SignedXml gives false negatives when using namespaces in signed xm

Peter Ravnholt

Hello all,

It seems that digitally signing XML documents using the SignedXml class has
a bug - or at least a behavior I cannot explain.

The problem occurs when I sign XML documents containing namespace prefixes
and namespace references and then validate it. The validation always fails
(returns false) in this case. When I remove the namespace prefixes and
namespace references from the XML, signing and validating works fine.

It seems that the problem has been recognized in .NET framework 1.1 (see
http://support.microsoft.com/kb/888999/en-us), however I am using .NET 2.0,
and the problem still exists.

I have made a boiled down reproduction of the behavior, it should be easy to
paste into a console application to test. You just need to add a reference to
System.Security .

Any advice on this issue would be greatly appreciated.

---BEGIN CODE

using System;
using System.Collecti ons.Generic;
using System.Text;
using System.Xml;
using System.Security .Cryptography.X 509Certificates ;
using System.Security .Cryptography.X ml;
using System.Security .Cryptography;
using System.Xml.Sche ma;

namespace ConsoleApplicat ion1
{
class Program
{
private static XmlElement GoodElement()
{
// Create a test xml document
XmlDocument oDoc = new XmlDocument();
oDoc.LoadXml(@" <somedoc><a>< b Id=""signme"">T his should be
signed</b></a></somedoc>");

// Get a specific element in the xml document
XmlElement elem = (XmlElement)oDo c.SelectNodes("//b")[0];

return elem;
}

private static XmlElement BadElement()
{
// Create a test xml document
XmlDocument oDoc = new XmlDocument();
oDoc.LoadXml(@" <somedoc
xmlns:pre=""htt p://some.url/schema""><pre:a ><pre:b Id=""signme"">T his should
be signed</pre:b></pre:a></somedoc>");

// Get a specific namespace prefixed element in the xml document
XmlNamespaceMan ager xman = new XmlNamespaceMan ager(oDoc.NameT able);
xman.AddNamespa ce("pre", "http://some.url/schema");
XmlElement elem = (XmlElement)oDo c.SelectNodes("//pre:b", xman)[0];

return elem;
}

private static void Reproduce()
{
XmlElement elem = BadElement();
Console.WriteLi ne("Signing and validating this XML: " + elem.OuterXml);
Console.WriteLi ne();

// Sign the element
RSACryptoServic eProvider key = new RSACryptoServic eProvider();
SignedXml sx = new SignedXml(elem) ;
sx.SigningKey = key;
sx.AddReference (new Reference("#sig nme")); // Sign this node
sx.ComputeSigna ture();

// Hold the signature
XmlElement signature = sx.GetXml();

// Validate
SignedXml sx2 = new SignedXml(elem) ;
sx2.LoadXml(sig nature);
bool test = sx2.CheckSignat ure(key);
Console.WriteLi ne("Result of validation: " + test);
Console.ReadLin e();

// Use GoodElement in first line of this method: test is true, ok!
// Use BadElement in first line of this method: Fails with false! Why?
}

static void Main(string[] args)
{
Reproduce();
}
}
}

--- END CODE
/ Peter.

Aug 25 '06 #1

Subscribe Reply

4372

Vadim Grinshpun

Peter

I have exactly the same problem, so I was wondering if you ever resolved
this issue, and if you did - how did you do it?

Thanks
Vadim

Nov 9 '06 #2

Similar topics

2902

Help - Soap Message - SignedXml - Apache Xml Security Suite - Interoperability

by: Raghu | last post by:

I am using SignedXml class to sign and verify soap xml documents. We are not using WSE at this point. When I sign a soap document and send it to my trading partner, they can verify the document without any problem. However when they send me the signed soap document, I am not able to verify it. But they can take their signed document and can verify it without any problem. They are using Apache Xml Security Suite (v 1.0.4). One thing we...

.NET Framework

1771

Issues with SignedXml Class

by: pak76 | last post by:

Class SignedXml is used to produce/verify signature over XML document. One of its methods, function GetIdElement, is used to select Xml elements for signature and verification and consist following line: xmlElement = document.SelectSingleNode(String.Concat("//*")) is XmlElement; I can see two issues with this line 1. URI injection - there is no validation of idValue whatsoever; therefore I can successfully validate document below (see...

.NET Framework

3763

SignedXML.CheckSignature() not working

by: ChrisA | last post by:

I'm using Michael Gallants DecodeCertKey example to get the public key from an X509 certificate. I then create an RSAServiceProvider and try to use it to CheckSignature() on the signed XML file. Other sources such as http://www.infomosaic.net/XMLSign/SecureXMLVerifyWS.htm can verify the signature, but .Net won't. Any ideas? Here is the code I'm using: ' Verify the signature of an XML file and return the result. Public Shared Function...

.NET Framework

4997

SignedXML throws error

by: Nikhil | last post by:

When I try to used the CheckSignature Method of SignedXML I get the following error. "Unknown transform has been encountered. at System.Security.Cryptography.Xml.Reference.LoadXml(XmlElement value)\r\n at System.Security.Cryptography.Xml.SignedInfo.LoadXml(XmlElement value)\r\n at System.Security.Cryptography.Xml.Signature.LoadXml(XmlElement value)\r\n at System.Security.Cryptography.Xml.SignedXml.LoadXml(XmlElement value)\r\n at...

.NET Framework

5001

SignedXML

by: Karol | last post by:

Hello, I'm trying to create signed XML document with SignedXml class. As a SigningKey I'd like to use key pair obtained from user certificate stored in current user certificate store. I'm using WSE 2 SP 2 to get certificate, but when I'm invoking ComputeSignature() method of SignedXML instance I recive the following exception: "An unhandled exception of type 'System.NotSupportedException' occurred in microsoft.web.services2.dll

.NET Framework

2539

Code style musing - eliminating double negatives.

by: Steve Jorgensen | last post by:

I often come up with logic like this somewhere in a function: .... If Not IsNull(<some expression>) Then <default action> Else <alternative action> End If ....

Microsoft Access / VBA

2630

SignedXml question

by: William Stacey [MVP] | last post by:

Given the following, how do I get the plain xml without the security elements (i.e. the original xml before the security was added) in the VerifyXML() method. TIA. using System; using System.Security.Cryptography; using System.Security.Cryptography.Xml; using System.Xml; using System.IO;

C# / C Sharp

1568

SignedXML from a SmartCard

by: Senshodan | last post by:

Hi all, I'm trying to use the SignedXML class in order to create a XMLDSIG signature using a certificate stored in a smartcard. For that purpose I find out the data of the certificate context ( key contai ner name, provider type & name) and I create a cspParameters with that info. The problem arises when I try to create a new RSACryptoServicesProvider usin g the cspParameters. Then I got the error "More info is available" that is n ot a...

C# / C Sharp

5787

SignedXml, X509Certificate2 and certificates with *Strong* protection

by: Rune Nergard | last post by:

I have tried to use the System.Security.Cryptography.Xml.SignedXml class to sign an Xml message with Xml-DSIG and using an Enveloped signature type and the sha1RSA algorithm. Everything works fine with soft certificates and some smartcard based certificates. I'm using X509Certificate2 to hold the certificates. My problem is that our customers is forced (by law!) to use a smart-card based personal certificate with strong protection. That is...

.NET Framework

9591

What is ONU?

by: marktang | last post by:

ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...

General

9425

Changing the language in Windows 10

by: Hystou | last post by:

Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...

Windows Server

10057

Maximizing Business Potential: The Nexus of Website Design and Digital Marketing

by: jinu1996 | last post by:

In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...

Online Marketing

10002

The easy way to turn off automatic updates for Windows 10/11

by: Hystou | last post by:

Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...

Windows Server

9869

Discussion: How does Zigbee compare with other wireless protocols in smart home applications?

by: tracyyun | last post by:

Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...

General

7415

Access Europe - Using VBA to create a class based on a table - Wed 1 May

by: isladogs | last post by:

The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...

Microsoft Access / VBA

3970

transfer the data from one system to another through ip address

by: 6302768590 | last post by:

Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system

C# / C Sharp

3575

How to add payments to a PHP MySQL app.

by: muto222 | last post by:

How can i add a mobile payment intergratation into php mysql website.

PHP

2816

Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy

by: bsmnconsultancy | last post by:

In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

General