Verification of XML DSIG signatures

Verification of XML DSIG signatures has to be performed by the application. Verification can be performed in two flavors:
Include the signature API request together with the received message

Figure 1. Signature verification together with the received message
Figure showing signature verification together with the received message
  •  1  MSIF receives the message which is then passed to the application ( 2 ).
  •  3  The application creates a signature API request (containing the signature) together with the MSIF ReceiveMsg request.
  •  4  The message is passed to the signature API.
  •  5  The signature API uses the SAG to verify the signature.
  •  6  The message with the generated verification result is returned back to the application. The application can verify the digest calculated over the business data with the received digest in the signature.
Verification of signatures using the signature API

Figure 2. Signature verification using the signature API
Figure showing signature verification using the signature API
  •  1  MSIF receives a message or file which is then passed to the application ( 2 ).
  •  3  The application creates a signature API request containing the signature.
  •  4  The request is passed to the signature API.
  •  5  The signature API uses the SAG to verify the signature.
  •  6  The generated verification result is returned back to the application.
  •  7  The application verifies the digest calculated over the business data with the received digest in the signature.