object>
</Signature>
</onerootonly>