Sign XML document with sha256 signature method

Question

Sign XML document with sha256 signature method

Navigation

#1 by (3 votes)

2

I develop an application that signs an XML document ... even there perfect ...

But I must change this line of signature

    <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>

for this one:

   <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha256"/>

My code:

public void MainFirma (string path)
    {
        try
        {
            CspParameters cspParams = new CspParameters();
            cspParams.KeyContainerName = "XML_DSIG_RSA_KEY";
            RSACryptoServiceProvider rsaKey = new RSACryptoServiceProvider(cspParams);
            XmlDocument xmlDoc = new XmlDocument();
            xmlDoc.PreserveWhitespace = true;
            xmlDoc.Load(path);
            SignXml(xmlDoc, rsaKey);
            xmlDoc.Save(path);
        }
        catch (Exception e)
        {
            Console.WriteLine(e.Message);
        }
    }

    public  void SignXml(XmlDocument xmlDoc, RSA rsaKey)
    {
        if (xmlDoc == null)
            throw new ArgumentException("xmlDoc");
        if (rsaKey == null)
            throw new ArgumentException("Key");

        SignedXml signedXml = new SignedXml(xmlDoc);
        signedXml.SigningKey = rsaKey;

        Reference reference = new Reference();
        reference.Uri = "";
        XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform();
        reference.AddTransform(env);
        signedXml.AddReference(reference);
        signedXml.ComputeSignature();
        XmlElement xmlDigitalSignature = signedXml.GetXml();
        xmlDoc.DocumentElement.AppendChild(xmlDoc.ImportNode(xmlDigitalSignature, true));

    }

This is the signature that generates

-<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">


-<SignedInfo>

<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>

<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>


-<Reference URI="">


-<Transforms>

<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>

</Transforms>

<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>

<DigestValue>5t5A+HP9r0xCuKg1FeZCHs0KFWc=</DigestValue>

</Reference>

</SignedInfo>

<SignatureValue>AynCAsWd+Y3uMma2ObaR+2GFei9WCpH00RZ5cKW1JD34zPqLBa6nL9PBAr6yrnPIWAKnFe/ndIDH+Z6ooQCjDDjdWtYRPjgRVFMRVMGW7CSsgpXlX+LDvCX5fGFKL1fwQH5qrW1bWlHObr+BZ8B1o7LpqJ/lp8STxNUD0elAIgI=</SignatureValue>

</Signature>

c# xml

asked by Efrain Mejias C 03.01.2018 в 19:34

source

1 answer

Error trying to execute SQL statement, System.InvalidOperationException How to remove spaces in bootstrap?

score 3 · Accepted Answer

When you say you want:

<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha256"/>

I imagine that the important part is that SHA256 is used instead of SHA1 , because, strictly speaking, that URL is not valid. The correct one is:

<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />

In my tests, I just need to add a statement to your code to make the change:

SignedXml signedXml = new SignedXml(xmlDoc);
signedXml.SigningKey = rsaKey;

// agrega este sentencia aquí.
signedXml.SignedInfo.SignatureMethod = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";

And although you did not ask for it, you may want to change the algorithm for the digest to SHA256 as well:

<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />

For this you need another sentence:

reference.AddTransform(env);

// agrega este sentencia aquí.
reference.DigestMethod = "http://www.w3.org/2001/04/xmlenc#sha256";

signedXml.AddReference(reference);