Re: Signing a manifest without using XMLSign

From: Paul (nospam_at_msnews.microsoft.com)
Date: 08/10/04


Date: Tue, 10 Aug 2004 11:20:12 -0400

That's standard .NET XML stuff...

Just make sure you're referencing System.XML and import System.XML.

Sorry, I trimmed that one (import) off my list of imports when I cut/pasted
them into my last message. The complete list is much longer, but mostly
specific to my app...

 - Paul

"Scott" <sbusse144@yahoo.com> wrote in message
news:%23%23gSRsufEHA.3632@TK2MSFTNGP11.phx.gbl...
> Paul,
>
> Thanks! Much less "complaints"
>
> Now only complaining about
> Dim xmlManifest As XmlDocument
>
> type XmlDocument is not defined
>
>
>
> Scott
>
> scottbusse@wcpci.com
>
>
>
> "Paul" <nospam@msnews.microsoft.com> wrote in message
> news:O8iazUtfEHA.3556@TK2MSFTNGP12.phx.gbl...
> > More info...
> >
> > Here is my Imports list:
> >
> > Imports Microsoft.Web.Services.Security.X509
> > Imports System.Security.Cryptography
> > Imports System.Security.Cryptography.Xml
> >
> > HTH
> >
> > - Paul
> >
> >
> > "Scott" <sbusse144@yahoo.com> wrote in message
> > news:%23pnQaZ%23eEHA.2824@TK2MSFTNGP10.phx.gbl...
> > > Paul,
> > >
> > > Is this also for NET 2.0?
> > >
> > > What I have is this:
> > > Reference to System.Security & Microsoft.Web.Services2
> > > Imports...
> > >
> > > Imports System.Security.Cryptography.X509Certificates
> > >
> > > Dim sCertSubject As String
> > >
> > > Dim oStore As X509CertificateStore
> > >
> > > Dim oCert As Microsoft.Web.Services.Security.X509.X509Certificate =
> > Nothing
> > >
> > > Dim oCerts As X509CertificateCollection
> > >
> > > Dim oKey As RSA
> > >
> > > Dim xmlManifest As XmlDocument
> > >
> > > Dim signedXml As SignedXml
> > >
> > > Dim refManifest As Reference
> > >
> > > But all of the Dim'ed objects are not valid namespaces (in NET 1.1)
> > >
> > > "Paul" <nospam@msnews.microsoft.com> wrote in message
> > > news:uh8Kzm9eEHA.3944@tk2msftngp13.phx.gbl...
> > > > Scott,
> > > >
> > > > You can use the X509CertificateStore object from WSE 1.0
> > > > (Microsoft.Web.Services.Security.X509) to open the desired cert
store
> > and
> > > > extract your cert. Then assign the cert key to an RSA object from
> > > > System.Security.Cryptography.
> > > >
> > > > Dim sCertSubject As String
> > > > Dim oStore As X509CertificateStore
> > > > Dim oCert As Microsoft.Web.Services.Security.X509.X509Certificate =
> > > Nothing
> > > > Dim oCerts As X509CertificateCollection
> > > > Dim oKey As RSA
> > > > Dim xmlManifest As XmlDocument
> > > > Dim signedXml As SignedXml
> > > > Dim refManifest As Reference
> > > >
> > > > sCertSubject = "some subject string"
> > > >
> > > > ' get the key from the cert store
> > > > oStore =
> > > > X509CertificateStore.LocalMachineStore(X509CertificateStore.MyStore)
> > > > oStore.OpenRead()
> > > >
> > > > ' find the subject
> > > > oCerts = oStore.FindCertificateBySubjectName(sCertSubject)
> > > >
> > > > ' make sure you found the cert you were looking for...
> > > > If oCerts.Count > 0 Then ' Obtain the first matching certificate.
> > > > oCert = CType(oCerts(0),
> > > > Microsoft.Web.Services.Security.X509.X509Certificate)
> > > > Else ' No certificates matched the search criteria.
> > > > ' throw an exception, etc...
> > > > End If
> > > >
> > > > ' close the X.509 certificate store.
> > > > oStore.Close()
> > > >
> > > > ' create the RSA object and assign the cert key
> > > > oKey = oCert.Key
> > > >
> > > > Now use the SignedXML object to create your signature...
> > > >
> > > > ' load the XML into a DOM
> > > > xmlManifest = New XmlDocument
> > > > xmlManifest.Load("manifest.xml")
> > > >
> > > > ' create the SignedXml object and assign the key
> > > > signedXml = New SignedXml(xmlManifest)
> > > > signedXml.SigningKey = oKey
> > > >
> > > > ' add Reference, transformation, envelope, etc. to the signed XML
> node
> > > per
> > > > your requirements...
> > > > refManifest = New Reference
> > > > refManifest.Uri = ""
> > > > Dim env As New XmlDsigEnvelopedSignatureTransform
> > > > refManifest.AddTransform(env)
> > > > Dim trans As New XmlDsigC14NTransform
> > > > refManifest.AddTransform(trans)
> > > > signedXml.AddReference(refManifest)
> > > >
> > > > ' add KeyInfo object per your requirements...
> > > > Dim keyInfo As New KeyInfo
> > > > keyInfo.AddClause(New RSAKeyValue(oKey))
> > > > signedXml.KeyInfo = keyInfo
> > > >
> > > > ' calculate signature
> > > > signedXml.ComputeSignature()
> > > >
> > > > ' get signature from SignedXml object
> > > > Dim xmlDigitalSignature As XmlElement = signedXml.GetXml()
> > > >
> > > > ' add the signature element to the orginal manifest xml using
> > > AppendChild,
> > > > InsertAfter, etc...
> > > >
> > > >
> > > > HTH,
> > > >
> > > > - Paul
> > > >
> > > >
> > > > "Scott" <sbusse144@yahoo.com> wrote in message
> > > > news:eEPpbeZeEHA.3792@TK2MSFTNGP09.phx.gbl...
> > > > > Anyone have an idea how to sign a manifest.xml file with an X.509
> > > > > certificate without having to use that buggy XMLSign utility?
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>