堆栈内存溢出
  简体   繁体   English

无法验证XML文件的签名,包括c#中的注释

[英]Trouble verifying signatures of XML files INCLUDING COMMENTS in c#

 原文  2015-06-17 09:48:31       c#/ xml/ xml-signature

问题描述

I want to add a digital signature to a XML file, with the particularity that before signing the file I want to add xml comments inside the file and then sign in. 我想向XML文件添加数字签名,其特殊之处在于,在对文件签名之前,我想在文件内部添加xml注释,然后登录。

The signing part seems to be working fine. 签名部分似乎工作正常。 Ie for different contents in my comments or file, I get different signatures. 即对于我的评论或文件中的不同内容,我获得了不同的签名。 Furthermore, the canonalization attribute is showing properly and displaying explicitly that the signature includes the comments. 此外,规范化属性正确显示,并明确显示签名包括注释。

However, when veryfing the signature on the XML files, the content of the comments is ignored. 但是,当在XML文件上添加签名时,注释的内容将被忽略。 Ie, if I change the content of the comments, the signature is asserted as valid in every case . 即, 如果我更改评论的内容,则签名在每种情况下均被认定为有效

The point I do not understand, is how this is possible if the signature produces different values for different content in the comments. 我不明白的一点是,如果签名为注释中的不同内容生成不同的值,这怎么可能。

What might be wrong? 可能是什么问题?

My example files: 我的示例文件:

Original XML file: 原始XML文件: 

    <?xml version="1.0" encoding="utf-8"?>
    <test>
    <ThisIsATest></ThisIsATest>
    </test>

Signed file with an example comment: 带有示例注释的签名文件: 

    <?xml version="1.0" encoding="utf-8"?>
    <test><!--Comment 1-->
    <ThisIsATest></ThisIsATest>
    <!--Comment 1-->
    <Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments" /><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><Reference URI=""><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><DigestValue>0XZNOavY/0SEZPoU1cBJZs+rAlo=</DigestValue></Reference></SignedInfo><SignatureValue>T9xYVBwbWX3qg4IfsB3XJkviTaOh0pmEJ4Acimf9PA5Y5eDQ+ML8cWXkRPj4pYaGPa13TuwXkc0OK2izen4Cajrg4IZJRW8bLAIEt19wf1F8bduEN02WW2GZVN65OwUqSDqkC4vqMQ07IsVKap0KQaiyOrguZEEtygmSDES1OdM=</SignatureValue><KeyInfo><KeyValue><RSAKeyValue><Modulus>yi0TzN4OQ+mhHSDTZLcZPMnzbSrF51T9yLnWpnkkA+zUyhN6vEHBPgTjDst7RWQNg3G74NR4a88EiBCGzUdEH0a61cyUgHLW1/0IpBIr37jyhwFkLNmogpCltwO5KXNFOuqfq+yXYupHMkgW0BMn7AZfqr3XpuQsjGu2SQUxvr0=</Modulus><Exponent>AQAB</Exponent></RSAKeyValue></KeyValue></KeyInfo></Signature></test>

Signed file with a different example comment: 带有不同示例注释的签名文件: 

 <?xml version="1.0" encoding="utf-8"?>
    <test><!--Comment 2-->
    <ThisIsATest></ThisIsATest>
    <!--Comment 2-->
    <Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments" /><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><Reference URI=""><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><DigestValue>0XZNOavY/0SEZPoU1cBJZs+rAlo=</DigestValue></Reference></SignedInfo><SignatureValue>gnAIkBy2Bi6CaxT6mCPCMw97BboX6EZ2l5tTuSj9zbPIdznScjMMhuUIFYGnl2Q73Nmify3HX2PHCyONfk9aaBcoP2v0G754NiH5T86gkGqo1IaMJVE9zXhjv5mMI7qV+o0lqvBLnvrr1hooIdUt6OL4j3OXgVG0OzhChaOz8K8=</SignatureValue><KeyInfo><KeyValue><RSAKeyValue><Modulus>nvH+jxiGv3BCqW3yWgsEr+VGiDIOdCn11FwHsU6CDVVIkzufMpyLnOPZQ5nSV1lWRS2KDUCLdp2FlJKNnJPnD0O3WBcpTN7+q9XrSYvu7UihEL4T1dT0QoBhBoKOLj08y45ZJ02tKqOmsN0LlDCr/dGiidZywPbr4s5uPQCJxLM=</Modulus><Exponent>AQAB</Exponent></RSAKeyValue></KeyValue></KeyInfo></Signature></test>

The part of my code where the comments are added and the file signed: 我的代码中添加注释并签名的部分: 

    public XmlDocument SignXMLString2(string xmlStringToSign) {
        var originalDocument = new XmlDocument { PreserveWhitespace = true };
        originalDocument.LoadXml(xmlStringToSign);

        string commentString = "Comment 1";

        var documentElement = originalDocument.DocumentElement;
        var commentElement1 = originalDocument.CreateComment(commentString);
        var commentElement2 = originalDocument.CreateComment(commentString);


        documentElement.PrependChild(commentElement1);
        documentElement.AppendChild(commentElement2);
        documentElement.AppendChild(originalDocument.CreateTextNode("\n"));


        var transformEnveloped = new XmlDsigEnvelopedSignatureTransform();
        var reference = new Reference { Uri = "" };
        reference.AddTransform(transformEnveloped);


        var xmldsig = new SignedXml(originalDocument);


        xmldsig.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigCanonicalizationWithCommentsUrl;// tried different one's here
        // xmldsig.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NWithCommentsTransformUrl;
        // xmldsig.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigC14NWithCommentsTransformUrl;

        xmldsig.AddReference(reference);
        xmldsig.SigningKey = new RSACryptoServiceProvider();
        xmldsig.KeyInfo = new KeyInfo();

        xmldsig.KeyInfo.AddClause(new RSAKeyValue((RSA)xmldsig.SigningKey));
        xmldsig.ComputeSignature();

        XmlElement signature = xmldsig.GetXml();



        XmlNode signatureNode = originalDocument.ImportNode(signature, true);


        originalDocument.DocumentElement.AppendChild(signatureNode);

        return originalDocument;

    }

The part of my code where the signature is verified: 我的代码中已验证签名的部分: 

  public bool Validate2(string pathSigned) {

                string xmlString = File.ReadAllText(path: pathSigned, encoding: Encoding.UTF8);


                var signedDocument = new XmlDocument { PreserveWhitespace = true };
                signedDocument.LoadXml(xmlString);

                var xmldsig = new SignedXml(signedDocument);




                var signature = (XmlElement)signedDocument.GetElementsByTagName("Signature")[0];
                xmldsig.LoadXml(signature);

                Console.WriteLine("xmldsig.SignedInfo.CanonicalizationMethod=" + xmldsig.SignedInfo.CanonicalizationMethod);//This shows the proper canonicalization

                bool result = xmldsig.CheckSignature();
                return result;
        }

1 个解决方案

解决方案1
 0  2015-06-19 07:57:53

You are using the URI: "". 您正在使用URI:“”。 This is a same-document URI (See http://www.w3.org/TR/xmldsig-core/#sec-Same-Document ). 这是一个相同文档的URI(请参阅http://www.w3.org/TR/xmldsig-core/#sec-Same-Document )。 In this case, Comment nodes are removed (even before any canonicalization) and are not included in the signed part. 在这种情况下,注释节点将被删除(甚至在任何规范化之前),并且不包括在已签名的部件中。

Hope this helps. 希望这可以帮助。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 使用多个签名在 C# 中验证已签名的 XML - Verifying signed XML in C# with multiple signatures 使用RSA C#签名和验证签名 - Signing and verifying signatures with RSA C# 阅读 C# 中的 XML 评论 - Reading XML comments in C# 将XML注释重新插入自动生成的[assembly] .xml文件中的C#源文件树中 - Reinserting XML Comments into a tree of C# source files from the auto generated [assembly].xml files C#包含json.net的麻烦 - C# trouble with including json.net 在C#中包括远程文件 - including remote files in c# C#:方法签名? - C#: Method signatures? C#PKCS签名 - C# PKCS signatures 将C#字符串验证为有效的XML模式anyURI - Verifying a C# string as a valid XML Schema anyURI C#OAuth和签名 - c# OAuth and Signatures
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM