stackoom
  简体   繁体   中英

Signing security token using sha256

 原文  2013-01-11 09:06:52       c#/ security

Question

I have this code to sign a security token 

public static XmlElement SignDoc(XmlDocument doc, X509Certificate2 cert2, string referenceId, string referenceValue)
{
    SamlSignedXml sig = new SamlSignedXml(doc, referenceId);
    sig.SigningKey = cert2.PrivateKey;

    Reference reference = new Reference();
    reference.Uri = String.Empty;
    reference.Uri = "#" + referenceValue;

    XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform();
    XmlDsigC14NTransform env2 = new XmlDsigC14NTransform();

    reference.AddTransform(env);
    reference.AddTransform(env2);

    sig.AddReference(reference);

    KeyInfo keyInfo = new KeyInfo();
    KeyInfoX509Data keyData = new KeyInfoX509Data(cert2);

    keyInfo.AddClause(keyData);

    sig.KeyInfo = keyInfo;
    sig.ComputeSignature();

    XmlElement xmlDigitalSignature = sig.GetXml();

    return xmlDigitalSignature;
}

And this gives the following output : 

<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
  <SignedInfo>
    <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
    <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
    <Reference URI="#_5a57c7d5-3a15-45a4-8d66-c963357450ea">
      <Transforms>
        <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
        <Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
      </Transforms>
      <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
      <DigestValue>sql/Wucg3rSaKeLU8QQgQVqktK8=</DigestValue>
    </Reference>
  </SignedInfo>
  <SignatureValue>GG3rRZzLgH9MNTXKv3Xx+o9SarLXmk9Y6QfiMB/q/dqDFLO6us03Gutb81aRY9ceW5FoXO7FsENXvS7Q5gALyJRD5FzpaI5oxUsFvLVZKWwv+DmzEHLyxuCYZwjs12gAH8dJ9TiMocRIT9FBblTRreubR3hv70V56ZtZgm10DaA=</SignatureValue>
  <KeyInfo>
    <X509Data>
      <X509Certificate>MIIFtzCCBJ+gAwIBAgIERcSAVzANBgkqhkiG9w0BAQUFADAxMQswCQYDVQQGEwJESzEMMAoGA1UEChMDVERDMRQwEgYDVQQDEwtUREMgT0NFUyBDQTAeFw0xMjA1MjMwOTE1NTVaFw0xNDA1MjMwOTQ1NTVaMIGqMQswCQYDVQQGEwJESzE+MDwGA1UEChQ1VmVqbGUgT3BsYW5kcyBTdHL4bWZvcnN5bmluZyBBLm0uYi5hLiAvLyBDVlI6MjYwNDk5MDMxWzAgBgNVBAUTGUNWUjoyNjA0OTkwMy1VSUQ6NzI1MTc1NzgwNwYDVQQDFDBWZWpsZSBPcGxhbmRzIFN0cvhtZm9yc3luaW5nIEEubS5iLmEuIC0gVk9TIEFtYmEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM38QtJ+0vW/wyYPcie0HAIRuBzs4FfJd07TSeLQE2pr+gBLb3iFrVu3irTjk9ZW/lt8wBIPMercIzJtdGFRdpfH8suqpv8ctIjtZJXUVyhOXRqfoCw1g+sm0+M7W4OGJSmhz5IpReX4wmrYHKm2K8jXbY5PNi4Nz2jqkGiO7/3dAgMBAAGjggLfMIIC2zAOBgNVHQ8BAf8EBAMCA7gwKwYDVR0QBCQwIoAPMjAxMjA1MjMwOTE1NTVagQ8yMDE0MDUyMzA5NDU1NVowggE3BgNVHSAEggEuMIIBKjCCASYGCiqBUIEpAQEBAwMwggEWMC8GCCsGAQUFBwIBFiNodHRwOi8vd3d3LmNlcnRpZmlrYXQuZGsvcmVwb3NpdG9yeTCB4gYIKwYBBQUHAgIwgdUwChYDVERDMAMCAQEagcZGb3IgYW52ZW5kZWxzZSBhZiBjZXJ0aWZpa2F0ZXQgZ+ZsZGVyIE9DRVMgdmlsa+VyLCBDUFMgb2cgT0NFUyBDUCwgZGVyIGthbiBoZW50ZXMgZnJhIHd3dy5jZXJ0aWZpa2F0LmRrL3JlcG9zaXRvcnkuIEJlbeZyaywgYXQgVERDIGVmdGVyIHZpbGvlcmVuZSBoYXIgZXQgYmVncuZuc2V0IGFuc3ZhciBpZnQuIHByb2Zlc3Npb25lbGxlIHBhcnRlci4wQQYIKwYBBQUHAQEENTAzMDEGCCsGAQUFBzABhiVodHRwOi8vb2NzcC5jZXJ0aWZpa2F0LmRrL29jc3Avc3RhdHVzMDEGA1UdJQQqMCgGCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwMGCCsGAQUFBwMEMIGEBgNVHR8EfTB7MEugSaBHpEUwQzELMAkGA1UEBhMCREsxDDAKBgNVBAoTA1REQzEUMBIGA1UEAxMLVERDIE9DRVMgQ0ExEDAOBgNVBAMTB0NSTDYxMTcwLKAqoCiGJmh0dHA6Ly9jcmwub2Nlcy5jZXJ0aWZpa2F0LmRrL29jZXMuY3JsMB8GA1UdIwQYMBaAFGC1hexWZH4SGSdnHVAVS3OuO/kSMB0GA1UdDgQWBBTSebqvOVQaqvWySI9HseingRaTtTAJBgNVHRMEAjAAMBkGCSqGSIb2fQdBAAQMMAobBFY3LjEDAgOoMA0GCSqGSIb3DQEBBQUAA4IBAQBhG6V7V/Fro6HxQYeXLzxGaqmfV1cmQ9wu38RU10iMIf8AJveOPFF/rd2ezhqgzK4z4QKC37PV5/UT/wtfoud03576q+qwNXO41fARBMhJFfrjSxSrq0iXOhLSVoTyk8W/Y8LP1mGD8qaJtrJ2ZNnWHrqhW2EvChLe1+aYGOkwylJUeJIWLdGLjA9OZ1hiA1yEhmYwhlfstV421sKKgUwVYcRBzwerQ1M+Yy438oR2+Aaa2zgteLA1wXeiE1U4K7yvbP2TgVrIeLC56K3EENkLCahpUPRzbLoQMFq2RacBuy2SFTXlXa0Bgj5ToerOH+Tnm10sFeIDjPISx978z73w</X509Certificate>
    </X509Data>
  </KeyInfo>
</Signature>

But as you can see this is signed using sha1 and i need it to be signed with sha256. Can someone tell me what I can do to make this work with sha256 ?

1 answers

solution1
 1 ACCPTED  2013-01-11 09:42:59

You don't set SHA-256 anywhere.

You should use something like: 

 CryptoConfig.AddAlgorithm(typeof(RSAPKCS1SHA256SignatureDescription), @"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");

However, this will work only for an RSA certificate. For DSA certificates the hash algorithm is selected depending on DSA certificate parameters (most likely it will be SHA-1).

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Use SHA256 Signing XML algorithm in .NET Framework 4.0 PayFort Signature using SHA256 Signing PDF from Pkcs11Interop for CKM_ECDSA_SHA256 using SoftHSM 2.2.0 (ECDSA with SHA256) C# .net Calculate SHA256 hash WITHOUT System.Security.Cryptography Why can't I create a jwt token with SHA256? Can RSACryptoServiceProvider (.NET's RSA) use SHA256 for encryption (not signing) instead of SHA1? AES encryption with SHA256 Asynchronous SHA256 Hashing Decrypt from SHA256 SHA256 hash calculation
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM