Geek Answers Handbook

.Net: SignedXml - xml signing with exc-c14n conversion algorithm

I am trying to sign Xml (actually SOAP xml) in C # using the SignedXml class , the signing step is successful, but when I try to verify the signature that tells me that it is not valid. The only change I made from the example on MSDN was that I used XmlDsigExcC14NTransform instead of the XmlDsigEnvelopedSignatureTransform conversion. If I use XmlDsigEnvelopedSignatureTransform, I will get a valid signature.

Here is my code for signing:

private static XmlDocument SignXml(XmlDocument doc) { SignedXml signedXml = new SignedXml(doc); signedXml.SigningKey = Certificate.PrivateKey; Reference reference = new Reference(); reference.Uri = ""; XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform(); //XmlDsigExcC14NTransform env = new XmlDsigExcC14NTransform(); reference.AddTransform(env); signedXml.AddReference(reference); signedXml.ComputeSignature(); XmlElement signature = signedXml.GetXml(); doc.DocumentElement.AppendChild(signature); doc.Save(SignedXmlPath); return doc; }

The code above will give me a valid signature, but if I use

 XmlDsigExcC14NTransform env = new XmlDsigExcC14NTransform();

instead

 XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform();

I will receive an invalid signature.

Here is my confirmation code:

 private static bool Verify(XmlDocument doc) { SignedXml signedDoc = new SignedXml(doc); XmlNodeList nodeList = doc.GetElementsByTagName(Constants.SignatureElement); signedDoc.LoadXml((XmlElement)nodeList[0]); return signedDoc.CheckSignature((RSA)Certificate.PublicKey.Key); }

Can someone tell me how I can sign with the conversion algorithm http://www.w3.org/2001/10/xml-exc-c14n#

Thanks in advance.

+4
source share
1 answer

You will need XmlDsigEnvelopedSignatureTransform in your case, because you are adding a signature inside the element you are signing.

XmlDsigEnvelopedSignatureTransform will tell the SignedXml class SignedXml remove the signature from the node signature itself before testing its validity. This is necessary because you added this element after calculating the signature.

You can add another transformation by calling AddTransform again as follows:

 XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform(); XmlDsigExcC14NTransform c14n = new XmlDsigExcC14NTransform(); reference.AddTransform(env); reference.AddTransform(c14n);

However, I think what you really want to do instead of my example above, set CanonicalizationMethod to c14n:

 signedXml.SignedInfo.CanonicalizationMethod = "http://www.w3.org/2001/10/xml-exc-c14n#"; - or - signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl;
+8
source

More articles:


All Articles