Using the XMLSign Tool [Office 2003 SDK Documentation]
The XMLSign tool digitally signs an XML expansion pack manifest file. In Office 2003 Service Pack (SP) 1 it changed to a command line tool and supports time stamps for the XML digital signature on an XML expansion pack manifest file.
Using XMLSign in Office 2003
To use the XMLSign tool to digitally sign an XML expansion pack manifest file:
Start XMLSign.
Click Browse (the button containing the ellipsis) next to XML File.
Locate the XML expansion pack manifest file that you want to sign, and then click Open.
Click Load XML.
From the Stores list, select the certificate store that you want to use.
From the Certificate list, select the certificate that you want to use.
In the XML document tree view, right-click the manifest node, and click Append Signature.
Click Sign XML.
In the File name box, you will see a suggested name for the XML expansion pack manifest file, for example, <original name>_signed.xml.
Click Save, and then Click OK.
You now have a signed version of the XML expansion pack manifest file in the same directory as the unsigned one.
Note You can verify a signature by clicking Verify or view a certificate by clicking Show Cert.
Using XMLSign in Microsoft Office 2003 Service Pack 1
In Office 2003 SP 1, XMLSign now is a command line tool that supports the following options and arguments, similar to the set of options exposed by the Sign Code tool. This updated version of XMLSign incorporates support for time stamps for the XML digital signature on your XML expansion pack manifest file:
| xmlsign [options] filename |
|---|
| Argument | Description |
|---|---|
| filename | The name of the manifest file to sign. |
| Option | Description |
|---|---|
| -ch | Display information for all certificate chains used in the signature. |
| -cnname | Specifies the common name of the certificate in the certificate store. |
| -g | Show the standard certificate information dialog. |
| -Gui | Displays the user interface included with the original release of the Smart Document SDK.
Important You cannot use this user interface to add a time stamp to the XML signature on the XML expansion pack manifest file. |
| -kkeyname | Specifies the key container name. |
| -nlevel | Specifies the level of information to display about the signing certificate.
|
| -pprovider | Specifies the name of the cryptographic provider on the system. |
| -sstore | Specifies the certificate store that contains the signing certificate. The default is my store. |
| -spcfile | Specifies the software publisher certificate (SPC) file that contains software publishing certificates. |
| -tURL | Indicates that the file is to have a time stamp by the time-stamp server at the specified address (e.g. http://timestamp.verisign.com/scripts/timestamp.dll ). |
| -vpvkFile | Specifies the private key (.pvk) file name that contains the private key. |
| -y | Verifies the signature in the specified file. |
Remarks
To sign with a software publisher certificate (SPC) file, you must specify the -spc and -v options if your private key is in a .PVK file. If your private key is in a registry key container, you must specify the -spc and -k options.
Examples
The following command signs a manifest file using an SPC and a private key from the the registry key container.
xmlsign -spc XYZ.spc -k XYZ manifestXYZ.xmlThe following command signs the manifest file using a certificate andprivate key.
xmlsign -spc manifestXYZ.spc -v manifestXYZ.pvk manifestXYZ.xmlThe following command signs a manifest file using a nCipher certificate and a private key in a registry key container.
xmlsign -c manifestXYZ.cer -k manifestXYZ -p "nCipher Enhanced Cryptographic Provider" manifestXYZ.xml