473,854 Members | 1,542 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

SignedXml gives false negatives when using namespaces in signed xm

Hello all,

It seems that digitally signing XML documents using the SignedXml class has
a bug - or at least a behavior I cannot explain.

The problem occurs when I sign XML documents containing namespace prefixes
and namespace references and then validate it. The validation always fails
(returns false) in this case. When I remove the namespace prefixes and
namespace references from the XML, signing and validating works fine.

It seems that the problem has been recognized in .NET framework 1.1 (see
http://support.microsoft.com/kb/888999/en-us), however I am using .NET 2.0,
and the problem still exists.

I have made a boiled down reproduction of the behavior, it should be easy to
paste into a console application to test. You just need to add a reference to
System.Security .

Any advice on this issue would be greatly appreciated.


using System;
using System.Collecti ons.Generic;
using System.Text;
using System.Xml;
using System.Security .Cryptography.X 509Certificates ;
using System.Security .Cryptography.X ml;
using System.Security .Cryptography;
using System.Xml.Sche ma;

namespace ConsoleApplicat ion1
class Program
private static XmlElement GoodElement()
// Create a test xml document
XmlDocument oDoc = new XmlDocument();
oDoc.LoadXml(@" <somedoc><a>< b Id=""signme"">T his should be

// Get a specific element in the xml document
XmlElement elem = (XmlElement)oDo c.SelectNodes("//b")[0];

return elem;

private static XmlElement BadElement()
// Create a test xml document
XmlDocument oDoc = new XmlDocument();
oDoc.LoadXml(@" <somedoc
xmlns:pre=""htt p://some.url/schema""><pre:a ><pre:b Id=""signme"">T his should
be signed</pre:b></pre:a></somedoc>");

// Get a specific namespace prefixed element in the xml document
XmlNamespaceMan ager xman = new XmlNamespaceMan ager(oDoc.NameT able);
xman.AddNamespa ce("pre", "http://some.url/schema");
XmlElement elem = (XmlElement)oDo c.SelectNodes("//pre:b", xman)[0];

return elem;

private static void Reproduce()
XmlElement elem = BadElement();
Console.WriteLi ne("Signing and validating this XML: " + elem.OuterXml);
Console.WriteLi ne();

// Sign the element
RSACryptoServic eProvider key = new RSACryptoServic eProvider();
SignedXml sx = new SignedXml(elem) ;
sx.SigningKey = key;
sx.AddReference (new Reference("#sig nme")); // Sign this node
sx.ComputeSigna ture();

// Hold the signature
XmlElement signature = sx.GetXml();

// Validate
SignedXml sx2 = new SignedXml(elem) ;
sx2.LoadXml(sig nature);
bool test = sx2.CheckSignat ure(key);
Console.WriteLi ne("Result of validation: " + test);
Console.ReadLin e();

// Use GoodElement in first line of this method: test is true, ok!
// Use BadElement in first line of this method: Fails with false! Why?

static void Main(string[] args)

/ Peter.
Aug 25 '06 #1
1 4374

I have exactly the same problem, so I was wondering if you ever resolved
this issue, and if you did - how did you do it?

Nov 9 '06 #2

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

by: Raghu | last post by:
I am using SignedXml class to sign and verify soap xml documents. We are not using WSE at this point. When I sign a soap document and send it to my trading partner, they can verify the document without any problem. However when they send me the signed soap document, I am not able to verify it. But they can take their signed document and can verify it without any problem. They are using Apache Xml Security Suite (v 1.0.4). One thing we...
by: pak76 | last post by:
Class SignedXml is used to produce/verify signature over XML document. One of its methods, function GetIdElement, is used to select Xml elements for signature and verification and consist following line: xmlElement = document.SelectSingleNode(String.Concat("//*")) is XmlElement; I can see two issues with this line 1. URI injection - there is no validation of idValue whatsoever; therefore I can successfully validate document below (see...
by: ChrisA | last post by:
I'm using Michael Gallants DecodeCertKey example to get the public key from an X509 certificate. I then create an RSAServiceProvider and try to use it to CheckSignature() on the signed XML file. Other sources such as http://www.infomosaic.net/XMLSign/SecureXMLVerifyWS.htm can verify the signature, but .Net won't. Any ideas? Here is the code I'm using: ' Verify the signature of an XML file and return the result. Public Shared Function...
by: Nikhil | last post by:
When I try to used the CheckSignature Method of SignedXML I get the following error. "Unknown transform has been encountered. at System.Security.Cryptography.Xml.Reference.LoadXml(XmlElement value)\r\n at System.Security.Cryptography.Xml.SignedInfo.LoadXml(XmlElement value)\r\n at System.Security.Cryptography.Xml.Signature.LoadXml(XmlElement value)\r\n at System.Security.Cryptography.Xml.SignedXml.LoadXml(XmlElement value)\r\n at...
by: Karol | last post by:
Hello, I'm trying to create signed XML document with SignedXml class. As a SigningKey I'd like to use key pair obtained from user certificate stored in current user certificate store. I'm using WSE 2 SP 2 to get certificate, but when I'm invoking ComputeSignature() method of SignedXML instance I recive the following exception: "An unhandled exception of type 'System.NotSupportedException' occurred in microsoft.web.services2.dll
by: Steve Jorgensen | last post by:
I often come up with logic like this somewhere in a function: .... If Not IsNull(<some expression>) Then <default action> Else <alternative action> End If ....
by: William Stacey [MVP] | last post by:
Given the following, how do I get the plain xml without the security elements (i.e. the original xml before the security was added) in the VerifyXML() method. TIA. using System; using System.Security.Cryptography; using System.Security.Cryptography.Xml; using System.Xml; using System.IO;
by: Senshodan | last post by:
Hi all, I'm trying to use the SignedXML class in order to create a XMLDSIG signature using a certificate stored in a smartcard. For that purpose I find out the data of the certificate context ( key contai ner name, provider type & name) and I create a cspParameters with that info. The problem arises when I try to create a new RSACryptoServicesProvider usin g the cspParameters. Then I got the error "More info is available" that is n ot a...
by: Rune Nergard | last post by:
I have tried to use the System.Security.Cryptography.Xml.SignedXml class to sign an Xml message with Xml-DSIG and using an Enveloped signature type and the sha1RSA algorithm. Everything works fine with soft certificates and some smartcard based certificates. I'm using X509Certificate2 to hold the certificates. My problem is that our customers is forced (by law!) to use a smart-card based personal certificate with strong protection. That is...
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.