In Focus
Jabalpur Chapter - Windows 8 Developers Day
Delhi Chapter Hands On June 22: Limited Seats Register Now
Kolkata Chapter Developer Day: May 25
C# Corner Delhi Chapter Meet, May-18, 2013 Official Recap
Istanbul Chapter May 2013 2nd Seminar Announced : Learn WinJS, Windows Store, MVC
Email :
Password :
Remember me?
Forgot password
Technologies
Monthly Leaders
ASK A QUESTION
C# Programming
Multi-threading
Microsoft Surface
Community Services
Java
.NET General
Office Interoperability
ReFS
Current Affairs
JQuery
Active Directory
Printing
Silverlight 5
Fun and Jokes
JSP
ADO.NET & Database
Project Management
WCF
Job Opportunities
Multimedia, Graphics, Flash
AJAX & Atlas
Remoting
Windows 8
Leadership
PHP
Algorithms & AI
Reporting
Windows Azure
Mac for Windows
Social Networking
Arrays & Collections
Robotics and Hardware
Windows Store Apps
Microsoft Feedback
TypeScript
ASP.NET & Web Development
Security & Cryptography
Workflow Foundation
Open Source Projects
Web Hosting
C# Language
Setup & Deployment
WPF
Operating Systems
Website Management
C# References
Sharepoint
XAML Language
Paid Projects
Windows Azure
CLR & .NET Internals
Speech & Voice Recognition
Site and Forums Feedback
Prizes, Awards, MVP
Windows Phone 7
COM Interoperability
Tablet PC
Announcements
Students & Beginner Projects
Database
Custom Controls
Testing and QA
Author Guidelines
Test Category
Database General
Design and Architecture
Visual Basic .NET
Bugs and Problems
Training & Certification
Oracle
Embedded Development
Visual C++
Forums Feedback
Web Development
SQL
Enterprise Development
Visual Studio 11
Site Feedback & Suggestions
Advertising, Marketing, SEO
SQL Server
Games, DirectX, and XNA
Visual Studio 2010
Site Spams
Android
Products
GDI+ and DirectX
Web Services
Miscellaneous
Cloud Computing
Office 2013
General
Windows Forms
.NET Books
Expression Tools
Products
LINQ
Windows Services
Ask the Author
HTML 5
SharePoint 2013
Migrating to .NET
Cutting-Edge
Career Advice
HTML, JavaScript, CSS
Windows 8
Mobile Development
.NET 5.0
Coffee, Chai Lounge
iPhone, iPad
Forum guidelines
Home
»
.NET 5.0
»
Unable to validate digitally signed XML document
Author
Question
sunil sharma
Unable to validate digitally signed XML document
Posted on: 14 Jul 2011
Hi All,
I have got a digitally signed XML document from client an trying to validate it. I am using the Windows 2008 server R2 environment .
In this xml file the response I am getting is with Signature algorithm sha256
ds:SignatureMethod
Algorithm
=
"
http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
"
I created a digitally signed xml on my local machine. It is showing the digital signature with sha1 algorithm.
SignatureMethod
Algorithm
=
"
http://www.w3.org/2000/09/xmldsig#rsa-sha1
"
I am able to validate this file using the code I have with me.
But facing problems with client generated sha256 algorithm xml file.
I am getting the error: "SignatureDescription could not be created for the signature algorithm supplied."
I tried with various posts explaining how to validate a SAML Response but unable to get the solution.
Please suggest how I could validate this file with ds:SignatureMethod Algorithm of sha256.
------------------------------------
Here is XML file that I am able to validate:
------------------------------------
<
MyElement
xmlns
=
"
samples
"
>
Example text to be signed.
<
Signature
xmlns
=
"
http://www.w3.org/2000/09/xmldsig#
"
>
<
SignedInfo
>
<
CanonicalizationMethod
Algorithm
=
"
http://www.w3.org/TR/2001/REC-xml-c14n-20010315
"
/>
<
SignatureMethod
Algorithm
=
"
http://www.w3.org/2000/09/xmldsig#rsa-sha1
"
/>
<
Reference
URI
=
""
>
<
Transforms
>
<
Transform
Algorithm
=
"
http://www.w3.org/2000/09/xmldsig#enveloped-signature
"
/>
</
Transforms
>
<
DigestMethod
Algorithm
=
"
http://www.w3.org/2000/09/xmldsig#sha1
"
/>
<
DigestValue
>
zSI5ZAMmQ+8u7R2rP7aAPT6nNQw=
</
DigestValue
>
</
Reference
>
</
SignedInfo
>
<
SignatureValue
>
sroeP57d2oEGG/vWyXNgwtVHRD6FgJPlTObOLETuh7rzCDoTHZnk9iQzZnmYg4JPLrGpZ6Ii0zBV5TQnir6ye6B4lKdIliQ7/MBIb/w1rzj37PyfjIQhOtuHDMzehvHbBm9HOd3Q3x+jWhkQlIuDiEkxyN5MECJjg1YSXCOY+pk=
</
SignatureValue
>
<
KeyInfo
>
<
X509Data
>
<
X509Certificate
>
MIICIzCCAYygAwIBAgIQfIzmGyaIj6BHKoXsXkPnsTANBgkqhkiG9w0BAQQFADAjMSEwHwYDVQQDHhgAWABNAEwARABTAEkARwBfAFQAZQBzAHQwHhcNMDQxMjMxMTgzMDAwWhcNMDkxMjMxMTgzMDAwWjAjMSEwHwYDVQQDHhgAWABNAEwARABTAEkARwBfAFQAZQBzAHQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL+hg6AnrxZssR5x2WQOC/lvzIvKtfNRgOTUCohdsZUIQADDRNVU5rF97X8huKyqHmsJdq9tuPMPJpEkXgcynBhw9uLaQp4zEOUDOS2Z/WhAASf8InFGufEjqtU2mDvDcZa6ABAMjbKSFWFYaJ9jzo6O30ADwfaxmG1Pf5WmS5YfAgMBAAGjWDBWMFQGA1UdAQRNMEuAEKywDpG6PDEdbJMg6SJ1gWqhJTAjMSEwHwYDVQQDHhgAWABNAEwARABTAEkARwBfAFQAZQBzAHSCEHyM5hsmiI+gRyqF7F5D57EwDQYJKoZIhvcNAQEEBQADgYEAPF8qOEbM+64kt+sfRtZFMCw2b4QjF2GefKpqzYol37VAdjOvoE3OMRGInQLXPf5fqPY1DLTy83zbK3A31U2UJI5RiPyAJHQQxHmKGntyo/TyGGOXZy0qtq/+ETQl1QsD0Agwvlgd9GaMK5V6/U5RrldYP2G3nQDOt8+cek/FBps=
</
X509Certificate
>
</
X509Data
>
</
KeyInfo
>
</
Signature
>
</
MyElement
>
------------------------------------
Client file( unable to validate):
I have changed some of information from XML for security reasons.
------------------------------------
<
samlp:Response
ID
=
"
_9sdsddsaAAsada
"
Version
=
"
2.0
"
IssueInstant
=
"
2011-06-28T15:45:13.424Z
"
Destination
=
"
https://test.abc.com/abc/
"
Consent
=
"
urn:oasis:names:tc:SAML:2.0:consent:unspecified
"
xmlns:samlp
=
"
urn:oasis:names:tc:SAML:2.0:protocol
"
>
<
Issuer
xmlns
=
"
urn:oasis:names:tc:SAML:2.0:assertion
"
>
http://mydomain.com/adfs/services/trust</Issuer
>
<
samlp:Status
>
<
samlp:StatusCode
Value
=
"
urn:oasis:names:tc:SAML:2.0:status:Success
"
/>
</
samlp:Status
>
<
Assertion
ID
=
"
_7a4
"
IssueInstant
=
"
2011-06-28T15:45:13.424Z
"
Version
=
"
2.0
"
xmlns
=
"
urn:oasis:names:tc:SAML:2.0:assertion
"
>
<
Issuer
>
http://mydomain.com/adfs/services/trust</Issuer
>
<
ds:Signature
xmlns:ds
=
"
http://www.w3.org/2000/09/xmldsig#
"
>
<
ds:SignedInfo
>
<
ds:CanonicalizationMethod
Algorithm
=
"
http://www.w3.org/2001/10/xml-exc-c14n#
"
/>
<
ds:SignatureMethod
Algorithm
=
"
http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
"
/>
<
ds:Reference
URI
=
"
#_testxyz12345
"
>
<
ds:Transforms
>
<
ds:Transform
Algorithm
=
"
http://www.w3.org/2000/09/xmldsig#enveloped-signature
"
/>
<
ds:Transform
Algorithm
=
"
http://www.w3.org/2001/10/xml-exc-c14n#
"
/>
</
ds:Transforms
>
<
ds:DigestMethod
Algorithm
=
"
http://www.w3.org/2001/04/xmlenc#sha256
"
/>
<
ds:DigestValue
>
tpyyynxxyyyYsk55Gh83D5kFsTgE=
</
ds:DigestValue
>
</
ds:Reference
>
</
ds:SignedInfo
>
<
ds:SignatureValue
>
1kWJzznFjd4F6A/ij4TdsqfXgsTN0QJ8dfshjsdjfsds njfjsdfsdjfdsfa3OvkUSYJ0iYznPmdOKD8SeTKuJfxOuUVKMoBMO6xHR48ywnRbzWIduP/p+G4Tcw/qT5Ka84aKEpA3nJLHAEEN4HsLVhQWD6jS852kyjPQIBmEGxG3Ya5TwU/vWg6budcVTXQ/vln+DhVhYEnR69CtUSp6eyIJb9rqV+HtUmz6djRN+1MB+80DQC8K4V4vW3YUiNGglZyXmF5g==
</
ds:SignatureValue
>
<
KeyInfo
xmlns
=
"
http://www.w3.org/2000/09/xmldsig#
"
>
<
ds:X509Data
>
<
ds:X509Certificate
>
BDDkqhkiG9w0BAQUFADCBsTELMAkGA1UEBhMCVVMxFjAUBgNVBAoTodsadhydfgdbhshc5lbnRydXN0Lm5ldC9ycGEgaXMgaW5jb3Jwb3JhdGVkIGJ5IHJlZmVyZW5jZTEfMB0GA1UECxMWKGMpIDIwMDkgRW50cnVzdCwgSW5jLjEuMCwGA1UEAxMlRW50cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxQzAeFw0xMTAzMDQxMzU1NDZaFw0xMzA1MDQxNzMwMDJaMHwxCzAJBgNVBAYTAlVTMRQwEgYDVQQIEwtDb25uZWN0aWN1dDESMBAGA1UEBxMJTmV3aW5ndG9uMQwwCgYDVQQKEwNVVEMxDDAKBgNVBAsTA1VUQzEnMCUGA1UEAxMeYWRmc3N0YWdldG9rZW4uZnMxYS51dGNkbXouY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1oNT/9ainRH//98SVcIL0a8pYQm8QCK7duG0iP1Y1fU9DhKwyh18EmpflHQwlrDTzz+7yxVE79fI3D1WokkpMipG8t9Zt9u21NrMUhtb5zVUGxFk5arHZpbCmBjmNtCjjZ9AAgw/ys09Cggpo6cG4zwjtrmL9cAooapxQr/orLEChNU+XZZe47cPerfl/4Ih5MJCsXSIbE0r1wOqLDqSj2n6cJp/IXVKKz5Z4pF3PlxH3c2XWwUGpNohHPjLsG/1WN3nOMo3ljQFtqmLgmH9Pg/z/1MLMuhs4zx+fZabpQO9B1qAxgPHuowPTZPM914iDvku8ncfVuW2Ww8uH8jz/wIDAQABo4IBHTCCARkwCwYDVR0PBAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMDMGA1UdHwQsMCowKKAmoCSGImh0dHA6Ly9jcmwuZW50cnVzdC5uZXQvbGV2ZWwxYy5jcmwwMwYIKwYBBQUHAQEEJzAlMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5lbnRydXN0Lm5ldDBABgNVHSAEOTA3MDUGCSqGSIb2fQdLAjAoMCYGCCsGAQUFBwIBFhpodHRwOi8vd3d3LmVudHJ1c3QubmV0L3JwYTAfBgNVHSMEGDAWgBQe8auJBvhJDwEzd+4Ueu4ZfJMoTTAdBgNVHQ4EFgQUNc2mj8QIq+JJ5tR1h9PdyoPdWmowCQYDVR0TBAIwADANBgkqhkiG9w0BAQUFAAOCAQEATp2vdECO6vslLbz/cKkHtSqJOym9/5t4PU68TbbBQDJwac4GRAA5NAjZ8NGaNgO7VYZAAWpd9MPcNcDo4+4kaX0UJXx6BQhfCRQLfUV2HuqNkK76DSuGsi8Q/jHb+hR/lJ0kfjopuTlU7SKT7bRmlqF01bSa09Ifds1ujgiWCBSiKDTvj5SgUW/m/TNHtKUs/KppPsIkFRJFNBiKdL6KJR2Kt6VoxfzYmAKr9WDVVj9gSM4mUpRKF1X3C7ZiHAUgNM3xSCfETK774+1g0zEjQjL04bJXPt8m8MQMmRuhm05Nsl7VumBGcwoosKPthYTrBwawen6aZhqrWstwVWs7Dw==
</
ds:X509Certificate
>
</
ds:X509Data
>
</
KeyInfo
>
</
ds:Signature
>
<
Subject
>
<
NameID
Format
=
"
urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
"
>
SWESTKIR
</
NameID
>
<
SubjectConfirmation
Method
=
"
urn:oasis:names:tc:SAML:2.0:cm:bearer
"
>
<
SubjectConfirmationData
NotOnOrAfter
=
"
2011-06-28T15:50:13.424Z
"
Recipient
=
"
https://testRecipient.test.com/abc/
"
/>
</
SubjectConfirmation
>
</
Subject
>
<
Conditions
NotBefore
=
"
2011-06-28T15:45:13.416Z
"
NotOnOrAfter
=
"
2011-06-28T16:45:13.416Z
"
>
<
AudienceRestriction
>
<
Audience
>
https://Audience.test.com/abc/</Audience
>
</
AudienceRestriction
>
</
Conditions
>
<
AttributeStatement
>
<
Attribute
Name
=
"
http://schemas.xmlsoap.org/claims/CommonName
"
a:OriginalIssuer
=
"
http://test.App.com/
"
xmlns:a
=
"
http://schemas.xmlsoap.org/ws/2009/09/identity/claims
"
>
<
AttributeValue
>
efs
</
AttributeValue
>
</
Attribute
>
<
Attribute
Name
=
"
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
"
a:OriginalIssuer
=
"
http://test.App.com/
"
xmlns:a
=
"
http://schemas.xmlsoap.org/ws/2009/09/identity/claims
"
>
<
AttributeValue
>
apple
</
AttributeValue
>
</
Attribute
>
<
Attribute
Name
=
"
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
"
a:OriginalIssuer
=
"
http://test.App.com/
"
xmlns:a
=
"
http://schemas.xmlsoap.org/ws/2009/09/identity/claims
"
>
<
AttributeValue
>
cap
</
AttributeValue
>
</
Attribute
>
<
Attribute
Name
=
"
http://schemas.microsoft.com/ws/2008/06/identity/claims/role
"
a:OriginalIssuer
=
"
http://test.App.com/
"
xmlns:a
=
"
http://schemas.xmlsoap.org/ws/2009/09/identity/claims
"
>
<
AttributeValue
> </
AttributeValue
>
</
Attribute
>
<
Attribute
Name
=
"
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
"
a:OriginalIssuer
=
"
http://test.App.com/
"
xmlns:a
=
"
http://schemas.xmlsoap.org/ws/2009/09/identity/claims
"
>
<
AttributeValue
>
test@testApp.com</AttributeValue
>
</
Attribute
>
</
AttributeStatement
>
<
AuthnStatement
AuthnInstant
=
"
2011-06-28T15:45:09.805Z
"
SessionIndex
=
"
_5a4fd-4aba-4660-a136-80rr1b4c378
"
>
<
AuthnContext
>
<
AuthnContextClassRef
>
urn:federation:authentication:windows
</
AuthnContextClassRef
>
</
AuthnContext
>
</
AuthnStatement
>
</
Assertion
>
</
samlp:Response
>
Here is my code:
------------------------------------
Code to sign a XML:
------------------------------------
// Sign an XML file and save the signature in a new file.
public
static
void
SignXmlFile(
string
FilePath,
string
SignedFileNamePath,
string
SubjectName)
{
// Load the certificate from the certificate store.
X509Certificate2
cert = GetCertificateBySubject(SubjectName);
// Create a new XML document.
XmlDocument
doc =
new
XmlDocument
();
// Format the document to ignore white spaces.
doc.PreserveWhitespace =
false
;
// Load the passed XML file using it's name.
doc.Load(FilePath);
// Create a SignedXml object.
SignedXml
signedXml =
new
SignedXml
(doc);
// Add the key to the SignedXml document.
signedXml.SigningKey = cert.PrivateKey;
// Create a reference to be signed.
Reference
reference =
new
Reference
();
reference.Uri =
""
;
// Add an enveloped transformation to the reference.
XmlDsigEnvelopedSignatureTransform
env =
new
XmlDsigEnvelopedSignatureTransform
();
reference.AddTransform(env);
// Add the reference to the SignedXml object.
signedXml.AddReference(reference);
// Create a new KeyInfo object.
KeyInfo
keyInfo =
new
KeyInfo
();
// Load the certificate into a KeyInfoX509Data object
// and add it to the KeyInfo object.
keyInfo.AddClause(
new
KeyInfoX509Data
(cert));
// Add the KeyInfo object to the SignedXml object.
signedXml.KeyInfo = keyInfo;
// Compute the signature.
signedXml.ComputeSignature();
// Get the XML representation of the signature and save
// it to an XmlElement object.
XmlElement
xmlDigitalSignature = signedXml.GetXml();
// Append the element to the XML document.
doc.DocumentElement.AppendChild(doc.ImportNode(xmlDigitalSignature,
true
));
if
(doc.FirstChild
is
XmlDeclaration
)
{
doc.RemoveChild(doc.FirstChild);
}
// Save the signed XML document to a file specified
// using the passed string.
using
(
XmlTextWriter
xmltw =
new
XmlTextWriter
(SignedFileNamePath,
new
UTF8Encoding
(
false
)))
{
doc.WriteTo(xmltw);
xmltw.Close();
}
}
------------------------------------
Code to verify signed XML:
------------------------------------
public
static
bool
isValidSignature(
String
xmlFilePath,
String
CertificatePath)
{
// Load the certificate from the store.
X509Certificate2
cert = GetCertificateByFile(CertificatePath);
// Create a new XML document.
XmlDocument
xmlDocument =
new
XmlDocument
();
// Load the passed XML file into the document.
xmlDocument.Load(xmlFilePath);
// Create a new SignedXml object and pass it
// the XML document class.
SignedXml
signedXml =
new
SignedXml
(xmlDocument);
// Find the "Signature" node and create a new
// XmlNodeList object.
XmlNodeList
nodeList = xmlDocument.GetElementsByTagName(
"Signature"
);
// Handling Signature and ds:Signature temporarily
if
(nodeList.Count == 0)
{
nodeList = xmlDocument.GetElementsByTagName(
"ds:Signature"
);
}
// Load the signature node.
signedXml.LoadXml((
XmlElement
)nodeList[0]);
// Check the signature and return the result.
return
signedXml.CheckSignature(cert,
true
);
}
This
signedXml.CheckSignature(cert,
true
);
gives the exception: "System.Security.Cryptography.CrytographicException"
with message: "SignatureDescription could not be created for the signature algorithm supplied"
when using the client XML with
ds:SignatureMethod
Algorithm
=
"
http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
"
------------------------------------
public
static
X509Certificate2
GetCertificateByFile(
string
certificatePath)
{
X509Certificate2
x509 =
new
X509Certificate2
();
//Create X509Certificate2 object from .cer file.
byte
[] rawData = ReadFile(certificatePath);
x509.Import(rawData);
return
x509;
}
------------------------------------
//Reads a file.
internal
static
byte
[] ReadFile(
string
fileName)
{
FileStream
f =
new
FileStream
(fileName,
FileMode
.Open,
FileAccess
.Read);
int
size = (
int
)f.Length;
byte
[] data =
new
byte
[size];
size = f.Read(data, 0, size);
f.Close();
return
data;
}
------------------------------------
Thanks in advance
Reply
Quick Reply
Report a Spam
Our Recommended Solutions
Reading XML Files using XmlDocument in VB.NET
How to Read From XML Document
Delay Signing an Assembly
When to Delay Sign Assemblies
Compare Two XML Files Using .Net
Convert Microsoft Office Word to other formats (pdf, html, rtf, xps)
Write XML in C#
Inserting Data to an XML Document
Reading XML Files
Reading and Wtiting XML Documents
[ + ]
Quick Reply:
SEARCH ANSWERS
All
C# Programming
Cutting-Edge
Site and Forums Feedback
Miscellaneous
Web Development
Database
Products
Any Word
Exact Word
Our recommended forum posts
Connecting Visual Studio 2010 with Sql server 2012
C#, WPF and MVVM ... How to load an XML file into a dataset
C# Custom Control Handling
How to get Row data from Jqgrid to another view/Controller
TextProperty OnTextChanged ändert nicht den Text
sheet same values i need to insert into table
Need information about PrintDocument
Soap security negotiation when using wsHttpBinding
how to use Templates in visual studio
Load MS Project Template (MPT) Files & Enhanced Gantt Chart
HOT QUESTIONS
c# writing user input from form to text file using windows a
Import/Export Generic List Objects
System.Collection.IList
Create List accessible for other classes
Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)
Extracting Data from a listbox in Another Application
mathematical euation
code is not working
how can i locate a webbrowser control
Congratulation Vinod Kumar
SPONSORED BY
DynamicPDF ReportWriter Suite
PDF reports have never been easier to create. With our included WYSIWYG Designer, you can layout your reports, set up your data source and let DynamicPDF ReportWriter do the rest.