I am trying to get XMLDSIG support in .NET to behave correctly, or rather, the SignedXml class. I am implementing a third-party service, and they recently began to require that all messages be digitally signed ...
My problem is that I cannot generate valid signatures. Both the third party service and the online signature authenticator, I found that the signature is not valid. The validation service ( http://www.aleksey.com/xmlsec/xmldsig-verifier.html ) reports that there is a mismatch between the digest and the data, and I still could not understand what I'm doing wrong.
Here is the relevant code - I hope someone can determine my mistake;
public static XDocument SignDocument(XDocument originalDocument, X509Certificate2 certificate) { var document = new XmlDocument(); document.LoadXml(originalDocument.ToString(SaveOptions.DisableFormatting)); if (document.DocumentElement == null) throw new InvalidOperationException("Invalid XML document; no root element found."); var signedDocument = new SignedXml(document); Reference signatureReference = GetSignatureReference(); KeyInfo certificateKeyInfo = GetCertificateKeyInfo(certificate); var dataObject = new DataObject("", "text/xml", "utf-8", document.DocumentElement); signedDocument.AddReference(signatureReference); signedDocument.AddObject(dataObject); signedDocument.SigningKey = certificate.PrivateKey; signedDocument.KeyInfo = certificateKeyInfo; signedDocument.ComputeSignature(); return XDocument.Parse(signedDocument.GetXml().OuterXml, LoadOptions.PreserveWhitespace); } private static Reference GetSignatureReference() { var signatureReference = new Reference(""); signatureReference.AddTransform(new XmlDsigEnvelopedSignatureTransform()); return signatureReference; } private static KeyInfo GetCertificateKeyInfo(X509Certificate certificate) { var certificateKeyInfo = new KeyInfo(); certificateKeyInfo.AddClause(new KeyInfoX509Data(certificate)); return certificateKeyInfo; }
thomasjo
source share