Enveloping XML signature

XML enveloping signatures embed signed content into the XML <Signature> element. The main XML document contains the signature itself and encloses the XML document. Within an XML document, an XML enveloping signature refers to, and signs, a resource that is a child element of the XML signature.

For example, a person is treated in a hospital for a chronic illness. When the patient is released from the hospital, the doctor writes a medical report and uses an enveloping digital signature to sign the information. The patient returns to the hospital several weeks later and is treated by a different doctor. When the patient is released, the doctor adds new information to the patient's medical history and uses an enveloping digital signature to sign only the new information. Using an enveloping digital signature, new information can be written at different times by different medical professionals, each signing only the medical records relevant to the patient's care.

<?xml version="1.0" encoding="UTF-8"?>
<RootElement>
    <dsig:Signature Id="Signature001" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
        <dsig:SignedInfo>
            <dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2000/WD-xml-c14n-20001011" />
            <dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
            <dsig:Reference URI="#Resource1">
                <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                <dsig:DigestValue>eFvCUOLuDDLjzxhNj5VKyikMHxY=</dsig:DigestValue>
            </dsig:Reference>
        </dsig:SignedInfo>
        <dsig:SignatureValue>xig/yjr0niDzhEH ...T3jo84oRvk=</dsig:SignatureValue>
        <dsig:KeyInfo>
            <dsig:KeyValue>
                <dsig:RSAKeyValue>
                    <dsig:Modulus>3PV+BoAm9hmXLkTS ... Ysq2smyqgGok=</dsig:Modulus>
                    <dsig:Exponent>AQAB</dsig:Exponent>
                </dsig:RSAKeyValue>
            </dsig:KeyValue>
            <dsig:X509Data>
                <dsig:X509SubjectName>cn=Henry Jekyll,c=UK</dsig:X509SubjectName>
                <dsig:X509Certificate>MIIC1jCCAj+gAwIBA ...3VRdkpDqjBNA==</dsig:X509Certificate>
            </dsig:X509Data>
        </dsig:KeyInfo>
        <dsig:Object Id="Resource1">
            <document_element>
                <text>
                    <child_of_text>Medical history report by Dr. Jekyll.</child_of_text>
                </text>
            </document_element>
        </dsig:Object>
    </dsig:Signature>
    <dsig:Signature Id="Signature002" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
        <dsig:SignedInfo>
            <dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2000/WD-xml-c14n-20001011" />
            <dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
            <dsig:Reference URI="#Resource2">
                <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                <dsig:DigestValue>UwBLevgw378Jyt6noa+HNW6aD8A=</dsig:DigestValue>
            </dsig:Reference>
        </dsig:SignedInfo>
        <dsig:SignatureValue>hZ9a7YlH93Jr3 ...Rb6pNZfJMIU=</dsig:SignatureValue>
        <dsig:KeyInfo>
            <dsig:KeyValue>
                <dsig:RSAKeyValue>
                    <dsig:Modulus>3PV+BoAm9hmXLk ... sq2smyqgGok=</dsig:Modulus>
                    <dsig:Exponent>AQAB</dsig:Exponent>
                </dsig:RSAKeyValue>
            </dsig:KeyValue>
            <dsig:X509Data>
                <dsig:X509SubjectName>cn=Edward Hyde, c=UK</dsig:X509SubjectName>
                <dsig:X509Certificate>MIIC1jCCAj+gAwI ...gz3VRdkpDqjBNA==</dsig:X509Certificate>
            </dsig:X509Data>
        </dsig:KeyInfo>
        <dsig:Object Id="Resource2">
            <document_element>
                <text>
                    <child_of_text>Medical history report by Dr. Hyde.</child_of_text>
                </text>
            </document_element>
        </dsig:Object>
    </dsig:Signature>
</RootElement>