In this chapter, the following namespace prefixes are used for the sake of brevity: xmlns:ds='http://www.w3.org/2000/09/xmldsig#' xmlns:enc='http://www.w3.org/2001/04/xmlenc#' xmlns:dsm='http://www.w3.org/2001/04/xmldsig-more#' The syntax for KeyInfo, as defined in XMLDSIG, follows: <!-- XMLDSIG KeyInfo DTD --> <!ELEMENT KeyInfo (#PCDATA|KeyName|KeyValue|RetrievalMethod| X509Data|PGPData|SPKIData|MgmtData %KeyInfo.ANY;)* > <!ATTLIST KeyInfo Id ID #IMPLIED > In schema notation, it has the following form: <!-- KeyInfo schema --> <element name="KeyInfo" type="ds:KeyInfoType"/> <complexType name="KeyInfoType" mixed="true"> <choice maxOccurs="unbounded"> <element ref="ds:KeyName"/> <element ref="ds:KeyValue"/> <element ref="ds:RetrievalMethod"/> <element ref="ds:X509Data"/> <element ref="ds:PGPData"/> <element ref="ds:SPKIData"/> <element ref="ds:MgmtData"/> <any processContents="lax" namespace="##other"/> <!-- (1,1) elements from (0,unbounded) namespaces --> </choice> <attribute name="Id" type="ID" use="optional"/> </complexType> XML Encryption extends this definition to include the EncryptedKey and AgreementMethod optional children of KeyInfo. Although defined in connection with encryption, these elements can also be used for a signature if the sender and recipient support them. As expanded by XML Encryption, the KeyInfo DTD would be something like the following: <!-- Extended KeyInfo DTD --> <!ELEMENT KeyInfo (#PCDATA|KeyName|KeyValue|RetrievalMethod| X509Data|PGPData|SPKIData|MgmtData| EncryptedKey|AgreementMethod| %KeyInfo.ANY;)* > <!ATTLIST KeyInfo Id ID #IMPLIED > In schema notation, the extended KeyInfo looks like this: <!-- Extended KeyInfo schema --> <element name="KeyInfo" type="ds:KeyInfoType"/> <complexType name="KeyInfoType" mixed="true"> <choice maxOccurs="unbounded"> <element ref="ds:KeyName"/> <element ref="ds:KeyValue"/> <element ref="ds:RetrievalMethod"/> <element ref="ds:X509Data"/> <element ref="ds:PGPData"/> <element ref="ds:SPKIData"/> <element ref="ds:MgmtData"/> <element ref="enc:AgreementMethod"/> <element ref="enc:EncryptedKey"/> <any processContents="lax" namespace="##other"/> <!-- (1,1) elements from (0,unbounded) namespaces --> </choice> <attribute name="Id" type="ID" use="optional"/> </complexType> |