Hello,
I'm trying to create signed XML document with SignedXml class. As a
SigningKey I'd like to use key pair obtained from user certificate
stored in current user certificate store. I'm using WSE 2 SP 2 to get
certificate, but when I'm invoking ComputeSignatur e() method of
SignedXML instance I recive the following exception:
"An unhandled exception of type 'System.NotSupp ortedException'
occurred in microsoft.web.s ervices2.dll
Additional information: DecryptValue"
I'd also like to mention, that when I try to export key's parameters I
recive the following exception:
"An unhandled exception of type 'System.NotSupp ortedException'
occurred in microsoft.web.s ervices2.dll
Additional information: Export of private parameters is not supported"
User certificate was created with Windows 2003 Enterprice Edition's
CertSrv.
I've tryed to create certificate with and without checked "Mark keys
as exportable" and the result is the same.
What can be wrong?
Here is code listing:
// Create example data to sign.
XmlDocument document = new XmlDocument();
XmlNode node = document.Create NodeXmlNodeType .Element, "",
"MyElement" , "samples");
node.InnerText = "This is some text";
document.Append Child(node);
// Get user certificate
X509Certificate Store store = new
X509Certificate Store(X509Certi ficateStore.Sto reProvider.Syst em,
X509Certificate Store.StoreLoca tion.CurrentUse r,
X509Certificate Store.MyStore);
store.Open();
X509Certificate xCert = store.Certifica tes[0];
store.Close();
// Create the SignedXml message.
SignedXml signedXml = new SignedXml();
RSA key = xCert.Key;
//RSA key = RSA.Create();
//key.ImportParam eters(xCert.Key .ExportParamete rs(true));
signedXml.Signi ngKey = key;
// Create a data object to hold the data to sign.
DataObject dataObject = new DataObject();
dataObject.Data = document.ChildN odes;
dataObject.Id = "MyObjectId ";
// Add the data object to the signature.
signedXml.AddOb ject(dataObject );
// Create a reference to be able to package everything into the
// message.
Reference reference = new Reference();
reference.Uri = "#MyObjectI d";
// Add it to the message.
signedXml.AddRe ference(referen ce);
// Add a KeyInfo.
KeyInfo keyInfo = new KeyInfo();
keyInfo.AddClau se(new RSAKeyValue(key ));
signedXml.KeyIn fo = keyInfo;
// Compute the signature.
signedXml.Compu teSignature();
Thanks for your replay - Karol.
4  5001 
Karol,
I can see either one of the two issues
1. Your private Key is not part of the certificate
2. If you still believe that, the private key is present as part of the
certificate, try using Microsoft.Web.S ervices.Securit y.X509.X509Cert ificate
object for retrieving the Certificate from the store by using
(X509Certificat eStore available in the same package).I was able to implement
it without any problem using this class and was having some issues with the
WSE2 classes
X509Certificate .Key will give u the private key
Hope it helps
Thanks
Raj
"Karol" wrote: Hello,
I'm trying to create signed XML document with SignedXml class. As a
SigningKey I'd like to use key pair obtained from user certificate
stored in current user certificate store. I'm using WSE 2 SP 2 to get
certificate, but when I'm invoking ComputeSignatur e() method of
SignedXML instance I recive the following exception:
"An unhandled exception of type 'System.NotSupp ortedException'
occurred in microsoft.web.s ervices2.dll
Additional information: DecryptValue"
I'd also like to mention, that when I try to export key's parameters I
recive the following exception:
"An unhandled exception of type 'System.NotSupp ortedException'
occurred in microsoft.web.s ervices2.dll
Additional information: Export of private parameters is not supported"
User certificate was created with Windows 2003 Enterprice Edition's
CertSrv.
I've tryed to create certificate with and without checked "Mark keys
as exportable" and the result is the same.
What can be wrong?
Here is code listing:
// Create example data to sign.
XmlDocument document = new XmlDocument();
XmlNode node = document.Create NodeXmlNodeType .Element, "",
"MyElement" , "samples");
node.InnerText = "This is some text";
document.Append Child(node);
// Get user certificate
X509Certificate Store store = new
X509Certificate Store(X509Certi ficateStore.Sto reProvider.Syst em,
X509Certificate Store.StoreLoca tion.CurrentUse r,
X509Certificate Store.MyStore);
store.Open();
X509Certificate xCert = store.Certifica tes[0];
store.Close();
// Create the SignedXml message.
SignedXml signedXml = new SignedXml();
RSA key = xCert.Key;
//RSA key = RSA.Create();
//key.ImportParam eters(xCert.Key .ExportParamete rs(true));
signedXml.Signi ngKey = key;
// Create a data object to hold the data to sign.
DataObject dataObject = new DataObject();
dataObject.Data = document.ChildN odes;
dataObject.Id = "MyObjectId ";
// Add the data object to the signature.
signedXml.AddOb ject(dataObject );
// Create a reference to be able to package everything into the
// message.
Reference reference = new Reference();
reference.Uri = "#MyObjectI d";
// Add it to the message.
signedXml.AddRe ference(referen ce);
// Add a KeyInfo.
KeyInfo keyInfo = new KeyInfo();
keyInfo.AddClau se(new RSAKeyValue(key ));
signedXml.KeyIn fo = keyInfo;
// Compute the signature.
signedXml.Compu teSignature();
Thanks for your replay - Karol.
If your using WSE, why are you also using SignedXML? You could instead just
sign the soap body with your token and WSE handles all that. Unless I miss
something (which is likely.)
--
William Stacey, MVP http://mvp.support.microsoft.com
"Karol" <re***@tlen.p l> wrote in message
news:c8******** *************** **@posting.goog le.com... Hello,
I'm trying to create signed XML document with SignedXml class. As a
SigningKey I'd like to use key pair obtained from user certificate
stored in current user certificate store. I'm using WSE 2 SP 2 to get
certificate, but when I'm invoking ComputeSignatur e() method of
SignedXML instance I recive the following exception:
"An unhandled exception of type 'System.NotSupp ortedException'
occurred in microsoft.web.s ervices2.dll
Additional information: DecryptValue"
I'd also like to mention, that when I try to export key's parameters I
recive the following exception:
"An unhandled exception of type 'System.NotSupp ortedException'
occurred in microsoft.web.s ervices2.dll
Additional information: Export of private parameters is not supported"
User certificate was created with Windows 2003 Enterprice Edition's
CertSrv.
I've tryed to create certificate with and without checked "Mark keys
as exportable" and the result is the same.
What can be wrong?
Here is code listing:
// Create example data to sign.
XmlDocument document = new XmlDocument();
XmlNode node = document.Create NodeXmlNodeType .Element, "",
"MyElement" , "samples");
node.InnerText = "This is some text";
document.Append Child(node);
// Get user certificate
X509Certificate Store store = new
X509Certificate Store(X509Certi ficateStore.Sto reProvider.Syst em,
X509Certificate Store.StoreLoca tion.CurrentUse r,
X509Certificate Store.MyStore);
store.Open();
X509Certificate xCert = store.Certifica tes[0];
store.Close();
// Create the SignedXml message.
SignedXml signedXml = new SignedXml();
RSA key = xCert.Key;
//RSA key = RSA.Create();
//key.ImportParam eters(xCert.Key .ExportParamete rs(true));
signedXml.Signi ngKey = key;
// Create a data object to hold the data to sign.
DataObject dataObject = new DataObject();
dataObject.Data = document.ChildN odes;
dataObject.Id = "MyObjectId ";
// Add the data object to the signature.
signedXml.AddOb ject(dataObject );
// Create a reference to be able to package everything into the
// message.
Reference reference = new Reference();
reference.Uri = "#MyObjectI d";
// Add it to the message.
signedXml.AddRe ference(referen ce);
// Add a KeyInfo.
KeyInfo keyInfo = new KeyInfo();
keyInfo.AddClau se(new RSAKeyValue(key ));
signedXml.KeyIn fo = keyInfo;
// Compute the signature.
signedXml.Compu teSignature();
Thanks for your replay - Karol.
Raj <Ra*@discussion s.microsoft.com > wrote in message news:<BA******* *************** ************@mi crosoft.com>... Karol,
I can see either one of the two issues
1. Your private Key is not part of the certificate
2. If you still believe that, the private key is present as part of the
certificate, try using Microsoft.Web.S ervices.Securit y.X509.X509Cert ificate
object for retrieving the Certificate from the store by using
(X509Certificat eStore available in the same package).I was able to implement
it without any problem using this class and was having some issues with the
WSE2 classes
X509Certificate .Key will give u the private key
Thanks Raj,
Retriving Certificate and it's Key with WSE 1.0 solved the problem :)
--
Best regards,
Karol
Thanks Raj,
Retriving Certificate and it's Key with WSE 1.0 solved the problem
:)
--
Best regards,
Karol [/b]
Karol Hi !!
Could you post some sample code of the corrected and working solution
??
I'm dealing wit the same problem at this moment.
Thank you very much.
El Bruno
--
ElBruno
------------------------------------------------------------------------
Posted via http://www.mcse.ms
------------------------------------------------------------------------
View this thread: http://www.mcse.ms/message1415408.html This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Raghu |
last post by:
I am using SignedXml class to sign and verify soap xml documents. We are not
using WSE at this point. When I sign a soap document and send it to my
trading partner, they can verify the document without any problem. However
when they send me the signed soap document, I am not able to verify it. But
they can take their signed document and can verify it without any problem.
They are using Apache Xml Security Suite (v 1.0.4).
One thing we...
|
by: Guangxi Wu |
last post by:
Hi all,
Happy New Year.
I am using SignedXML and an X509 certificate to digitally sign a SOAP
message body and put the signature in the SOAP header for a B2B business
application. Can you suggest which type of digital certificates from
VeriSign is for this purpose? I checked VeriSign's web site but didn't find
it obvious to decide.
|
by: pak76 |
last post by:
Class SignedXml is used to produce/verify signature over XML document. One of its methods, function GetIdElement, is used to select Xml elements for signature and verification and consist following line:
xmlElement = document.SelectSingleNode(String.Concat("//*")) is XmlElement;
I can see two issues with this line
1. URI injection - there is no validation of idValue whatsoever; therefore I can successfully validate document below (see...
|
by: ChrisA |
last post by:
I'm using Michael Gallants DecodeCertKey example to get the public key
from an X509 certificate. I then create an RSAServiceProvider and try
to use it to CheckSignature() on the signed XML file. Other sources
such as http://www.infomosaic.net/XMLSign/SecureXMLVerifyWS.htm can
verify the signature, but .Net won't. Any ideas?
Here is the code I'm using:
' Verify the signature of an XML file and return the result.
Public Shared Function...
|
by: Nikhil |
last post by:
When I try to used the CheckSignature Method of SignedXML I get the following
error.
"Unknown transform has been encountered. at
System.Security.Cryptography.Xml.Reference.LoadXml(XmlElement value)\r\n at
System.Security.Cryptography.Xml.SignedInfo.LoadXml(XmlElement value)\r\n
at System.Security.Cryptography.Xml.Signature.LoadXml(XmlElement value)\r\n
at System.Security.Cryptography.Xml.SignedXml.LoadXml(XmlElement value)\r\n
at...
| | |
by: William Stacey [MVP] |
last post by:
Given the following, how do I get the plain xml without the security
elements (i.e. the original xml before the security was added) in the
VerifyXML() method. TIA.
using System;
using System.Security.Cryptography;
using System.Security.Cryptography.Xml;
using System.Xml;
using System.IO;
|
by: Rune Nergard |
last post by:
I have tried to use the System.Security.Cryptography.Xml.SignedXml class
to sign an Xml message with Xml-DSIG and using an Enveloped signature type
and the sha1RSA algorithm. Everything works fine with soft certificates
and some smartcard based certificates. I'm using X509Certificate2 to hold
the certificates. My problem is that our customers is forced (by law!) to
use a smart-card based personal certificate with strong protection. That
is...
|
by: Peter Ravnholt |
last post by:
Hello all,
It seems that digitally signing XML documents using the SignedXml class has
a bug - or at least a behavior I cannot explain.
The problem occurs when I sign XML documents containing namespace prefixes
and namespace references and then validate it. The validation always fails
(returns false) in this case. When I remove the namespace prefixes and
namespace references from the XML, signing and validating works fine.
|
by: Iguana |
last post by:
Hi!
Im creating project in c# .net2.0, to sign and verify documens us
xmldsig format.
My problem is how to use prefix "ds" instead of:
xmlns="http://www.w3.org/2000/09/xmldsig#" in SignedInfo,
SignatureValue and KeyInfo node and their child nodes?
I add xmlns:ds="http://www.w3.org/2000/09/xmldsig#" attribute to
xmlDocument. After call ComputeSignature method, I add to signature
xmlElement (XmlElement xmlDigitalSignature =...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
| | |
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| | |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
