Digital Signature
XML digital signature operations for secure document signing and validation.
Digital Signature
XML digital signature operations for document signing and validation using digital certificates. Supports standard XML signatures and WSSE signing modes. Compatible with Kazakhstan PKI infrastructure.
Available Operations
- Sign: Digital signature of XML documents with certificate authentication
- Validate: Signature verification and document integrity checking
Connection Configuration
| Parameter | Type | Required | Description |
|---|---|---|---|
digitalSignBaseUrl | TEXT | Yes | Base URL of the digital signature service |
{
"digitalSignBaseUrl": "{{ctx.consts.DIGITAL_SIGN_BASE_URL}}"
}Operations
signXml
Signs XML data using a digital certificate with optional WSSE mode support.
| Parameter | Type | Required | Description |
|---|---|---|---|
xmlString | TEXT | Yes | XML data to be signed |
keystoreEnvPrefix | TEXT | Yes | Environment variable prefix for certificate file path and password |
wsseMode | BOOLEAN | No | Enable WSSE mode for signing (default: false) |
{
"xmlString": "{{ctx.vars.documentXml}}",
"keystoreEnvPrefix": "{{ctx.consts.CERT_PREFIX}}",
"wsseMode": true
}Environment Variables:
{prefix}_KEYSTORE_PATH: Path to certificate keystore file{prefix}_KEYSTORE_PASSWORD: Password for keystore access
Certificate Sources:
- Kazakhstan PKI infrastructure for government compliance
- Enterprise certificate authorities for internal operations
Response:
{
"signedXml": "<SignedDocument xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\">...</SignedDocument>",
"success": true,
"certificateInfo": {
"issuer": "Certificate Authority Name",
"subject": "Document Signer",
"validFrom": "2024-01-01",
"validTo": "2025-01-01"
}
}validateXml
Validates a digitally signed XML document for authenticity and integrity verification.
| Parameter | Type | Required | Description |
|---|---|---|---|
signedXml | TEXT | Yes | Signed XML document to validate |
{
"signedXml": "{{ctx.nodes.documentSigner.outputs.signedXml}}"
}Response:
{
"isValid": true,
"signatureValid": true,
"certificateValid": true,
"certificateInfo": {
"issuer": "Certificate Authority Name",
"subject": "Document Signer",
"validFrom": "2024-01-01",
"validTo": "2025-01-01"
},
"validationTimestamp": "2024-12-19T10:30:00Z"
}Workflow Integration
Use workflow context to manage certificate and document flow:
{
"xmlString": "{{ctx.nodes.xmlGenerator.outputs.document}}",
"keystoreEnvPrefix": "{{ctx.consts.SIGNATURE_CERT_PREFIX}}",
"wsseMode": "{{ctx.vars.requireWSSE}}"
}WSSE Mode
When wsseMode is enabled, the signing process follows Web Services Security Extensions standards:
- Adds WS-Security headers to XML
- Includes creation and expiration timestamps
- Embeds certificate information
- Provides additional protection for web services
Certificate Setup
- Obtain Certificate: Get digital certificate from Kazakhstan PKI or enterprise CA
- Install Certificate: Place keystore file in secure environment location
- Configure Environment: Set certificate path and password variables
- Test Signing: Verify certificate works with sample XML document
Response Format
Success Response
{
"success": true,
"signedXml": "<SignedDocument>...</SignedDocument>",
"certificateInfo": {
"issuer": "NCA (National Certification Authority)",
"subject": "CN=John Doe, O=Company",
"validFrom": "2024-01-01",
"validTo": "2025-01-01"
}
}Error Response
{
"success": false,
"error": "Certificate not found or invalid password",
"code": "CERTIFICATE_ERROR"
}Use Cases
- Government document signing: Official forms and regulatory submissions
- Contract management: Digitally sign business contracts and agreements
- Compliance workflows: Meet digital signature requirements for legal processes
- Document integrity: Ensure tamper-proof document transmission and storage
- SOAP web services: Secure API communications with WSSE signatures