CheckSignature返回false
[英]CheckSignature returns false
问题描述
I have a problem that CheckSignature on simple signing, always fails. 
我有一个问题,即简单签名上的CheckSignature总是失败。 I am using SignXml to sign some external data (in my case parts of AS4 payloads) that will be stored as MIME attachments. 我正在使用SignXml签名一些外部数据(在我的情况下是AS4有效负载的一部分),这些数据将作为MIME附件存储。
Here is the code (modified MS example): 这是代码(修改后的MS示例):
static string flXML = @"D:\Test\Example.xml";
static string flSignedXML = @"D:\Test\SignedExample.xml";
private void button1_Click(object sender, EventArgs e)
{
try
{
// Generate a signing key.
RSACryptoServiceProvider Key = new RSACryptoServiceProvider();
CreateSomeXml(flXML);
SignXmlFile(flXML, flSignedXML, Key);
bool result = VerifyXmlFile(flSignedXML, Key);
if (result)
{
Console.WriteLine("The XML signature is valid.");
}
else
{
Console.WriteLine("The XML signature is not valid.");
}
}
catch (CryptographicException ee)
{
Console.WriteLine(ee.Message);
}
}
public static void CreateSomeXml(string FileName)
{
File.WriteAllText(FileName, "<?xml version=\"1.0\" encoding=\"utf-8\"?><MyElement xmlns=\"samples\"></MyElement>");
}
private static readonly FieldInfo RefTargetTypeField = typeof(Reference).GetField("m_refTargetType", BindingFlags.Instance | BindingFlags.NonPublic);
private static readonly FieldInfo RefTargetField = typeof(Reference).GetField("m_refTarget", BindingFlags.Instance | BindingFlags.NonPublic);
public static void SignXmlFile(string FileName, string SignedFileName, RSA Key)
{
XmlDocument doc = new XmlDocument();
doc.Load(new XmlTextReader(FileName));
SignedXml signedXml = new SignedXml(doc);
signedXml.SigningKey = Key;
byte[] Content = System.Text.Encoding.UTF8.GetBytes("1234567890asdfghjkl");
Stream stream = new MemoryStream(Content);
var attachmentReference = new Reference(uri: "cid:xml-sample") { DigestMethod = "http://www.w3.org/2001/04/xmlenc#sha256" };
const int streamReferenceTargetType = 0;
RefTargetTypeField.SetValue(attachmentReference, streamReferenceTargetType);
RefTargetField.SetValue(attachmentReference, stream);
signedXml.AddReference(attachmentReference);
// Compute the signature.
signedXml.ComputeSignature();
XmlElement xmlDigitalSignature = signedXml.GetXml();
doc.DocumentElement.AppendChild(doc.ImportNode(xmlDigitalSignature, true));
if (doc.FirstChild is XmlDeclaration)
{
doc.RemoveChild(doc.FirstChild);
}
XmlTextWriter xmltw = new XmlTextWriter(SignedFileName, new UTF8Encoding(false));
doc.WriteTo(xmltw);
xmltw.Close();
}
public static Boolean VerifyXmlFile(String Name, RSA Key)
{
XmlDocument xmlDocument = new XmlDocument();
xmlDocument.Load(Name);
SignedXml signedXml = new SignedXml(xmlDocument);
XmlNodeList nodeList = xmlDocument.GetElementsByTagName("Signature");
signedXml.LoadXml((XmlElement)nodeList[0]);
{
byte[] Content = System.Text.Encoding.UTF8.GetBytes("1234567890asdfghjkl");
Stream stream = new MemoryStream(Content);
var attachmentReference = new Reference(uri: "cid:xml-sample") { DigestMethod = "http://www.w3.org/2001/04/xmlenc#sha256" };
const int streamReferenceTargetType = 0;
RefTargetTypeField.SetValue(attachmentReference, streamReferenceTargetType);
RefTargetField.SetValue(attachmentReference, stream);
signedXml.AddReference(attachmentReference);
}
// Check the signature and return the result.
signedXml.SigningKey = Key;
return signedXml.CheckSignature();
}
Anyone knows what I do wrong? 有人知道我做错了吗? On a side note I know I can specify transformations for additional references. 附带一提,我知道我可以为其他参考指定转换。 Question is, how do I get result of reference processed by SignedXml so I can store that as well ? 问题是,如何获取SignedXml处理的引用结果,以便我也可以存储该结果? For example, if I specify compression for transformation on reference, how can I get now the result of that compression ? 例如,如果我指定压缩以进行参考转换,那么现在如何获得该压缩的结果?
1 个解决方案
解决方案1
0 2018-09-23 10:47:47
When signature verification fails, it is helpful to enable the logger that provides some more information on what went wrong. 当签名验证失败时,启用记录器将有助于您提供更多有关错误原因的信息。
You can enable it by adding this to your app.config file: 您可以通过将其添加到您的app.config文件中来启用它:
<system.diagnostics>
<sources>
<source name="System.Security.Cryptography.Xml.SignedXml" switchName="XmlDsigLogSwitch">
<listeners>
<add name="xmlDsigLogFile" />
</listeners>
</source>
</sources>
<switches>
<add name="XmlDsigLogSwitch" value="Verbose" />
<!-- possible values: Off (0) Error (1) Warning (2) Info (3) Verbose (4) -->
</switches>
<sharedListeners>
<add name="xmlDsigLogFile" type="System.Diagnostics.TextWriterTraceListener" initializeData="XmlDsigLog.txt" />
</sharedListeners>
<trace autoflush="true">
<listeners>
<add name="xmlDsigLogFile" />
</listeners>
</trace>
</system.diagnostics>
When your attachment is an XML attachment, you should use the XmlDsigExcC14NTransform transform. 当附件是XML附件时,应使用XmlDsigExcC14NTransform转换。 When the attachment is not an XML attachment, you should not use it. 如果附件不是XML附件,则不应使用它。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.