使用sha256签署安全令牌
[英]Signing security token using sha256
问题描述
我有此代码来签署安全令牌
public static XmlElement SignDoc(XmlDocument doc, X509Certificate2 cert2, string referenceId, string referenceValue)
{
SamlSignedXml sig = new SamlSignedXml(doc, referenceId);
sig.SigningKey = cert2.PrivateKey;
Reference reference = new Reference();
reference.Uri = String.Empty;
reference.Uri = "#" + referenceValue;
XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform();
XmlDsigC14NTransform env2 = new XmlDsigC14NTransform();
reference.AddTransform(env);
reference.AddTransform(env2);
sig.AddReference(reference);
KeyInfo keyInfo = new KeyInfo();
KeyInfoX509Data keyData = new KeyInfoX509Data(cert2);
keyInfo.AddClause(keyData);
sig.KeyInfo = keyInfo;
sig.ComputeSignature();
XmlElement xmlDigitalSignature = sig.GetXml();
return xmlDigitalSignature;
}
这给出了以下输出:
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<Reference URI="#_5a57c7d5-3a15-45a4-8d66-c963357450ea">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>sql/Wucg3rSaKeLU8QQgQVqktK8=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>GG3rRZzLgH9MNTXKv3Xx+o9SarLXmk9Y6QfiMB/q/dqDFLO6us03Gutb81aRY9ceW5FoXO7FsENXvS7Q5gALyJRD5FzpaI5oxUsFvLVZKWwv+DmzEHLyxuCYZwjs12gAH8dJ9TiMocRIT9FBblTRreubR3hv70V56ZtZgm10DaA=</SignatureValue>
<KeyInfo>
<X509Data>
<X509Certificate>MIIFtzCCBJ+gAwIBAgIERcSAVzANBgkqhkiG9w0BAQUFADAxMQswCQYDVQQGEwJESzEMMAoGA1UEChMDVERDMRQwEgYDVQQDEwtUREMgT0NFUyBDQTAeFw0xMjA1MjMwOTE1NTVaFw0xNDA1MjMwOTQ1NTVaMIGqMQswCQYDVQQGEwJESzE+MDwGA1UEChQ1VmVqbGUgT3BsYW5kcyBTdHL4bWZvcnN5bmluZyBBLm0uYi5hLiAvLyBDVlI6MjYwNDk5MDMxWzAgBgNVBAUTGUNWUjoyNjA0OTkwMy1VSUQ6NzI1MTc1NzgwNwYDVQQDFDBWZWpsZSBPcGxhbmRzIFN0cvhtZm9yc3luaW5nIEEubS5iLmEuIC0gVk9TIEFtYmEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM38QtJ+0vW/wyYPcie0HAIRuBzs4FfJd07TSeLQE2pr+gBLb3iFrVu3irTjk9ZW/lt8wBIPMercIzJtdGFRdpfH8suqpv8ctIjtZJXUVyhOXRqfoCw1g+sm0+M7W4OGJSmhz5IpReX4wmrYHKm2K8jXbY5PNi4Nz2jqkGiO7/3dAgMBAAGjggLfMIIC2zAOBgNVHQ8BAf8EBAMCA7gwKwYDVR0QBCQwIoAPMjAxMjA1MjMwOTE1NTVagQ8yMDE0MDUyMzA5NDU1NVowggE3BgNVHSAEggEuMIIBKjCCASYGCiqBUIEpAQEBAwMwggEWMC8GCCsGAQUFBwIBFiNodHRwOi8vd3d3LmNlcnRpZmlrYXQuZGsvcmVwb3NpdG9yeTCB4gYIKwYBBQUHAgIwgdUwChYDVERDMAMCAQEagcZGb3IgYW52ZW5kZWxzZSBhZiBjZXJ0aWZpa2F0ZXQgZ+ZsZGVyIE9DRVMgdmlsa+VyLCBDUFMgb2cgT0NFUyBDUCwgZGVyIGthbiBoZW50ZXMgZnJhIHd3dy5jZXJ0aWZpa2F0LmRrL3JlcG9zaXRvcnkuIEJlbeZyaywgYXQgVERDIGVmdGVyIHZpbGvlcmVuZSBoYXIgZXQgYmVncuZuc2V0IGFuc3ZhciBpZnQuIHByb2Zlc3Npb25lbGxlIHBhcnRlci4wQQYIKwYBBQUHAQEENTAzMDEGCCsGAQUFBzABhiVodHRwOi8vb2NzcC5jZXJ0aWZpa2F0LmRrL29jc3Avc3RhdHVzMDEGA1UdJQQqMCgGCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwMGCCsGAQUFBwMEMIGEBgNVHR8EfTB7MEugSaBHpEUwQzELMAkGA1UEBhMCREsxDDAKBgNVBAoTA1REQzEUMBIGA1UEAxMLVERDIE9DRVMgQ0ExEDAOBgNVBAMTB0NSTDYxMTcwLKAqoCiGJmh0dHA6Ly9jcmwub2Nlcy5jZXJ0aWZpa2F0LmRrL29jZXMuY3JsMB8GA1UdIwQYMBaAFGC1hexWZH4SGSdnHVAVS3OuO/kSMB0GA1UdDgQWBBTSebqvOVQaqvWySI9HseingRaTtTAJBgNVHRMEAjAAMBkGCSqGSIb2fQdBAAQMMAobBFY3LjEDAgOoMA0GCSqGSIb3DQEBBQUAA4IBAQBhG6V7V/Fro6HxQYeXLzxGaqmfV1cmQ9wu38RU10iMIf8AJveOPFF/rd2ezhqgzK4z4QKC37PV5/UT/wtfoud03576q+qwNXO41fARBMhJFfrjSxSrq0iXOhLSVoTyk8W/Y8LP1mGD8qaJtrJ2ZNnWHrqhW2EvChLe1+aYGOkwylJUeJIWLdGLjA9OZ1hiA1yEhmYwhlfstV421sKKgUwVYcRBzwerQ1M+Yy438oR2+Aaa2zgteLA1wXeiE1U4K7yvbP2TgVrIeLC56K3EENkLCahpUPRzbLoQMFq2RacBuy2SFTXlXa0Bgj5ToerOH+Tnm10sFeIDjPISx978z73w</X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
但是如您所见,这是使用sha1签名的,我需要使用sha256签名。 有人可以告诉我如何使用sha256进行这项工作吗?
1 个解决方案
解决方案1
1 已采纳 2013-01-11 09:42:59
您不会在任何地方设置SHA-256。
您应该使用类似:
CryptoConfig.AddAlgorithm(typeof(RSAPKCS1SHA256SignatureDescription), @"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");
但是,这仅适用于RSA证书。 对于DSA证书,将根据DSA证书参数选择哈希算法(最有可能的是SHA-1)。
使用SoftHSM 2.2.0(带有SHA256的ECDSA)C#.net从Pkcs11Interop为CKM_ECDSA_SHA256签名PDF
[英]Signing PDF from Pkcs11Interop for CKM_ECDSA_SHA256 using SoftHSM 2.2.0 (ECDSA with SHA256) C# .net
在没有System.Security.Cryptography的情况下计算SHA256哈希
[英]Calculate SHA256 hash WITHOUT System.Security.Cryptography
RSACryptoServiceProvider(.NET的RSA)可以使用SHA256进行加密(不签名)而不是SHA1吗?
[英]Can RSACryptoServiceProvider (.NET's RSA) use SHA256 for encryption (not signing) instead of SHA1?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
在.NET Framework 4.0中使用SHA256签名XML算法
使用SHA256的PayFort签名
使用SoftHSM 2.2.0(带有SHA256的ECDSA)C#.net从Pkcs11Interop为CKM_ECDSA_SHA256签名PDF
在没有System.Security.Cryptography的情况下计算SHA256哈希
为什么我不能使用 SHA256 创建 jwt 令牌?
RSACryptoServiceProvider(.NET的RSA)可以使用SHA256进行加密(不签名)而不是SHA1吗?
SHA256的AES加密
异步 SHA256 哈希
从SHA256解密
SHA256哈希计算
相关标签