Re: SignedXml.CheckSignature fails

From: Ivan Medvedev [MS] (ivanmed_at_online.microsoft.com)
Date: 05/15/03 

Date: Thu, 15 May 2003 09:15:46 -0700

J-P -
In this case you can not verify the signature with the same SignedXml
object - its context needs to be set to the enveloping document, and it is
only possible when the object is constructed.
Here is how to verify your signature (put right after the call to
ComputeSignature):

------------------ cut ----------------
XmlDocument doc2 = new XmlDocument();
doc2.PreserveWhitespace = true;
doc2.LoadXml(signedXml.GetXml().OuterXml);

signedXml = new SignedXml(doc2);
XmlNodeList nodeList = doc2.GetElementsByTagName("Signature");
signedXml.LoadXml((XmlElement)nodeList[0]);

Console.WriteLine(signedXml.CheckSignature());

------------------ cut ----------------

Hope this helps.
--Ivan
This posting is provided "AS IS" with no warranties, and confers no rights.

"J-P Meunier" <fuimens@yahoo.fr> wrote in message
news:uhsimZrGDHA.2172@TK2MSFTNGP12.phx.gbl...
> Ivan,
>
> I call the two functions (compute and check) in the same routine:
>
> ...
> SignedXml signedXml = new SignedXml();
>
> signedXml.SigningKey = rsaKeyPair; //already generated key
>
> XmlDocument xdMainFile = new XmlDocument(); //file to sign
> XmlNode xnMainFile = xdMainFile.CreateNode(XmlNodeType.Element, "",
> "MainFile", "");
> xnMainFile.InnerText = strMainFileContent; //base64 encoded string
> xdMainFile.AppendChild(xnMainFile);
>
> DataObject dataObject = new DataObject();
> dataObject.Data = xdMainFile.ChildNodes;
> dataObject.Id = "MainFile";
> signedXml.AddObject(dataObject);
>
> Reference reference = new Reference();
> reference.Uri = "#MainFile";
> signedXml.AddReference(reference);
>
> KeyInfo keyInfo = new KeyInfo();
> keyInfo.AddClause(new RSAKeyValue(rsaKeyPair));
> signedXml.KeyInfo = keyInfo;
>
> signedXml.ComputeSignature(); // produces the XML posted in the first
> message
> signedXml.CheckSignature(); // fails
> ...
>
> Where am I supposed to do PreserveWhitespace = true ?
>
> Thanks,
>
> J-P
>
> "Ivan Medvedev [MS]" <ivanmed@online.microsoft.com> a écrit dans le
message
> de news: uoacVVjGDHA.2200@TK2MSFTNGP11.phx.gbl...
> > J-P -
> > have you done XmlDocument.PreserveWhitespace=true in both sign and
verify
> > routines?
> > Thanks,
> > --Ivan
> > This posting is provided "AS IS" with no warranties, and confers no
> rights.
> >
> >
> > "J-P Meunier" <fuimens@yahoo.fr> wrote in message
> > news:OL5c6oiGDHA.1660@TK2MSFTNGP10.phx.gbl...
> > > Hi all,
> > >
> > > I can't verify the XML Signature I just have generated (in the same
> > > program). The function CheckSignature (called immedialtely after
> > > ComputeSignature) throws a "Incorrect Reference" Error.
> > >
> > > Here is the SignedXml object I get when I call ComputeSignature :
> > >
> > > <SignedInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
> > > <CanonicalizationMethod
> > > Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
> > > <SignatureMethod
> > Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"
> > > />
> > > <Reference URI="#MainFile">
> > > <DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
> > />
> > > <DigestValue>w7o1zJRNO4MkRyJ2dFKAdc93t2w=</DigestValue>
> > > </Reference>
> > > </SignedInfo>
> > > <SignatureValue
xmlns="http://www.w3.org/2000/09/xmldsig#">cMo1VIuso0qH
> > ...
> > > to end of signature</SignatureValue>
> > > <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
> > > <KeyValue xmlns="http://www.w3.org/2000/09/xmldsig#">
> > > <RSAKeyValue>
> > > <Modulus>vuUqF6 ... to end of modulus</Modulus>
> > > <Exponent>AQAB</Exponent>
> > > </RSAKeyValue>
> > > </KeyValue>
> > > </KeyInfo>
> > > <Object Id="MainFile" xmlns="http://www.w3.org/2000/09/xmldsig#">
> > > <MainFile xmlns="">UmV0dXJuLV ... to end of
mainfile</MainFile>
> > > </Object>
> > >
> > > Question : What is wrong with this Xml ?
> > >
> > > Thanks
> > >
> > > J-P
> > >
> > >
> >
> >
>
>

Relevant Pages

  • Re: how can we restrict what certificate WSE will use?
    ... > X509SecurityTokenManager to verify the request is from a trusted client. ... > certificate to build a valid signature and encrypted data section. ...
    (microsoft.public.dotnet.framework.webservices.enhancements)
  • Re: Keyed hash vs Digital signature ????
    ... For DSIGs you usually use certificates. ... Otherwise it is not possible to verify that you are really using the right public key ... Certs can be made available in various ways - e.g. you can embed them in the signature, make them downloadable and so forth. ... I have understand that hashing a file with a keyed Hash class, ...
    (microsoft.public.dotnet.security)
  • RE: problem verifying XML signature
    ... I've just tried to verify your signature using v2.0, ...
    (microsoft.public.dotnet.security)
  • Re: Check EXE for MY signature only
    ... signature - but at least the code-signing certificate would reveal WHO ... I am trying to figure out how to verify that a dll is signed by my own ... I should probably compare the public key, ...
    (microsoft.public.platformsdk.security)
  • problem verifying XML signature
    ... I have tried verifying the signature with Microsoft SignedXml class ... internal error while attempting to verify the signature. ...
    (microsoft.public.dotnet.security)
Quantcast