SignedXML

Hello,
I'm trying to create signed XML document with SignedXml class. As a
SigningKey I'd like to use key pair obtained from user certificate
stored in current user certificate store. I'm using WSE 2 SP 2 to get
certificate, but when I'm invoking ComputeSignature() method of
SignedXML instance I recive the following exception:

"An unhandled exception of type 'System.NotSupportedException'
occurred in microsoft.web.services2.dll

Additional information: DecryptValue"

I'd also like to mention, that when I try to export key's parameters I
recive the following exception:
"An unhandled exception of type 'System.NotSupportedException'
occurred in microsoft.web.services2.dll

Additional information: Export of private parameters is not supported"

User certificate was created with Windows 2003 Enterprice Edition's
CertSrv.
I've tryed to create certificate with and without checked "Mark keys
as exportable" and the result is the same.

What can be wrong?

Here is code listing:

// Create example data to sign.
XmlDocument document = new XmlDocument();
XmlNode node = document.CreateNodeXmlNodeType.Element, "",
"MyElement", "samples");

node.InnerText = "This is some text";
document.AppendChild(node);

// Get user certificate
X509CertificateStore store = new
X509CertificateStore(X509CertificateStore.StorePro vider.System,
X509CertificateStore.StoreLocation.CurrentUser,
X509CertificateStore.MyStore);

store.Open();
X509Certificate xCert = store.Certificates[0];
store.Close();

// Create the SignedXml message.
SignedXml signedXml = new SignedXml();
RSA key = xCert.Key;
//RSA key = RSA.Create();
//key.ImportParameters(xCert.Key.ExportParameters(tr ue));
signedXml.SigningKey = key;

// Create a data object to hold the data to sign.
DataObject dataObject = new DataObject();
dataObject.Data = document.ChildNodes;
dataObject.Id = "MyObjectId";

// Add the data object to the signature.
signedXml.AddObject(dataObject);

// Create a reference to be able to package everything into the
// message.
Reference reference = new Reference();
reference.Uri = "#MyObjectId";

// Add it to the message.
signedXml.AddReference(reference);

// Add a KeyInfo.
KeyInfo keyInfo = new KeyInfo();
keyInfo.AddClause(new RSAKeyValue(key));
signedXml.KeyInfo = keyInfo;

// Compute the signature.
signedXml.ComputeSignature();
Thanks for your replay - Karol.

Hello,
I'm trying to create signed XML document with SignedXml class. As a
SigningKey I'd like to use key pair obtained from user certificate
stored in current user certificate store. I'm using WSE 2 SP 2 to get
certificate, but when I'm invoking ComputeSignature() method of
SignedXML instance I recive the following exception:

"An unhandled exception of type 'System.NotSupportedException'
occurred in microsoft.web.services2.dll

Additional information: DecryptValue"

I'd also like to mention, that when I try to export key's parameters I
recive the following exception:
"An unhandled exception of type 'System.NotSupportedException'
occurred in microsoft.web.services2.dll

Additional information: Export of private parameters is not supported"

User certificate was created with Windows 2003 Enterprice Edition's
CertSrv.
I've tryed to create certificate with and without checked "Mark keys
as exportable" and the result is the same.

What can be wrong?

Here is code listing:

// Create example data to sign.
XmlDocument document = new XmlDocument();
XmlNode node = document.CreateNodeXmlNodeType.Element, "",
"MyElement", "samples");

node.InnerText = "This is some text";
document.AppendChild(node);

// Get user certificate
X509CertificateStore store = new
X509CertificateStore(X509CertificateStore.StorePro vider.System,
X509CertificateStore.StoreLocation.CurrentUser,
X509CertificateStore.MyStore);

store.Open();
X509Certificate xCert = store.Certificates[0];
store.Close();

// Create the SignedXml message.
SignedXml signedXml = new SignedXml();
RSA key = xCert.Key;
//RSA key = RSA.Create();
//key.ImportParameters(xCert.Key.ExportParameters(tr ue));
signedXml.SigningKey = key;

// Create a data object to hold the data to sign.
DataObject dataObject = new DataObject();
dataObject.Data = document.ChildNodes;
dataObject.Id = "MyObjectId";

// Add the data object to the signature.
signedXml.AddObject(dataObject);

// Create a reference to be able to package everything into the
// message.
Reference reference = new Reference();
reference.Uri = "#MyObjectId";

// Add it to the message.
signedXml.AddReference(reference);

// Add a KeyInfo.
KeyInfo keyInfo = new KeyInfo();
keyInfo.AddClause(new RSAKeyValue(key));
signedXml.KeyInfo = keyInfo;

// Compute the signature.
signedXml.ComputeSignature();
Thanks for your replay - Karol.

Karol,
I can see either one of the two issues

1. Your private Key is not part of the certificate

2. If you still believe that, the private key is present as part of the
certificate, try using Microsoft.Web.Services.Security.X509.X509Certifica te
object for retrieving the Certificate from the store by using
(X509CertificateStore available in the same package).I was able to implement
it without any problem using this class and was having some issues with the
WSE2 classes

X509Certificate.Key will give u the private key

Thanks Raj,
Retriving Certificate and it's Key with WSE 1.0 solved the problem
:)

--
Best regards,
Karol [/b]