Online XML Digital Signature Verifier

The Online XML Digital Signature Verifier verifies XML documents signed using XML-DSIG.

This version was first published in November 2022 (updated 2023-07-18). It is a replacement for the original previously here but sadly retired as of October 2022. See Acknowledgements.

You can copy/paste your XML data or upload a file.

In general you must include a <KeyValue>/<RSAKeyValue> element in the <KeyInfo> element unless the signing certificate has been issued by a supported CA certificate (below). For more details, see The KeyInfo element.

See Troubleshooting problems on the 'Online XML Digital Signature Verifier' for more help in interpreting results and fixing problems, and some examples.

Supported CA certificates

The following CA certificates are supported:

1. lamps-ca.rsa.cer from [RFC9216]
2. CarlRSASelf.cer from [RFC4134]

If you use one of the following signing certificate/private key pairs to sign an XML-DSIG document you do not need to provide a <RSAKeyValue> element - just a <X509Certificate> element is sufficient.

• lamps-alice.cer and lamps-alice.p8
• lamps-bob.cer and lamps-bob.p8
• AliceRSASignByCarl.cer and AlicePrivRSASign.p8

Download the above files in various binary/PEM formats as a zip file.

See also

• Signing XML documents using XMLDSIG (Part 3) - a general treatment of XML-DSIG with examples
  • XML-DSIG signing with CryptoSys PKI and SC14N
• Signing XML documents using XMLDSIG (Part 2) - example of an enveloped signature
• Signing XML documents using XMLDSIG (Part 1) - example of an enveloping signature
• Canonicalization of an XML document
  • SC14N, a straightforward XML canonicalization utility

Acknowledgements

The Online XML Digital Signature Verifier is based on

XML Security Library (xmlsec) | libXML2 | OpenSSL

in particular the xmlsec1 library under License.

Updated July 2023

2023-07-18. After changing servers to a new 64-bit platform, we have updated from using the code in xmldsigverify.c to just using the verify command in the xmlsec1 library. This results in slightly different output than before, so you will see "OK" and "FAIL" instead of "RESULT: Signature is OK" and "RESULT: Signature is INVALID".

References

• [XML-DSIG] XML-Signature Syntax and Processing Version 1.1, W3C Recommendation 11 April 2013, <http://www.w3.org/TR/xmldsig-core/>. Version 1.0 republished as:
  • [RFC3275] RFC 3275, XML-Signature Syntax and Processing, D. Eastlake 3rd, J. Reagle, D. Solo, March 2002.
• [RFC4134] RFC 4134, Examples of S/MIME Messages, P. Hoffman (ed), July 2005.
• [RFC9216] RFC 9216, S/MIME Example Keys and Certificates, D. K. Gillmor (ed), April 2022.
• [XML-SIG-WG] XML Signature Working Group, <http://www.w3.org/Signature/>

Contact

Any comments, feedback, questions: please send us a message.

This page first published 15 November 2022. Last updated 18 July 2023.

Copyright © 2022-23 DI Management Services Pty Limited ABN 78 083 210 584 Australia.
www.di-mgt.com.au. All rights reserved.

Home | Services | About Us | Projects | Links | Cryptography | CryptoSys Tools | CryptoSys PKI | DBXanalyzer | BigDigits | Mathematics | Wclock | Su Doku | About This Site | Contact | Email Us