Skip to main content

<ReferenceList>

<ReferenceList>

This section discusses the <ReferenceList> element, when used as a child of <Security> in the message header. When <ReferenceList> is used in this way, it is possible to perform encryption before signing. The following shows an example of this element:

<ReferenceList xmlns="http://www.w3.org/2001/04/xmlenc#">
   <DataReference URI="#Enc-358FB189-81B3-465D-AFEC-BC28A92B179C"></DataReference>
   <DataReference URI="#Enc-9EF5CCE4-CF43-407F-921D-931B5159672D"></DataReference>
</ReferenceList>

Details

In each <DataReference> element, the URI attribute points to the Id attribute of an <EncryptedData> element elsewhere in the message.

When you use a top-level <ReferenceList> element, the details are different for <EncryptedKey> and <EncryptedData>, as follows:

Scenario <EncryptedKey> <EncryptedData>
<EncryptedKey> contains pointer to <EncryptedData> Includes <KeyInfo> (same for all associated <EncryptedData> elements) Does not include <KeyInfo>
Top-level <ReferenceList> element contains pointer to <EncryptedData> Does not include <KeyInfo> Includes <KeyInfo> (potentially different for each <EncryptedData> element.

Position in Message

Within <Security>, a <ReferenceList> element should be included after the associated <EncryptedKey>.

FeedbackOpens in a new tab