When I try to used the CheckSignature Method of SignedXML I get the following
error.

"Unknown transform has been encountered. at
System.Security.Cryptography.Xml.Reference.LoadXml (XmlElement value)\r\n at
System.Security.Cryptography.Xml.SignedInfo.LoadXm l(XmlElement value)\r\n
at System.Security.Cryptography.Xml.Signature.LoadXml (XmlElement value)\r\n
at System.Security.Cryptography.Xml.SignedXml.LoadXml (XmlElement value)\r\n
at SAML.Form1.button2_Click(Object sender, EventArgs e) in
d:\\omtest\\saml\\form1.cs:line 295" string

Any ideas what might be going wrong, I have checked the code a couple of
time & am pretty sure the LoadXML & assigning of the key is fine, somewhere I
read that it has to do wiht the machine config file, I need some more
information regarding what needs to change out there.

Thanks,
--
Nikhil Sarathi

"Nikhil" <Nikhil@discussions.microsoft.com> wrote in message news:B17BFEBA-46CB-4853-8916-B6EBD8A77389@microsoft.com...[color=blue]
> When I try to used the CheckSignature Method of SignedXML I get the following
> error.
>
> "Unknown transform has been encountered. at
> System.Security.Cryptography.Xml.Reference.LoadXml (XmlElement value)\r\n at
> System.Security.Cryptography.Xml.SignedInfo.LoadXm l(XmlElement value)\r\n[/color]
: :[color=blue]
> I need some more information regarding what needs to change out there.[/color]

Undoubtedly, you have one or more <ds:Reference> elements containing a
<ds:Transform> with an invalid Algorithm. For example, there are places in
your <ds:SignatureInfo> like,

<ds:Reference>
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1">
<!-- . . . -->

Where the URI (and this could be as simple as SHA1, or SHA{keyLength} so
sometimes you may see SHA512, etc.) specified for Algorithm is not being
recognized.

See the following URL for a list of the well-known XML Digital Signature
algorithm URIs that can appear as the value of the Algorithm attribute,

http://www.w3.org/TR/xmldsig-core/#sec-AlgID

You can fix this by using one of the well-known algorithm URIs, double-check
that there are no typos or trailing backslashes on that Algorithm ID value.
[color=blue]
> I read that it has to do wiht the machine config file,[/color]

You can add or override the classes that provide the hash functions specifying
class names in the <cryptographicSettings> section of machine.config,

http://msdn.microsoft.com/library/en...ingsschema.asp

but you must deploy the implementation on all machines that need to handle
(verify or produce) these signatures using your custom Algorithm.

It's more likely the answer to your problem is the former (typo, malformed
algorithm identifier), rather than something that would require you to modify
the machine.config.


Derek Harmon

Hey Derek,
Thanks for your response the problem seems to be with the
Transform, in the xml file I have they use exclusive canonicalization and I
dont think .NET 1.1 supports it, do you know of any way to handle this
problem.


"Derek Harmon" wrote:
[color=blue]
> "Nikhil" <Nikhil@discussions.microsoft.com> wrote in message news:B17BFEBA-46CB-4853-8916-B6EBD8A77389@microsoft.com...[color=green]
> > When I try to used the CheckSignature Method of SignedXML I get the following
> > error.
> >
> > "Unknown transform has been encountered. at
> > System.Security.Cryptography.Xml.Reference.LoadXml (XmlElement value)\r\n at
> > System.Security.Cryptography.Xml.SignedInfo.LoadXm l(XmlElement value)\r\n[/color]
> : :[color=green]
> > I need some more information regarding what needs to change out there.[/color]
>
> Undoubtedly, you have one or more <ds:Reference> elements containing a
> <ds:Transform> with an invalid Algorithm. For example, there are places in
> your <ds:SignatureInfo> like,
>
> <ds:Reference>
> <ds:Transforms>
> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1">
> <!-- . . . -->
>
> Where the URI (and this could be as simple as SHA1, or SHA{keyLength} so
> sometimes you may see SHA512, etc.) specified for Algorithm is not being
> recognized.
>
> See the following URL for a list of the well-known XML Digital Signature
> algorithm URIs that can appear as the value of the Algorithm attribute,
>
> http://www.w3.org/TR/xmldsig-core/#sec-AlgID
>
> You can fix this by using one of the well-known algorithm URIs, double-check
> that there are no typos or trailing backslashes on that Algorithm ID value.
>[color=green]
> > I read that it has to do wiht the machine config file,[/color]
>
> You can add or override the classes that provide the hash functions specifying
> class names in the <cryptographicSettings> section of machine.config,
>
> http://msdn.microsoft.com/library/en...ingsschema.asp
>
> but you must deploy the implementation on all machines that need to handle
> (verify or produce) these signatures using your custom Algorithm.
>
> It's more likely the answer to your problem is the former (typo, malformed
> algorithm identifier), rather than something that would require you to modify
> the machine.config.
>
>
> Derek Harmon
>
>
>[/color]