Re: Signing a manifest without using XMLSign

From: Paul (
Date: 08/06/04

Date: Fri, 6 Aug 2004 13:20:29 -0400


You can use the X509CertificateStore object from WSE 1.0
(Microsoft.Web.Services.Security.X509) to open the desired cert store and
extract your cert. Then assign the cert key to an RSA object from

 Dim sCertSubject As String
 Dim oStore As X509CertificateStore
 Dim oCert As Microsoft.Web.Services.Security.X509.X509Certificate = Nothing
 Dim oCerts As X509CertificateCollection
 Dim oKey As RSA
 Dim xmlManifest As XmlDocument
 Dim signedXml As SignedXml
 Dim refManifest As Reference

 sCertSubject = "some subject string"

 ' get the key from the cert store
 oStore =

 ' find the subject
 oCerts = oStore.FindCertificateBySubjectName(sCertSubject)

 ' make sure you found the cert you were looking for...
 If oCerts.Count > 0 Then ' Obtain the first matching certificate.
  oCert = CType(oCerts(0),
 Else ' No certificates matched the search criteria.
  ' throw an exception, etc...
 End If

 ' close the X.509 certificate store.

 ' create the RSA object and assign the cert key
 oKey = oCert.Key

Now use the SignedXML object to create your signature...

 ' load the XML into a DOM
 xmlManifest = New XmlDocument

 ' create the SignedXml object and assign the key
 signedXml = New SignedXml(xmlManifest)
 signedXml.SigningKey = oKey

 ' add Reference, transformation, envelope, etc. to the signed XML node per
your requirements...
 refManifest = New Reference
 refManifest.Uri = ""
 Dim env As New XmlDsigEnvelopedSignatureTransform
 Dim trans As New XmlDsigC14NTransform

 ' add KeyInfo object per your requirements...
 Dim keyInfo As New KeyInfo
 keyInfo.AddClause(New RSAKeyValue(oKey))
 signedXml.KeyInfo = keyInfo

 ' calculate signature

 ' get signature from SignedXml object
 Dim xmlDigitalSignature As XmlElement = signedXml.GetXml()

 ' add the signature element to the orginal manifest xml using AppendChild,
InsertAfter, etc...


 - Paul

"Scott" <> wrote in message
> Anyone have an idea how to sign a manifest.xml file with an X.509
> certificate without having to use that buggy XMLSign utility?

Relevant Pages

  • Re: PKCS7 renewal request
    ... <%' makeCert.asp - make cert in batch mode ... Dim CertEnroll, CertRequest, CACert ... ' Finally Create the request ...
  • Re: novice needs help with query
    ... Cert periond table from and through dates have nothing to do with doctors ... identifying the end of the cert period. ... > Dim db As DAO.Database ...
  • Re: Trying to read cert store
    ... Windows Application, the default userpermissions is your own sign-in ... Dim stClientStore As X509CertificateStore ... Dim cert As X509Certificate ...
  • Re: can any one help on Certificate Revocation status...
    ... I am using CAPICOM 2.0 and OS windows 2000 professional. ... I am receiving error exactly on "chain.Build (cert)" statement. ... >> Dim LocalStore As New Store ... >> Dim chain As New chain ...
  • Re: Signing a manifest without using XMLSign
    ... Dim oStore As X509CertificateStore ... Dim signedXml As SignedXml ... Dim refManifest As Reference ... > Dim oCerts As X509CertificateCollection ...