Hello,
I'm trying to create signed XML document with SignedXml class. As a
SigningKey I'd like to use key pair obtained from user certificate
stored in current user certificate store. I'm using WSE 2 SP 2 to get
certificate, but when I'm invoking ComputeSignature() method of
SignedXML instance I recive the following exception:
"An unhandled exception of type 'System.NotSupportedException'
occurred in microsoft.web.services2.dll
Additional information: DecryptValue"
I'd also like to mention, that when I try to export key's parameters I
recive the following exception:
"An unhandled exception of type 'System.NotSupportedException'
occurred in microsoft.web.services2.dll
Additional information: Export of private parameters is not supported"
User certificate was created with Windows 2003 Enterprice Edition's
CertSrv.
I've tryed to create certificate with and without checked "Mark keys
as exportable" and the result is the same.
What can be wrong?
Here is code listing:
// Create example data to sign.
XmlDocument document = new XmlDocument();
XmlNode node = document.CreateNodeXmlNodeType.Element, "",
"MyElement", "samples");
node.InnerText = "This is some text";
document.AppendChild(node);
// Get user certificate
X509CertificateStore store = new
X509CertificateStore(X509CertificateStore.StorePro vider.System,
X509CertificateStore.StoreLocation.CurrentUser,
X509CertificateStore.MyStore);
store.Open();
X509Certificate xCert = store.Certificates[0];
store.Close();
// Create the SignedXml message.
SignedXml signedXml = new SignedXml();
RSA key = xCert.Key;
//RSA key = RSA.Create();
//key.ImportParameters(xCert.Key.ExportParameters(tr ue));
signedXml.SigningKey = key;
// Create a data object to hold the data to sign.
DataObject dataObject = new DataObject();
dataObject.Data = document.ChildNodes;
dataObject.Id = "MyObjectId";
// Add the data object to the signature.
signedXml.AddObject(dataObject);
// Create a reference to be able to package everything into the
// message.
Reference reference = new Reference();
reference.Uri = "#MyObjectId";
// Add it to the message.
signedXml.AddReference(reference);
// Add a KeyInfo.
KeyInfo keyInfo = new KeyInfo();
keyInfo.AddClause(new RSAKeyValue(key));
signedXml.KeyInfo = keyInfo;
// Compute the signature.
signedXml.ComputeSignature();
Thanks for your replay - Karol.
4  4979 
Karol,
I can see either one of the two issues
1. Your private Key is not part of the certificate
2. If you still believe that, the private key is present as part of the
certificate, try using Microsoft.Web.Services.Security.X509.X509Certifica te
object for retrieving the Certificate from the store by using
(X509CertificateStore available in the same package).I was able to implement
it without any problem using this class and was having some issues with the
WSE2 classes
X509Certificate.Key will give u the private key
Hope it helps
Thanks
Raj
"Karol" wrote: Hello,
I'm trying to create signed XML document with SignedXml class. As a
SigningKey I'd like to use key pair obtained from user certificate
stored in current user certificate store. I'm using WSE 2 SP 2 to get
certificate, but when I'm invoking ComputeSignature() method of
SignedXML instance I recive the following exception:
"An unhandled exception of type 'System.NotSupportedException'
occurred in microsoft.web.services2.dll
Additional information: DecryptValue"
I'd also like to mention, that when I try to export key's parameters I
recive the following exception:
"An unhandled exception of type 'System.NotSupportedException'
occurred in microsoft.web.services2.dll
Additional information: Export of private parameters is not supported"
User certificate was created with Windows 2003 Enterprice Edition's
CertSrv.
I've tryed to create certificate with and without checked "Mark keys
as exportable" and the result is the same.
What can be wrong?
Here is code listing:
// Create example data to sign.
XmlDocument document = new XmlDocument();
XmlNode node = document.CreateNodeXmlNodeType.Element, "",
"MyElement", "samples");
node.InnerText = "This is some text";
document.AppendChild(node);
// Get user certificate
X509CertificateStore store = new
X509CertificateStore(X509CertificateStore.StorePro vider.System,
X509CertificateStore.StoreLocation.CurrentUser,
X509CertificateStore.MyStore);
store.Open();
X509Certificate xCert = store.Certificates[0];
store.Close();
// Create the SignedXml message.
SignedXml signedXml = new SignedXml();
RSA key = xCert.Key;
//RSA key = RSA.Create();
//key.ImportParameters(xCert.Key.ExportParameters(tr ue));
signedXml.SigningKey = key;
// Create a data object to hold the data to sign.
DataObject dataObject = new DataObject();
dataObject.Data = document.ChildNodes;
dataObject.Id = "MyObjectId";
// Add the data object to the signature.
signedXml.AddObject(dataObject);
// Create a reference to be able to package everything into the
// message.
Reference reference = new Reference();
reference.Uri = "#MyObjectId";
// Add it to the message.
signedXml.AddReference(reference);
// Add a KeyInfo.
KeyInfo keyInfo = new KeyInfo();
keyInfo.AddClause(new RSAKeyValue(key));
signedXml.KeyInfo = keyInfo;
// Compute the signature.
signedXml.ComputeSignature();
Thanks for your replay - Karol.
If your using WSE, why are you also using SignedXML? You could instead just
sign the soap body with your token and WSE handles all that. Unless I miss
something (which is likely.)
--
William Stacey, MVP http://mvp.support.microsoft.com
"Karol" <re***@tlen.pl> wrote in message
news:c8*************************@posting.google.co m... Hello,
I'm trying to create signed XML document with SignedXml class. As a
SigningKey I'd like to use key pair obtained from user certificate
stored in current user certificate store. I'm using WSE 2 SP 2 to get
certificate, but when I'm invoking ComputeSignature() method of
SignedXML instance I recive the following exception:
"An unhandled exception of type 'System.NotSupportedException'
occurred in microsoft.web.services2.dll
Additional information: DecryptValue"
I'd also like to mention, that when I try to export key's parameters I
recive the following exception:
"An unhandled exception of type 'System.NotSupportedException'
occurred in microsoft.web.services2.dll
Additional information: Export of private parameters is not supported"
User certificate was created with Windows 2003 Enterprice Edition's
CertSrv.
I've tryed to create certificate with and without checked "Mark keys
as exportable" and the result is the same.
What can be wrong?
Here is code listing:
// Create example data to sign.
XmlDocument document = new XmlDocument();
XmlNode node = document.CreateNodeXmlNodeType.Element, "",
"MyElement", "samples");
node.InnerText = "This is some text";
document.AppendChild(node);
// Get user certificate
X509CertificateStore store = new
X509CertificateStore(X509CertificateStore.StorePro vider.System,
X509CertificateStore.StoreLocation.CurrentUser,
X509CertificateStore.MyStore);
store.Open();
X509Certificate xCert = store.Certificates[0];
store.Close();
// Create the SignedXml message.
SignedXml signedXml = new SignedXml();
RSA key = xCert.Key;
//RSA key = RSA.Create();
//key.ImportParameters(xCert.Key.ExportParameters(tr ue));
signedXml.SigningKey = key;
// Create a data object to hold the data to sign.
DataObject dataObject = new DataObject();
dataObject.Data = document.ChildNodes;
dataObject.Id = "MyObjectId";
// Add the data object to the signature.
signedXml.AddObject(dataObject);
// Create a reference to be able to package everything into the
// message.
Reference reference = new Reference();
reference.Uri = "#MyObjectId";
// Add it to the message.
signedXml.AddReference(reference);
// Add a KeyInfo.
KeyInfo keyInfo = new KeyInfo();
keyInfo.AddClause(new RSAKeyValue(key));
signedXml.KeyInfo = keyInfo;
// Compute the signature.
signedXml.ComputeSignature();
Thanks for your replay - Karol.
Raj <Ra*@discussions.microsoft.com> wrote in message news:<BA**********************************@microso ft.com>... Karol,
I can see either one of the two issues
1. Your private Key is not part of the certificate
2. If you still believe that, the private key is present as part of the
certificate, try using Microsoft.Web.Services.Security.X509.X509Certifica te
object for retrieving the Certificate from the store by using
(X509CertificateStore available in the same package).I was able to implement
it without any problem using this class and was having some issues with the
WSE2 classes
X509Certificate.Key will give u the private key
Thanks Raj,
Retriving Certificate and it's Key with WSE 1.0 solved the problem :)
--
Best regards,
Karol
Thanks Raj,
Retriving Certificate and it's Key with WSE 1.0 solved the problem
:)
--
Best regards,
Karol [/b]
Karol Hi !!
Could you post some sample code of the corrected and working solution
??
I'm dealing wit the same problem at this moment.
Thank you very much.
El Bruno
--
ElBruno
------------------------------------------------------------------------
Posted via http://www.mcse.ms
------------------------------------------------------------------------
View this thread: http://www.mcse.ms/message1415408.html This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Raghu |
last post by:
I am using SignedXml class to sign and verify soap xml documents. We are not
using WSE at this point. When I sign a soap document and send it to my
trading partner, they can verify the document...
|
by: Guangxi Wu |
last post by:
Hi all,
Happy New Year.
I am using SignedXML and an X509 certificate to digitally sign a SOAP
message body and put the signature in the SOAP header for a B2B business
application. Can you...
|
by: pak76 |
last post by:
Class SignedXml is used to produce/verify signature over XML document. One of its methods, function GetIdElement, is used to select Xml elements for signature and verification and consist following...
|
by: ChrisA |
last post by:
I'm using Michael Gallants DecodeCertKey example to get the public key
from an X509 certificate. I then create an RSAServiceProvider and try
to use it to CheckSignature() on the signed XML file....
|
by: Nikhil |
last post by:
When I try to used the CheckSignature Method of SignedXML I get the following
error.
"Unknown transform has been encountered. at
System.Security.Cryptography.Xml.Reference.LoadXml(XmlElement...
|
by: William Stacey [MVP] |
last post by:
Given the following, how do I get the plain xml without the security
elements (i.e. the original xml before the security was added) in the
VerifyXML() method. TIA.
using System;
using...
|
by: Rune Nergard |
last post by:
I have tried to use the System.Security.Cryptography.Xml.SignedXml class
to sign an Xml message with Xml-DSIG and using an Enveloped signature type
and the sha1RSA algorithm. Everything works fine...
|
by: Peter Ravnholt |
last post by:
Hello all,
It seems that digitally signing XML documents using the SignedXml class has
a bug - or at least a behavior I cannot explain.
The problem occurs when I sign XML documents containing...
|
by: Iguana |
last post by:
Hi!
Im creating project in c# .net2.0, to sign and verify documens us
xmldsig format.
My problem is how to use prefix "ds" instead of:
xmlns="http://www.w3.org/2000/09/xmldsig#" in SignedInfo,...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new...
| |
