Created attachment 37795 [details] Sample documents and code I sign a Word document containing a hyperlink with POI/OPC SignatureInfo.confirmSignature(). SignatureInfo.verifySignature() returns true/successfully verified. However, when the signed document is opened with MS Word, Word reports the signature status as 'Partial signatures'. If the document is signed with MS Word (MSO Version 2102), Word reports the status as 'Valid signatures'. Comparing the sig.xml generated by POI with the sig.xml generated by Word shows that Word includes a RelationshipReference to the Hyperlink, whereas POI skips it. <Reference URI="/word/_rels/document.xml.rels?ContentType=application/vnd.openxmlformats-package.relationships+xml"> <Transforms> <Transform Algorithm="http://schemas.openxmlformats.org/package/2006/RelationshipTransform"> ... <mdssi:RelationshipReference xmlns:mdssi="http://schemas.openxmlformats.org/package/2006/digital-signature" SourceId="rId6"/> ... In OOXMLSignatureFacet.java is the following comment and code, so it seems to be a glitch in MS Word: /* * ECMA-376 Part 2 - 3rd edition * 13.2.4.16 Manifest Element * "The producer shall not create a Manifest element that references any data outside of the package." */ if (TargetMode.EXTERNAL == relationship.getTargetMode()) { continue; } However, as users get suspicious when Word reports 'Partial signatures' I wonder if an additional OfficeSignatureFacet would make sense, which adds the RelationshipReference to Hyperlinks to the signature. Attached are the input and signed documents and sample code to create the signed document with POI/OPC.