Detached XML signature
Detached digital signatures are signatures that can be separated from the signed resource, and that leave the resource in its original state. Detached XML digital signatures are commonly used to sign resources that are not XML documents. The resource and the signature are separate, and both the resource and the digital signature must be transferred together. document at all. An XML detached signature refers to, and signs, either a resource that is a sibling element within the same document as the signature or a resource that is not part of the same XML
For example, a government agency posts a Request For Proposal (RFP) on its main Web site and digitally signs the Web page containing the RFP, with a detached XML signature. The digital signature is made available for public download, which serves to confirm that the entity that created the Web page is the same entity that signed the page. Users can be confident that the Web page is trusted, and that the RFP has not been changed.
<?xml version="1.0" encoding="UTF-8"?><dsig:Signature Id="Signature001" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> <dsig:SignedInfo> <dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2000/WDxml-c14n-20001011" /> <dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /> <dsig:Reference URI="http://host/signedData.xml"> <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <dsig:DigestValue>TzxBrkGelVFeAU8JPqe6K07VTPU=</dsig:DigestValue> </dsig:Reference> </dsig:SignedInfo> <dsig:SignatureValue>OPU6zWU9l+36NjKHN9 .... NcBSufciuI=</dsig:SignatureValue> <dsig:KeyInfo> <dsig:KeyValue> <dsig:RSAKeyValue> <dsig:Modulus>3PV+BoAm9hmXLkTSViVm ... Ysq2smyqgGok=</dsig:Modulus> <dsig:Exponent>AQAB</dsig:Exponent> </dsig:RSAKeyValue> </dsig:KeyValue> <dsig:X509Data> <dsig:X509SubjectName>cn=RFPsigner Test4,o=GovAgency,c=CA</dsig:X509SubjectName> <dsig:X509Certificate>MIIC1jCCAj+gAwI ... z3VRdkpDqjBNA==</dsig:X509Certificate> </dsig:X509Data> </dsig:KeyInfo></dsig:Signature>