createKeyFromNode Method
[This feature was implemented for MSXML 5.0 for Microsoft Office Applications. XML digital signatures are not supported in MXSML 6.0 and later.]
Generates a key object from the DOM node corresponding to the <ds:KeyInfo>
and one of its descendant elements. The createKeyFromNode
method is used to acquire the public key for signature verification.
Script Syntax
var objKey = objXMLDigitalSignature.createKeyFromNode(node);
Visual Basic Syntax
Set objKey = objXMLDigitalSignature.createKeyFromNode
(node)
C/C++ Syntax Using Smart Pointers
IXMLDSigKeyPtr objKey=IXMLDigitalSignature->createKeyFromNode(node);
C/C++ Syntax
HRESULT createKeyFromNode (
IXMLDOMNode* node,
IXMLDSigKey** objKey);
Parameters
node[in]
An XML DOM node corresponding to a child element of the <ds:KeyInfo>
element. For more information, see the Remarks section below.
objKey[out]
In C/C++, this is a reference to the resultant key object implementing the IXMLDSigKey
interface. In Visual Basic, scripting languages, and C/C++ with smart pointers, this is the key object itself.
Return Values
This method returns the standard CryptoAPI return values, including the following:
S_OK
The key object was created successfully.
E_FAIL
The key object could not be created. Possible reasons include that the <ds:KeyInfo>
node contained insufficient information, or the caller was not authorized.
E_ACCESSDENIED
The key object could not be created because the user does not have access to the security item.
Remarks
The actions performed by createKeyFromNode
during key generation depend on the input node. This method can use any of the following types of nodes to create the key.
Input node | Actions performed |
---|---|
<ds:KeyValue> |
Searches for the <ds:DSAKeyValue> or <ds:RSAKeyValue> node. |
<ds:DSAKeyValue> |
Loads the DSA key. |
<ds:RSAKeyValue> |
Loads the RSA key. |
<ds:X509Data> |
Searches for the <ds:X509Certificate> node. |
<ds:X509Certificate> |
Loads the X509 certificate, extracts the embedded key, and loads it into the calling application. |
<ds:RetrievalMethod> |
Obtains additional key information based, on the URI and the transformation specified. |
The resultant key object does not contain any certificate information. Calling IXMLDSigKey::getStore
or IXMLDSigKeyEx::getStoreHandle
on this key object will result in NULL.
An error occurs when the input node is a <ds:KeyInfo>
element containing any X509 certificates, either explicitly (by way of <ds:X509Certificate>)
, or implicitly (by way of <ds:RetrievalMethod>
). In this case, calling IXMLDSigKey::getStore
or IXMLDSigKeyEx::getStoreHandle
on the resultant key object will return an IStore
object or a memory store object containing the certificates.
Example
This example illustrates how to verify a signature on signed data. The example uses the createKeyFromNode
method to obtain the signature. We've provided source files for the sample in three languages: JScript, Visual Basic, and C++. The output is the same in each language.
Applies to
IXMLDigitalSignature | IXMLDigitalSignatureEx
Versioning
MSXML 5.0 for Microsoft Office Applications and later