hi, I use the following function to compute the xml signature, (the
X509Certificate is imported from p12 format file, and saved in the system
store)
public void SignDocument(XmlDocument doc, AsymmetricAlgorithm key,
X509Certificate cert)
{
XmlNodeList list = doc.GetElementsByTagName("Signature");
if (list.Count > 0)
{
doc.RemoveChild(list[0]);
}
SignedXml sxml = new SignedXml(doc);
sxml.SigningKey = key;
sxml.SignedInfo.CanonicalizationMethod =
SignedXml.XmlDsigCanonicalizationUrl;
Reference r = new Reference("");
Transform trns = new XmlDsigC14NTransform();
r.AddTransform(trns);
XmlDsigEnvelopedSignatureTransform env = new
XmlDsigEnvelopedSignatureTransform();
r.AddTransform(env);
sxml.AddReference(r);
KeyInfo keyInfo = new KeyInfo();
// keyInfo.AddClause(new RSAKeyValue((RSA) key));
KeyInfoX509Data data = new KeyInfoX509Data(cert);
keyInfo.AddClause(data);
sxml.KeyInfo = keyInfo;
sxml.ComputeSignature();
XmlElement sig = sxml.GetXml();
doc.DocumentElement.AppendChild(doc.ImportNode(sig , true));
}
However, when I use the following function to verify the xml signature, it
always returns false, any one know why?
public bool CheckSignature(XmlDocument doc)
{
bool ret = false;
XmlNodeList list = doc.GetElementsByTagName("Signature");
if (list.Count > 0)
{
SignedXml sxml = new SignedXml(doc);
sxml.LoadXml((XmlElement) list[0]);
// AsymmetricAlgorithm key = null;
// bool use_public_key = sxml.CheckSignatureReturningKey(out key);
ret = sxml.CheckSignature();
}
return ret;
}
Anything I miss? Thank you!!