XML Signing

  • Thread starter Thread starter Nak
  • Start date Start date
N

Nak

Hi there,

I have been taking a look at a microsoft example for enveloping XML
files. What I would like to use an "enveloped XML" file for is a custom
license file. I am just slightly confused as to how I verify *who* has
actually signed to file, rather than if it is signed or not.

For example, if I create license files I would like the application to
verify that they came from me, and were signed with my key, rather than
someone else making license files. This *is* possible isn't it? This is
the very last part of my application that needs completing so I'm keen to
get this right, any advice would be most appreciated!

Nick.
 
Hi Nak,

First of all, I would like to confirm my understanding of your issue. From
your description, I understand that you need to verify the signature of Xml
signing. If there is any misunderstanding, please feel free to let me know.

Based on my research, CAPICOM has provided us with methods to sign and
verify xml documents. First we use private key to sign the document and
when we receive it, we use verify method and public key to verify if the
document is signed by certain person.

For more information, please check the following links:

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/xmlsdk/html
/xmmth_sign.asp
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/xmlsdk/html
/xmmth_verify.asp

HTH.

Kevin Yu
=======
"This posting is provided "AS IS" with no warranties, and confers no
rights."
 
Hi Kevin,

This is *exactly* what I was after, thank you most kindly!

Nick.
 
Hi again Kevin,

On previous occasions I have created a key pair using the .NET Framework
Cryptography namespace,

Imports System.IO
Imports System.Security.Cryptography
Imports System.text

Public Function rsaCreateKeysFiles(ByVal iPrivateKeyFile As String, ByVal
iPublicKeyFile As String) As Boolean
Dim pFSmOutput As FileStream
Try
Dim pCPsParams As New CspParameters()
pCPsParams.Flags = CspProviderFlags.UseMachineKeyStore
Dim pCSPRSA As New
System.Security.Cryptography.RSACryptoServiceProvider(pCPsParams)
Dim pStrData As String

pFSmOutput = New FileStream(iPrivateKeyFile, FileMode.Create)
pStrData = pCSPRSA.ToXmlString(True)
pFSmOutput.Write(Encoding.ASCII.GetBytes(pStrData), 0,
pStrData.Length)
Call pFSmOutput.Flush()
Call pFSmOutput.Close()

pFSmOutput = New FileStream(iPublicKeyFile, FileMode.Create)
pStrData = pCSPRSA.ToXmlString(False)
pFSmOutput.Write(Encoding.ASCII.GetBytes(pStrData), 0,
pStrData.Length)
Call pFSmOutput.Flush()
Call pFSmOutput.Close()
Return (True)
Catch ex As Exception
Call pFSmOutput.Flush()
Call pFSmOutput.Close()
Throw (ex)
End Try
End Function

This function will create a public and a private key file at the paths
specified in the parameters iPrivateKeyFile and iPublicKeyFile. Is it
possible for me to use these keys using the API that you have referred me
onto. I presume that I have to use the createKeyFromCSP method, or do I
actually have to create the keys using this API also? Cheers again, much
appreciation in your direction.

Nick.
 
Hello yet again,

Can XML verification and signing be performed through the SignedXML
class?

Nick.
 
You must log in or register to reply here.

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Extraction of signed .NET assembly public key 3
Having a database issue 0
Slowass license provider 5
Digitally sign and verify XML document 1
Click Once deployment - cannot continue. the application is improperly formatted 8
signing certificate error... 1
newbie question - how to sign binary files 1
How to write a degree sign into an XML file created with _wfopen()? 6

Back
Top