SignedXml question

  • Thread starter William Stacey [MVP]
  • Start date
W

William Stacey [MVP]

Given the following, how do I get the plain xml without the security
elements (i.e. the original xml before the security was added) in the
VerifyXML() method. TIA.

using System;
using System.Security.Cryptography;
using System.Security.Cryptography.Xml;
using System.Xml;
using System.IO;

namespace SocketServers.NetFile
{
/// <summary>
/// Summary description for SecXML.
/// </summary>
public class SecXML
{
private RSA key;

public SecXML()
{
}

public string CreateXML(string xmlString)
{
XmlDocument doc = new XmlDocument();
//doc.PreserveWhitespace = true;
doc.LoadXml(xmlString);
SignedXml sig = new SignedXml(doc);

key = new RSACryptoServiceProvider();
//string privateKey = key.ToXmlString(true);
//string publicKey = key.ToXmlString(false);
//Console.WriteLine("Private Key:" + privateKey);
//Console.WriteLine("Public Key:" + publicKey);

//After this, save the public and private keys using a StreamWriter, and
re-use them in code like so:
//RSACryptoServiceProvider csp = new RSACryptoServiceProvider();
//csp.FromXmlString(xmlkey); // where xmlKey is the saved private or
public key xml from the step above


sig.SigningKey = key;

Reference reff = new Reference("");
reff.AddTransform(new XmlDsigEnvelopedSignatureTransform());
sig.AddReference(reff);

sig.ComputeSignature();
doc.DocumentElement.AppendChild(sig.GetXml());
StringWriter sw = new StringWriter();
doc.Save(sw);
return sw.ToString();
}

public bool VerifyXML(string xml)
{
XmlDocument doc = new XmlDocument();
//doc.PreserveWhitespace = true;
doc.LoadXml(xml);

XmlNamespaceManager nsm = new XmlNamespaceManager(new NameTable());
nsm.AddNamespace("dsig", SignedXml.XmlDsigNamespaceUrl);
XmlElement sigElement =
(XmlElement)doc.SelectSingleNode("//dsig:Signature", nsm);

SignedXml sig = new SignedXml(doc);
sig.LoadXml(sigElement);
Console.WriteLine("Outer:\n"+doc.OuterXml);
if ( sig.CheckSignature(key))
return true;
return false;
}
}
}
 
K

Kevin Yu [MSFT]

Hi William,

We have reviewed this issue and are currently researching on it. We will
update you ASAP. Thanks for your patience!

Kevin Yu
=======
"This posting is provided "AS IS" with no warranties, and confers no
rights."
 
K

Kevin Yu [MSFT]

Hi William,

First of all, I would like to confirm my understanding of your issue. From
your description, I understand that you need to get the original Xml text
from the signed xml. If there is any misunderstanding, please feel free to
let me know.

As far as I can see, the CreateXml method only adds a <Signature> element
under the root element with doc.DocumentElement.AppendChild(sig.GetXml());.
I think what we need to do is to remove that element. So, we can load that
string to an XmlDocument and remove that node using RemoveChild method. HTH.

Kevin Yu
=======
"This posting is provided "AS IS" with no warranties, and confers no
rights."
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

newbie question - how to sign binary files 1
program when decrypting XML - Unable to retrieve the decryption key 1
Selecting XML nodes w/ namespace and XElement 11
Digitally Sign an XML Doc with X509Certificate Solution :) 2
XML digital signature in CF? 1
XML setting - I can do this better? 6
RSACryptoServiceProvider public/private-key question 0
checksignature always returning false 3

Top