I have an XML document having structure similar to the following
<envelop>
<header>blaa</header>
<message>blaa blaa</message>
<footer></footer>
</envelop>
I want to digitally sign the header and message elements and add the signature to the footer element.
How can I sign the elements and then later verify the signature (using .net c#) ?
You should be able to add an XPath-Transform to the Signature. It should look something like this:
<Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
<XPath xmlns:dsig="&dsig;">
...
</XPath>
</Transform>
I am not fluent in XPath, but it should be easy to formulate an XPath-expression that excludes the Footer-element. (But note that XPath is an optional part of XML-DSIG, so not all implementations may support it).
Alternatively, if you could restructure your document to be
<envelop>
<header>blaa</header>
<message>blaa blaa</message>
<Signature></Signature>
</envelop>
or
<envelop>
<signedEnvelope>
<header>blaa</header>
<message>blaa blaa</message>
</signedEnvelope>
<Signature></Signature>
</envelop>
you could handle it by using an Enveloped Signature Transform (first case) or by signing the signedEnvelope element (second case).