RE: Problem with SignedXml and CheckSignature

From: Shawn Farkas (shawnfa_at_online.microsoft.com)
Date: 05/28/04

Next message: Gerry: "Re: The specified domain either does not exist or could not be contacted"
Previous message: dsergovic: "Re: HttpWebRequest and SSL client certs in the 'Local Computer' store"
In reply to: Henning Krause: "Problem with SignedXml and CheckSignature"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 27 May 2004 23:44:05 GMT

Hi Henning,

You don't want to set the KeyInfo clause on the signed XML object, instead you'll want to use the overload of CheckSignature that takes a
key. Your code should look more like this:

   SignedXml signedXml;
   KeyInfo keyInfo;
   RSA rsa;

rsa = RSA.Create();
rsa.FromXmlString(publicKey);

signedXml = new SignedXml(element);
signedXml.LoadXml((XmlElement) element.GetElementsByTagName("Signature", "http://www.w3.org/2000/09/xmldsig#")[0]);

return signedXml.CheckSignature(rsa);

-Shawn
http://blogs.msdn.com/shawnfa

-- 
This posting is provided "AS IS" with no warranties, and confers no rights.
Note:  For the benefit of the community-at-large, all responses to this message are best directed to the newsgroup/thread from which they 
originated.  
--------------------
>From: "Henning Krause" <newsgroup.no@spam.infinitec.de>
>Subject: Problem with SignedXml and CheckSignature
>Date: Thu, 27 May 2004 13:55:46 +0200
>Lines: 82
>X-Priority: 3
>X-MSMail-Priority: Normal
>X-Newsreader: Microsoft Outlook Express 6.00.3790.0
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
>Message-ID: <#A2rOG#QEHA.2468@TK2MSFTNGP11.phx.gbl>
>Newsgroups: microsoft.public.dotnet.security
>NNTP-Posting-Host: nawsv003.netatwork.de 217.7.121.34
>Path: cpmsftngxa10.phx.gbl!TK2MSFTFEED01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP11.phx.gbl
>Xref: cpmsftngxa10.phx.gbl microsoft.public.dotnet.security:6241
>X-Tomcat-NG: microsoft.public.dotnet.security
>
>Hello,
>
>I've a problem with the SignedXml Class. The process of signing is ok. But
>when I check the signature, SignedXml.CheckSignature() always returns false.
>
>It works fine, if I include the keyinfo in then xml-file which I sign. But I
>want to store the key in my application and not in the xml-file. So, I do
>not set the KeyInfo property of the SignedXml class during the signing
>process.
>
>When I check the signature, I create a new SignedXml instance and set the
>Keyfile to the key I'm storing in my application.
>
>No exception is thrown, but I the SignedXml.CheckSignature() always returns
>false.
>
>I've also set the XmlDocument.PreserveWhitespace to true.
>
>Any ideas?
>
>Below is my code which I use:
>
>  public static XmlElement SignXml(XmlElement element, string key)
>  {
>   RSA rsa;
>   SignedXml xml;
>   Reference reference;
>   KeyInfo info;
>
>   rsa = RSA.Create();
>   rsa.FromXmlString(key);
>
>   xml = new SignedXml(element);
>   xml.SigningKey = rsa;
>
>   reference = new Reference();
>   reference.Uri = "#xpointer(/)";
>   reference.AddTransform(new XmlDsigEnvelopedSignatureTransform());
>
>   xml.AddReference(reference);
>
>//   info = new KeyInfo();
>//   info.AddClause(new RSAKeyValue(rsa));
>
>   //xml.KeyInfo = info;
>
>   xml.ComputeSignature();
>
>   return (XmlElement) element.OwnerDocument.ImportNode(xml.GetXml(), true);
>  }
>
>  public static bool CheckSignature(XmlElement element, string publicKey)
>  {
>   SignedXml signedXml;
>   KeyInfo keyInfo;
>   RSA rsa;
>
>   rsa = RSA.Create();
>   rsa.FromXmlString(publicKey);
>
>   signedXml = new SignedXml(element);
>   signedXml.LoadXml((XmlElement) element.GetElementsByTagName("Signature",
>"http://www.w3.org/2000/09/xmldsig#")[0]);
>
>   keyInfo = new KeyInfo();
>   keyInfo.AddClause(new RSAKeyValue(rsa));
>   signedXml.KeyInfo = keyInfo;
>
>   return signedXml.CheckSignature();
>  }
>
> }
>
>
>Greetings,
>Henning Krause
>==========================
>Visit my website: http://www.infinitec.de
>Try my free Exchange Explorer: Mistaya
>(http://www.infinitec.de/?page=products)
>
>
>

Next message: Gerry: "Re: The specified domain either does not exist or could not be contacted"
Previous message: dsergovic: "Re: HttpWebRequest and SSL client certs in the 'Local Computer' store"
In reply to: Henning Krause: "Problem with SignedXml and CheckSignature"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Problem with SignedXml and CheckSignature
... I've a problem with the SignedXml Class. ... when I check the signature, ... if I include the keyinfo in then xml-file which I sign. ... RSA rsa; ...
(microsoft.public.dotnet.security)
Re: SignedXml.CheckSignature fails
... I call the two functions in the same routine: ... SignedXml signedXml = new SignedXml; ... Reference reference = new Reference; ... KeyInfo keyInfo = new KeyInfo; ...
(microsoft.public.dotnet.security)
SignedXML
... I'm trying to create signed XML document with SignedXml class. ... SigningKey I'd like to use key pair obtained from user certificate ... Reference reference = new Reference; ... KeyInfo keyInfo = new KeyInfo; ...
(microsoft.public.dotnet.security)
SignedXML
... I'm trying to create signed XML document with SignedXml class. ... SigningKey I'd like to use key pair obtained from user certificate ... Reference reference = new Reference; ... KeyInfo keyInfo = new KeyInfo; ...
(microsoft.public.dotnet.xml)
SignedXml.CheckSignature always false
... RSACryptoServiceProvider rsa = new RSACryptoServiceProvider; ... XmlDocument signature = Sign; ... SignedXml signedXml = new SignedXml; ... Reference reference = new Reference; ...
(microsoft.public.de.german.entwickler.dotnet.csharp)