Hello,
I need to do the following with an xml document which has a list of
assets:
1. Hash the assets
2. Hash the element describing the assets
3. Create a digital signature (using X.509 certificate) over the
hashes from step 1 and 2
Most of the examples I've been looking at are doing a digital
signature in one go, and I'm not sure how to write the references with
the digest to the xml file without also creating a signature.
This is the code I currently have:
// Create a key container
CspParameters cspParameters = new CspParameters();
cspParameters.KeyContainerName = "XML_DSIG_RSA_KEY";
// Create an RSA key and save it in the container
RSACryptoServiceProvider rsaKey = new
RSACryptoServiceProvider(cspParameters);
// Create a new XML document and load the manifest into it
XmlDocument xmlDoc = new XmlDocument();
//xmlDoc.PreserveWhitespace = true;
xmlDoc.Load(manifestPath);
hashAssets(xmlDoc, rsaKey);
// Save the manifest
xmlDoc.Save(manifestPath);
public void hashAssets(XmlDocument Doc, RSA Key)
{
// Create a SignedXml object
SignedXml signedXml = new SignedXml(Doc);
// Add the key
signedXml.SigningKey = Key;
// Get urls to assets with signed = true
assetUris = getAssetUris();
foreach (string assetUri in assetUris)
{
// Create a reference to be signed
Reference reference = new Reference(); reference.Uri = assetUri;
//// Add an enveloped transformation to the reference
//XmlDsigEnvelopedSignatureTransform env = new
XmlDsigEnvelopedSignatureTransform();
//reference.AddTransform(env);
// Add the reference to the SignedXml object
signedXml.AddReference(reference);
}
// Compute the signature
signedXml.ComputeSignature();
// Get the XML representation of the signature and save it to an
XmlElement object
XmlElement xmlDigitalSignature = signedXml.GetXml();
// Append the element to the XML document
Doc.DocumentElement.AppendChild(Doc.ImportNode(xml DigitalSignature,
true));
}
Is there any way of saving the reference to the xmldoc without also
creating a signature? And then hash the reference elements and create
a signature over them? Or am I taking the wrong approach with this
code to start with?
Many thanks,
AK