<ReferenceList>
This section discusses the <ReferenceList> element, when used as a child of <Security> in the message header. When <ReferenceList> is used in this way, it is possible to perform encryption before signing. The following shows an example of this element:
<ReferenceList xmlns="http://www.w3.org/2001/04/xmlenc#">
<DataReference URI="#Enc-358FB189-81B3-465D-AFEC-BC28A92B179C"></DataReference>
<DataReference URI="#Enc-9EF5CCE4-CF43-407F-921D-931B5159672D"></DataReference>
</ReferenceList>
Details
In each <DataReference> element, the URI attribute points to the Id attribute of an <EncryptedData> element elsewhere in the message.
When you use a top-level <ReferenceList> element, the details are different for <EncryptedKey> and <EncryptedData>, as follows:
Scenario |
<EncryptedKey> |
<EncryptedData> |
<EncryptedKey> contains pointer to <EncryptedData> |
Includes <KeyInfo> (same for all associated <EncryptedData> elements) |
Does not include <KeyInfo> |
Top-level <ReferenceList> element contains pointer to <EncryptedData> |
Does not include <KeyInfo> |
Includes <KeyInfo> (potentially different for each <EncryptedData> element. |
Position in Message
Within <Security>, a <ReferenceList> element should be included after the associated <EncryptedKey>.