Signing an Xml Document using RSA-SHA256 signature method issue

c# signedxml
UncleZen picture UncleZen · Aug 1, 2012 · Viewed 12.2k times · Source

I am using the method below to sign Xml Documents:

public static XmlDocument SignDocument(XmlDocument doc)
    {
        string signatureCanonicalizationMethod = "http://www.w3.org/2001/10/xml-exc-c14n#";
        string signatureMethod = @"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";
        string digestMethod = @"http://www.w3.org/2001/04/xmlenc#sha256";

        string signatureReferenceURI = "#_73e63a41-156d-4fda-a26c-8d79dcade713";

        CryptoConfig.AddAlgorithm(typeof(RSAPKCS1SHA256SignatureDescription), signatureMethod);

        var signingCertificate = GetCertificate();

        SignedXml signer = new SignedXml(doc);
        signer.SigningKey = signingCertificate.PrivateKey;
        signer.KeyInfo = new KeyInfo();
        signer.KeyInfo.AddClause(new KeyInfoX509Data(signingCertificate));

        signer.SignedInfo.CanonicalizationMethod = signatureCanonicalizationMethod;
        signer.SignedInfo.SignatureMethod = signatureMethod;

        XmlDsigEnvelopedSignatureTransform envelopeTransform = new XmlDsigEnvelopedSignatureTransform();
        XmlDsigExcC14NTransform cn14Transform = new XmlDsigExcC14NTransform();

        Reference signatureReference = new Reference();
        signatureReference.Uri = signatureReferenceURI;
        signatureReference.AddTransform(envelopeTransform);
        signatureReference.AddTransform(cn14Transform);
        signatureReference.DigestMethod = digestMethod;

        signer.AddReference(signatureReference);

        signer.ComputeSignature();
        XmlElement signatureElement = signer.GetXml();

        doc.DocumentElement.AppendChild(signer.GetXml());

        return doc;
    }


        private static X509Certificate2 GetCertificate()
    {

        X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
        store.Open(OpenFlags.ReadOnly);
        X509Certificate2 card = null;
        foreach (X509Certificate2 cert in store.Certificates)
        {
            if (!cert.HasPrivateKey) continue;

            if (cert.Thumbprint.Equals("a_certain_thumb_print", StringComparison.OrdinalIgnoreCase))
            {
                card = cert;
                break;
            }
        }
        store.Close();

        return card;
    }

An exception of type System.Security.Cryptography.CryptographicException is thrown when trying to compute the signature with the error message Invalid algorithm specified. Any ideas?

Machine: Windows Server 2008 R2

.Net Framework: 4.0.

IDE: Visual Studio 2010.

Answer

minhj picture minhj · Jun 16, 2013

Thanks so much for this blog. It actually solved my problem. By the way, if certificate is loaded from file, it should be exportable: X509Certificate2 x509Key = new X509Certificate2("xxxxx.pfx", "123", X509KeyStorageFlags.Exportable);

Related questions

Problem with custom namespace with SignedXml

The problem occurs when I sign XML documents containing namespace prefixes and namespace references and then validate it. The validation always fails (returns false) in this case. When I remove the namespace prefixes and namespace references from the XML, signing …

Read More
Signed XML signature verification for SSO SAML (Using sha256)

Using VS 2008 with .Net Framework 3.5 on windows 2003 server. We have implemented SSO with SAML for security. We work at service provider end where we validate the Signed XML SAML Assertuib token generated from client's system. As of now whatever signed …

Read More
.Net: SignedXml - Signing xml with transform algorithm exc-c14n

I'm trying to sign Xml (actually SOAP xml) in C# using the SignedXml class, the signing stage passes successfully, but when I try to verify the signature it tells me that it is not valid. The only change I have …

Read More