Your application should perform the following steps to create a detached XML signature using the toolkit.

Logging the user
Logging the user
Initializing the IXSIL library
Creating the signer
Selecting the canonicalization algorithm
Selecting the signature algorithm
Referencing the signed data
Selecting the digest algorithm
Adding key information
Adding the KeyInfo element
Generating the signature

Logging the user

Log in the user with the selected credentials.

user.login(credReader, <password>);

Logging the user

Instantiate a source for the keys and certificates using a com.entrust.toolkit.KeyAndCertificateSource object.

user.login(credReader, <password>);

Provide a signing key and verification certificate.

PrivateKey pk = user.getSigningKey();
X509Certificate cert = user.getVerificationCertificate();

Set the signing key and the verification certificate.

keySource.setSigningInfo(pk, cert);

Initializing the IXSIL library

Retrieve the init.properties file and initialize the IXSIL library.

iaik.ixsil.util.URI initProps = new URI(<init_properties_file_URI>);
IXSILInit.init(initProps);

Refer to the readme file for more information on editing the init.properties file.

etjava\examples\source\com\entrust\toolkit\examples\xml\xml_readme.html

Refer also to the Javadoc documentation of the following class.

iaik.ixsil.init.IXSILInit

Creating the signer

Create a Signer object to represent an XML document.

Signer signer = new Signer(<absolute_URI_of_data_to_sign>);

Create a SignerSignature object to represent the <Signature> element of the XML document.

SignerSignature signature = signer.getSignature();

Set the ID attribute of the <Signature> element.

signature.setId("Signature001");

Create an object to represent the <SignedInfo> element of the XML signature.

SignerSignedInfo signedInfo = signature.getSignerSignedInfo();

Selecting the canonicalization algorithm

Use the following class to specify the canonicalization algorithm for the signature.

iaik.ixsil.algorithms.CanonicalizationAlgorithmImplCanonicalXML

Create a new instance.

CanonicalizationAlgorithmImplCanonicalXML c14nAlg = new CanonicalizationAlgorithmImplCanonicalXML();

Set the algorithm URI.

c14nAlg.setURI(new URI("http://www.w3.org/TR/2000/WD-xml-c14n-20000907"));

Set the canonicalization algorithm.

signedInfo.setCanonicalizationAlgorithm(c14nAlg);

Selecting the signature algorithm

Specify and set the signature algorithm using the following classes.

iaik.ixsil.algorithms.SignatureAlgorithmImplDSA
iaik.ixsil.algorithms.SignatureAlgorithmImplRSA
iaik.ixsil.algorithms.SignatureAlgorithm

Instantiate a signature algorithm of the appropriate kind and set the corresponding URI.

SignatureAlgorithm signatureAlg = null ;
PrivateKey privatekey = keySource.getSigningKey();
if(privatekey.getAlgorithm().equals("DSA"))
{
  signatureAlg = new SignatureAlgorithmImplDSA();
  signatureAlg.setURI(new URI("http://www.w3.org/2000/09/xmldsig#dsa-sha1"));
}
else
{
  signatureAlg = new SignatureAlgorithmImplRSA();
  signatureAlg.setURI(new URI("http://www.w3.org/2000/09/xmldsig#rsa-sha1"));
}

Set the private key.

signatureAlg.setSignerKey(privatekey);

Set the algorithm.

signedInfo.setSignatureAlgorithm(signatureAlg);

Referencing the signed data

Create a reference to the resource you want to sign.

SignerReference firstRef = signedInfo.createReference();

Set a reference URI.

URI baseURI = new URI(uriTobeSigned);
firstRef.setURI(baseURI);

Selecting the digest algorithm

Create a new instance of the digest algorithm.

DigestAlgorithmImplSHA1 digestAlg1 = new DigestAlgorithmImplSHA1();

Set the URI of the digest algorithm.

digestAlg1.setURI(new URI("http://www.w3.org/2000/09/xmldsig#sha1"));

Set the digest algorithm.

firstRef.setDigestAlgorithm(digestAlg1);

Add the resource reference to the signature.

signedInfo.addReference(firstRef);

Adding key information

Instantiate a key manager.

Document signatureDOMDoc = signer.toDocument();
KeyManagerImpl keyManager = new KeyManagerImpl(signatureDOMDoc);

Create and configure a KeyInfo provider for the X509Data clause.

KeyProviderImplX509Data keyProviderX509Data = new KeyProviderImplX509Data(signatureDOMDoc);

Include the user's verification certificate in the <KeyInfo> element.

X509Certificate certificate = keySource.getVerificationCertificate();
X509Data x509 = new X509Data();
x509.insertHintAt(certificate, 0) ;

Include the user's distinguished name in the <KeyInfo> element.

X509SubjectName x509Name = new X509SubjectName((Name) certificate.getSubjectDN());
x509.insertHintAt(x509Name, 0);
keyProviderX509Data.insertX509DataAt(x509, 0);

Create and configure a KeyInfo provider for the KeyValue clause.

KeyProviderImplKeyValue keyProviderKeyValue = new KeyProviderImplKeyValue(signatureDOMDoc);
keyProviderKeyValue.setVerifierKey(certificate.getPublicKey());

Add any of these KeyInfo providers.

keyManager.addKeyProvider(keyProviderKeyValue);
keyManager.addKeyProvider(keyProviderX509Data);

Set the signature's key manager.

signer.getSignature().setKeyManager((SignerKeyManager) keyManager);

Adding the KeyInfo element

If your application supports non-repudiation of XML digital signatures, create a reference for the <KeyInfo> element.

SignerReference ref = signedInfo.createReference();

Identify the <KeyInfo> element reference with a URI.

String keyInfoId = keyManager.getId();
ref.setURI(new URI(null, null, null, null, keyInfoId));

Add the <KeyInfo> element reference to the resources to be signed.

signedInfo.addReference(ref);

Generating the signature

Calculate the signature value.

signer.getSignature().sign();

Return the signed document to complete the procedure.

return signer.toDocument();