堆栈内存溢出
  简体   繁体   English

如何在不使用SignedXml的情况下在C#中验证xml数字签名?

[英]How to verify xml digital signature in c# without using SignedXml?

 原文  2017-06-07 17:59:59       c#/ cryptography/ .net-core/ xml-signature

问题描述

How to verify xml signature (used in SOAP requests) without usage of SignedXml (which is not available in dotnet core)? 如何在不使用SignedXml(dotnet核心中不可用)的情况下验证xml签名(用于SOAP请求)?

I am trying like this, but it gives me false all the time: 我正在尝试这样,但是它一直使我感到不对: 

 public static void CheckSignature(XElement responseXml, MyResponseType response)
    {
        string originalDigestValue = Convert.ToBase64String(response.Signature.SignedInfo.Reference.FirstOrDefault().DigestValue);
        var originalSignatureValue = response.Signature.SignatureValue.Value;

        X509DataType certificateData = (X509DataType)response.Signature.KeyInfo.Items[0];
        X509Certificate2 certificate = new X509Certificate2((byte[])certificateData.Items[0]);

        //for calculating digest value
        //responseXml.Descendants(nm + "Signature").SingleOrDefault().Remove();
        //var digestValue = Convert.ToBase64String(SHA1.Create().ComputeHash(System.Text.Encoding.UTF8.GetBytes(responseXml.Document.ToString())));

        XNamespace nm = @"http://www.w3.org/2000/09/xmldsig#";
        var signedInfoNode = responseXml.Descendants(nm + "SignedInfo").SingleOrDefault();

        var signedInfo = signedInfoNode.ToString().Trim();

        byte[] signedInfoBytes = Encoding.UTF8.GetBytes(signedInfo);

        var hash = SHA1.Create().ComputeHash(signedInfoBytes);

        RSA rsa = certificate.GetRSAPublicKey();

        try
        {
            Console.WriteLine("Signed Info: \n" + signedInfo);
            Console.WriteLine("Verification: \n" + rsa.VerifyData(signedInfoBytes, originalSignatureValue, HashAlgorithmName.SHA1, RSASignaturePadding.Pkcs1));
            Console.WriteLine("Verification hash: \n" + rsa.VerifyData(hash, originalSignatureValue, HashAlgorithmName.SHA1, RSASignaturePadding.Pkcs1));
        }
        catch (Exception exc)
        {
           //
        }
    }

1 个解决方案

解决方案1
 2 已采纳  2017-06-08 04:29:36

xmldsig is a very large, very complicated spec. xmldsig是一个非常大,非常复杂的规范。 You can try to implement it if you like, the complicated bits are turning the XML document into bytes for doing signing and verification (the canonicalization (or c14n) spec is separate, and large). 如果愿意,您可以尝试实现它,复杂的位将XML文档转换为字节以进行签名和验证( 规范化(或c14n)规范是单独的,而且很大)。

SignedXml should be available now with .NET Core 2.0 Preview 1 , and upgrading is definitely your easiest bet. SignedXml应该随.NET Core 2.0 Preview 1现在可用,并且升级绝对是您最简单的选择。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何在C#中验证数字签名 - How to verify digital signature in C# 不使用BouncyCastle的C#中的数字签名 - Digital signature in c# without using BouncyCastle C#如何通过电子邮件验证数字签名(编码SeveBit) - C# How to Verify Digital Signature from email ( Encoding SeveBit ) 以编程方式验证 C# 中 .exe 的数字签名 - Programmatically verify digital signature of .exe in C# 如何使用PKCS 7和SHA算法在C#中创建数字签名并进行验证 - How to Create Digital Signature and Verify it in C# using PKCS 7 and SHA algorithm 我应该使用 MessageDigest 来验证在 C# 中签名的数字签名吗? - Should I use MessageDigest to verify a digital signature that signed in C#? C#中的数字签名 - Digital signature in C# C# 如何使用 SignedXml 使用 XAdES 正确签署消息? - C# how to properly sign message with XAdES using SignedXml? 如何在 C# 中使用 Pkcs11Interop 创建 CAdES 格式的数字签名而无需数据或文档进行签名 - How to create Digital Signature with CAdES format using Pkcs11Interop in C# without data or document to sign 从 ECDSA 签名 signedxml c# 中提取 r 和 s - Extract r and s from ECDSA signature signedxml c#
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM