This page is used to configure the XML/XAdES signature settings that will be used by the Go>Sign Desktop/applet:



The configuration items are as follows:

Items

Description

XML Signature Settings

A mandatory field to select the XML signature type that will be produced by this profile. See the Supported Signature Types section for more details for the types of signatures supported by Go>Sign Service. 

Signature/Document Relationship

This field defines how the signature will be placed in the signed XML i.e. is one inside the other or do they placed separately. Following are the supported relationships:

  • Enveloping
  • Enveloped

Hashing Algorithm

The selected hashing algorithm is used as part of the signature generation process. Following are the supported hashing algorithms:

  • SHA1
  • SHA2 (SHA224, SHA256, SHA384, SHA512)

Encrypt XML after Signing

Enable this attribute to encrypt the xml element e.g. PayLoad

XML Part Signing

This defines how a specific element can be signed in the XML document. Element can be defined individually or via XPath. Multiple signing elements can also be added. XPath uses path expressions to select nodes or node-sets in an XML document. XPath uses path expressions to navigate in XML documents. XPath can be set in number of ways. 

If checkbox is enabled and the system is unable to find the defined XML signing element then it will return an error. If signature/document relationship is Enveloped then XML part signing settings should be enabled.

Xpath Examples:

/root/books/author

//publisher

EPES Signatures

Explicit Policy Based Electronic (EPES) signature settings are only available for the XAdES Signature types. By enabling the check box Add Signature Policy Identifier, the Go>Sign profile can be used to produce (EPES) signatures where a signature policy OID, URI and user notice are added in the digital signature as specified below.

1. Signature Policy Object ID

Provide the Signature Policy OID to be added for EPES signatures.

2. Signature Policy URI

Provide the Signature Policy URI to be added for EPES signatures. If there is no Policy URI defined inside the Go>Sign profile then EPES configurations should be made in policy.properties file located at: [ADSS Installation Directory]/service/

Open this file in any text editor and enter policy OID and path to the policy document

e.g. 1.2.3.4.5 = "F:/Policy_File"

The ADSS Go>Sign Service can retrieve the signature policy document in either one of the following ways:


  • Using Policy URI defined in Go>Sign profile. The ADSS Go>Sign Service will use this policy URI to retrieve the online available policy document and its hash value will be calculated and embedded in the signed properties of the signature.
  • Using locally configured signature policy document. The ADSS Go>Sign Service will use this text file pointer to retrieve the locally saved policy document, hash and embed it in the signed properties of the signature.


3. Signature Policy User Notice

Provide the user notice to be added to the EPES signatures.

Clicking the Next button will display the Key Store Settings page.


See also

PDF/PAdES Signing Attributes

PDF/PAdES Hash Signing Attributes
CMS/CAdES Signing Attributes
MS Office Signing Attributes