EDN Admin
Well-known member
Hello,
I am trying to generate an XML Digital Signature using a cert from Smart Card in .Net 4.5 using sha256. However, I get an exception for the cannonical method when I use
http://www.w3.org/2006/12/xml-c14n11 http://www.w3.org/2006/12/xml-c14n11 . However, it works when I use
http://www.w3.org/2006/12/xml-c14n11# http://www.w3.org/2006/12/xml-c14n11# . What is the difference between those two, anyone knows? The Web Service expects
http://www.w3.org/2006/12/xml-c14n11 http://www.w3.org/2006/12/xml-c14n11 only, not with a # suffix. Also, what exactly the error means? Does it mean .Net 4.5 does not support canonical XML 1.1? I do not see that listed in
http://msdn.microsoft.com/en-us/library/system.security.cryptography.xml.signedinfo.canonicalizationmethod(v=vs.110).aspx
http://msdn.microsoft.com/en-us/library/system.security.cryptography.xml.signedinfo.canonicalizationmethod(v=vs.110).aspx .
System.Security.Cryptography.CryptographicException was unhandled<br/>
HResult=-2146233296<br/>
Message=Could not create the XML transformation identified by the URI http://www.w3.org/2006/12/xml-c14n11
http://www.w3.org/2006/12/xml-c14n11 .<br/>
Source=System.Security<br/>
StackTrace:<br/>
at System.Security.Cryptography.Xml.SignedInfo.get_CanonicalizationMethodObject()<br/>
at System.Security.Cryptography.Xml.SignedInfo.GetXml(XmlDocument document)<br/>
at System.Security.Cryptography.Xml.SignedInfo.GetXml()<br/>
at System.Security.Cryptography.Xml.SignedXml.GetC14NDigest(HashAlgorithm hash)<br/>
at System.Security.Cryptography.Xml.SignedXml.ComputeSignature()<br/>
at SignXmlTest.Program.SignXml(XmlDocument xmlDoc, X509Certificate2 cert, String signatureMethod, String signatureCanonicalizationMethod, String digestMethod, String referenceUri) in c:UsersnurmoDesktopConsoleApplication1Program.cs:line
66<br/>
at SignXmlTest.Program.Main(String[] args) in c:UsersnurmoDesktopConsoleApplication1Program.cs:line 31<br/>
at System.AppDomain._nExecuteAssembly(RuntimeAssembly assembly, String[] args)<br/>
at System.AppDomain.ExecuteAssembly(String assemblyFile, Evidence assemblySecurity, String[] args)<br/>
at Microsoft.VisualStudio.HostingProcess.HostProc.RunUsersAssembly()<br/>
at System.Threading.ThreadHelper.ThreadStart_Context(Object state)<br/>
at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)<br/>
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)<br/>
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)<br/>
at System.Threading.ThreadHelper.ThreadStart()<br/>
InnerException:
And here is the code that I have:
RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();<br/>
CryptoConfig.AddAlgorithm(typeof(RSAPKCS1SHA256SignatureDescription), signatureMethod);<br/>
XmlDocument xmlDoc = new XmlDocument();<br/>
xmlDoc.PreserveWhitespace = true;<br/>
xmlDoc.LoadXml(xml);
string signatureCanonicalizationMethod = @" http://www.w3.org/2006/12/xml-c14n11 http://www.w3.org/2006/12/xml-c14n11 ";<br/>
string signatureMethod = @" http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 ";<br/>
string digestMethod = @" http://www.w3.org/2001/04/xmlenc#sha256 http://www.w3.org/2001/04/xmlenc#sha256 ";
SignedXml signedXml = new SignedXml(xmlDoc);
CspParameters cspParams = new CspParameters(24);<br/>
cspParams.KeyContainerName = "DATAKEY_RSA_SCARD_PROV";<br/>
//cspParams.KeyContainerName = "XML_DISG_RSA_KEY";<br/>
cspParams.KeyNumber = 2;<br/>
RSACryptoServiceProvider key = new RSACryptoServiceProvider(cspParams);<br/>
key.FromXmlString(cert.PrivateKey.ToXmlString(true));<br/>
signedXml.SigningKey = key;<br/>
signedXml.KeyInfo = new KeyInfo();<br/>
signedXml.KeyInfo.AddClause(new KeyInfoX509Data(cert));
signedXml.SignedInfo.CanonicalizationMethod = signatureCanonicalizationMethod;<br/>
signedXml.SignedInfo.SignatureMethod = signatureMethod;
Reference reference = new Reference();<br/>
reference.Uri = referenceUri;<br/>
reference.DigestMethod = digestMethod;<br/>
reference.AddTransform(new XmlDsigEnvelopedSignatureTransform());<br/>
//reference.AddTransform(new XmlDsigExcC14NTransform());<br/>
signedXml.AddReference(reference);
signedXml.ComputeSignature();
Any help would be highly appreciated.
Thanks,<br/>
MN
<br/>
<br/>
View the full article
I am trying to generate an XML Digital Signature using a cert from Smart Card in .Net 4.5 using sha256. However, I get an exception for the cannonical method when I use
http://www.w3.org/2006/12/xml-c14n11 http://www.w3.org/2006/12/xml-c14n11 . However, it works when I use
http://www.w3.org/2006/12/xml-c14n11# http://www.w3.org/2006/12/xml-c14n11# . What is the difference between those two, anyone knows? The Web Service expects
http://www.w3.org/2006/12/xml-c14n11 http://www.w3.org/2006/12/xml-c14n11 only, not with a # suffix. Also, what exactly the error means? Does it mean .Net 4.5 does not support canonical XML 1.1? I do not see that listed in
http://msdn.microsoft.com/en-us/library/system.security.cryptography.xml.signedinfo.canonicalizationmethod(v=vs.110).aspx
http://msdn.microsoft.com/en-us/library/system.security.cryptography.xml.signedinfo.canonicalizationmethod(v=vs.110).aspx .
System.Security.Cryptography.CryptographicException was unhandled<br/>
HResult=-2146233296<br/>
Message=Could not create the XML transformation identified by the URI http://www.w3.org/2006/12/xml-c14n11
http://www.w3.org/2006/12/xml-c14n11 .<br/>
Source=System.Security<br/>
StackTrace:<br/>
at System.Security.Cryptography.Xml.SignedInfo.get_CanonicalizationMethodObject()<br/>
at System.Security.Cryptography.Xml.SignedInfo.GetXml(XmlDocument document)<br/>
at System.Security.Cryptography.Xml.SignedInfo.GetXml()<br/>
at System.Security.Cryptography.Xml.SignedXml.GetC14NDigest(HashAlgorithm hash)<br/>
at System.Security.Cryptography.Xml.SignedXml.ComputeSignature()<br/>
at SignXmlTest.Program.SignXml(XmlDocument xmlDoc, X509Certificate2 cert, String signatureMethod, String signatureCanonicalizationMethod, String digestMethod, String referenceUri) in c:UsersnurmoDesktopConsoleApplication1Program.cs:line
66<br/>
at SignXmlTest.Program.Main(String[] args) in c:UsersnurmoDesktopConsoleApplication1Program.cs:line 31<br/>
at System.AppDomain._nExecuteAssembly(RuntimeAssembly assembly, String[] args)<br/>
at System.AppDomain.ExecuteAssembly(String assemblyFile, Evidence assemblySecurity, String[] args)<br/>
at Microsoft.VisualStudio.HostingProcess.HostProc.RunUsersAssembly()<br/>
at System.Threading.ThreadHelper.ThreadStart_Context(Object state)<br/>
at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)<br/>
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)<br/>
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)<br/>
at System.Threading.ThreadHelper.ThreadStart()<br/>
InnerException:
And here is the code that I have:
RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();<br/>
CryptoConfig.AddAlgorithm(typeof(RSAPKCS1SHA256SignatureDescription), signatureMethod);<br/>
XmlDocument xmlDoc = new XmlDocument();<br/>
xmlDoc.PreserveWhitespace = true;<br/>
xmlDoc.LoadXml(xml);
string signatureCanonicalizationMethod = @" http://www.w3.org/2006/12/xml-c14n11 http://www.w3.org/2006/12/xml-c14n11 ";<br/>
string signatureMethod = @" http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 ";<br/>
string digestMethod = @" http://www.w3.org/2001/04/xmlenc#sha256 http://www.w3.org/2001/04/xmlenc#sha256 ";
SignedXml signedXml = new SignedXml(xmlDoc);
CspParameters cspParams = new CspParameters(24);<br/>
cspParams.KeyContainerName = "DATAKEY_RSA_SCARD_PROV";<br/>
//cspParams.KeyContainerName = "XML_DISG_RSA_KEY";<br/>
cspParams.KeyNumber = 2;<br/>
RSACryptoServiceProvider key = new RSACryptoServiceProvider(cspParams);<br/>
key.FromXmlString(cert.PrivateKey.ToXmlString(true));<br/>
signedXml.SigningKey = key;<br/>
signedXml.KeyInfo = new KeyInfo();<br/>
signedXml.KeyInfo.AddClause(new KeyInfoX509Data(cert));
signedXml.SignedInfo.CanonicalizationMethod = signatureCanonicalizationMethod;<br/>
signedXml.SignedInfo.SignatureMethod = signatureMethod;
Reference reference = new Reference();<br/>
reference.Uri = referenceUri;<br/>
reference.DigestMethod = digestMethod;<br/>
reference.AddTransform(new XmlDsigEnvelopedSignatureTransform());<br/>
//reference.AddTransform(new XmlDsigExcC14NTransform());<br/>
signedXml.AddReference(reference);
signedXml.ComputeSignature();
Any help would be highly appreciated.
Thanks,<br/>
MN
<br/>
<br/>
View the full article