Verify SAML Signature with the public key of a certificate

EDN Admin

Well-known member
Joined
Aug 7, 2010
Messages
12,794
Location
In the Machine
Hello all,
I would like to verify the signature of an XML file, heres the XML Signature :
<pre class="prettyprint <Signature xmlns="http://www.w3.org/2000/09/xmldsig# <SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n# </CanonicalizationMethod><SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 </SignatureMethod><Reference URI="#_17c92c83-ad37-440b-938d-9bd8ac13fe8a <Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature </Transform><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n# </Transform></Transforms><DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256 </DigestMethod><DigestValue>j5+b0DO4q8ciMfuEhGznZZal+RoPVnEZcbJA/Iy30ZU=</DigestValue></Reference></SignedInfo><SignatureValue>L5LGAI4IpS/2yME9g3L/eavqciazEXdXX5HfE8VK/2z6KzVAfHqEiIk4lH4kw/Fgmu26ioUqsVeof64RuPIdgh2nGUwTWTzrSjlfzVN6t86JJ0+6Zlwn/u+AidIV3vPuT1pSckm0OZ38uj3XZQW7XuIt/qFx4fpQqW9WyiQPAY4=</SignatureValue><KeyInfo><X509Data><X509Certificate>MIIFJzCCBJCgAwIBAgIBADANBgkqhkiG9w0BAQQFADCCARYxCzAJBgNVBAYTAlNFMRAwDgYDVQQIEwdVcHBsYW5kMRAwDgYDVQQHEwdVcHBzYWxhMTswOQYDVQQKEzJBREZTIEVuY3J5cHRpb24gLSBXSU4tSVU4R0ZRUkpGUVYuMjAwOGRvbWFpbi5ib2NhbDFCMEAGA1UECxQ5QURGUyBFbmNyeXB0aW9uIC0gV0lOLUlVOEdGUVJKRlFWLjIwMDhkb21haW4uYm9jYWxfX1N2ZUlEMTswOQYDVQQDEzJBREZTIEVuY3J5cHRpb24gLSBXSU4tSVU4R0ZRUkpGUVYuMjAwOGRvbWFpbi5ib2NhbDElMCMGCSqGSIb3DQEJARYWc3VwcG9ydEBlLWlkZW50aXRldC5zZTAgFw0xMjAxMzExODAwMjJaGA8yMDU0MDIyNDE4MDAyMlowggEWMQswCQYDVQQGEwJTRTEQMA4GA1UECBMHVXBwbGFuZDEQMA4GA1UEBxMHVXBwc2FsYTE7MDkGA1UEChMyQURGUyBFbmNyeXB0aW9uIC0gV0lOLUlVOEdGUVJKRlFWLjIwMDhkb21haW4uYm9jYWwxQjBABgNVBAsUOUFERlMgRW5jcnlwdGlvbiAtIFdJTi1JVThHRlFSSkZRVi4yMDA4ZG9tYWluLmJvY2FsX19TdmVJRDE7MDkGA1UEAxMyQURGUyBFbmNyeXB0aW9uIC0gV0lOLUlVOEdGUVJKRlFWLjIwMDhkb21haW4uYm9jYWwxJTAjBgkqhkiG9w0BCQEWFnN1cHBvcnRAZS1pZGVudGl0ZXQuc2UwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKc62jvWysBjJY+iPKD9ysBhs5UMFX7cbz1dSRiRKmamTRnkhQYMiOk0Wce74KLHRkZZwaAkzoTj8Dklii0KLq6GTTAVWBaGHGMUK1DLYrseEGS+jSR3lkxztLwdVeyBE2+I1AWSJ3yTy/mbIzYhl7SPx4WqWu2tp69uGYyWL1xTAgMBAAGjggF9MIIBeTAdBgNVHQ4EFgQUr1S2cnJ8Y0JnI3DnZcLujdd5YEMwggFIBgNVHSMEggE/MIIBO4AUr1S2cnJ8Y0JnI3DnZcLujdd5YEOhggEepIIBGjCCARYxCzAJBgNVBAYTAlNFMRAwDgYDVQQIEwdVcHBsYW5kMRAwDgYDVQQHEwdVcHBzYWxhMTswOQYDVQQKEzJBREZTIEVuY3J5cHRpb24gLSBXSU4tSVU4R0ZRUkpGUVYuMjAwOGRvbWFpbi5ib2NhbDFCMEAGA1UECxQ5QURGUyBFbmNyeXB0aW9uIC0gV0lOLUlVOEdGUVJKRlFWLjIwMDhkb21haW4uYm9jYWxfX1N2ZUlEMTswOQYDVQQDEzJBREZTIEVuY3J5cHRpb24gLSBXSU4tSVU4R0ZRUkpGUVYuMjAwOGRvbWFpbi5ib2NhbDElMCMGCSqGSIb3DQEJARYWc3VwcG9ydEBlLWlkZW50aXRldC5zZYIBADAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBAUAA4GBADz4XfqAQJdZvSzPdY8ufdVNWqMbTSOeBF82tePAc7L4RQJ8FPBiA45xJxxuTD9MXdbYdKKGoIXzbF29+PAkWNb9xwMKrUZNfVNh1VBYJYkZcpO4t5VYf6j24G7yYW44nEeNJZuQ1eIksQpJLFBqoW3S02+6nSqWT+NVcIuyH6Ve</X509Certificate></X509Data></KeyInfo></Signature>[/code]
<br/>
So what I do is taking the Digest Value , put in a array of bytes and compute the hash using this code
( I use SHA 256 like in the canonicalization method )
<pre class="prettyprint SHA256Managed sha1 = new SHA256Managed(); UTF8Encoding encoding = new UTF8Encoding();
byte[] data = encoding.GetBytes(text);
byte[] hash = sha1.ComputeHash(data); [/code]
<br/>
After that I take the Signature Value and put in a byte aray like I did
<pre class="prettyprint UTF8Encoding sigEncoding = new UTF8Encoding();
Byte[] signature = sigEncoding.GetBytes("L5LGAI4IpS/2yME9g3L/eavqciazEXdXX5HfE8VK/2z6KzVAfHqEiIk4lH4kw/Fgmu26ioUqsVeof64RuPIdgh2nGUwTWTzrSjlfzVN6t86JJ0+6Zlwn/u+AidIV3vPuT1pSckm0OZ38uj3XZQW7XuIt/qFx4fpQqW9WyiQPAY4=");
[/code]
<br/>
After that I use the public key of the certificate in order to Verify the hash like this
<pre class="prettyprint // Get its associated CSP and public key
RSACryptoServiceProvider csp = (RSACryptoServiceProvider)cert.PublicKey.Key;
// Verify the signature with the hash
return csp.VerifyHash(hash, CryptoConfig.MapNameToOID("SHA256"), signature);[/code]
<br/>
I always have false returned ... Which shouldnt be the case ... Can any of you help me out please ?
Thanks a lot



View the full article
 
Back
Top