472,789 Members | 1,175 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 472,789 software developers and data experts.

SignedXml gives false negatives when using namespaces in signed xm

Hello all,

It seems that digitally signing XML documents using the SignedXml class has
a bug - or at least a behavior I cannot explain.

The problem occurs when I sign XML documents containing namespace prefixes
and namespace references and then validate it. The validation always fails
(returns false) in this case. When I remove the namespace prefixes and
namespace references from the XML, signing and validating works fine.

It seems that the problem has been recognized in .NET framework 1.1 (see
http://support.microsoft.com/kb/888999/en-us), however I am using .NET 2.0,
and the problem still exists.

I have made a boiled down reproduction of the behavior, it should be easy to
paste into a console application to test. You just need to add a reference to

Any advice on this issue would be greatly appreciated.


using System;
using System.Collections.Generic;
using System.Text;
using System.Xml;
using System.Security.Cryptography.X509Certificates;
using System.Security.Cryptography.Xml;
using System.Security.Cryptography;
using System.Xml.Schema;

namespace ConsoleApplication1
class Program
private static XmlElement GoodElement()
// Create a test xml document
XmlDocument oDoc = new XmlDocument();
oDoc.LoadXml(@"<somedoc><a><b Id=""signme"">This should be

// Get a specific element in the xml document
XmlElement elem = (XmlElement)oDoc.SelectNodes("//b")[0];

return elem;

private static XmlElement BadElement()
// Create a test xml document
XmlDocument oDoc = new XmlDocument();
xmlns:pre=""http://some.url/schema""><pre:a><pre:b Id=""signme"">This should
be signed</pre:b></pre:a></somedoc>");

// Get a specific namespace prefixed element in the xml document
XmlNamespaceManager xman = new XmlNamespaceManager(oDoc.NameTable);
xman.AddNamespace("pre", "http://some.url/schema");
XmlElement elem = (XmlElement)oDoc.SelectNodes("//pre:b", xman)[0];

return elem;

private static void Reproduce()
XmlElement elem = BadElement();
Console.WriteLine("Signing and validating this XML: " + elem.OuterXml);

// Sign the element
RSACryptoServiceProvider key = new RSACryptoServiceProvider();
SignedXml sx = new SignedXml(elem);
sx.SigningKey = key;
sx.AddReference(new Reference("#signme")); // Sign this node

// Hold the signature
XmlElement signature = sx.GetXml();

// Validate
SignedXml sx2 = new SignedXml(elem);
bool test = sx2.CheckSignature(key);
Console.WriteLine("Result of validation: " + test);

// Use GoodElement in first line of this method: test is true, ok!
// Use BadElement in first line of this method: Fails with false! Why?

static void Main(string[] args)

/ Peter.
Aug 25 '06 #1
1 4302

I have exactly the same problem, so I was wondering if you ever resolved
this issue, and if you did - how did you do it?

Nov 9 '06 #2

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

by: Raghu | last post by:
I am using SignedXml class to sign and verify soap xml documents. We are not using WSE at this point. When I sign a soap document and send it to my trading partner, they can verify the document...
by: pak76 | last post by:
Class SignedXml is used to produce/verify signature over XML document. One of its methods, function GetIdElement, is used to select Xml elements for signature and verification and consist following...
by: ChrisA | last post by:
I'm using Michael Gallants DecodeCertKey example to get the public key from an X509 certificate. I then create an RSAServiceProvider and try to use it to CheckSignature() on the signed XML file....
by: Nikhil | last post by:
When I try to used the CheckSignature Method of SignedXML I get the following error. "Unknown transform has been encountered. at System.Security.Cryptography.Xml.Reference.LoadXml(XmlElement...
by: Karol | last post by:
Hello, I'm trying to create signed XML document with SignedXml class. As a SigningKey I'd like to use key pair obtained from user certificate stored in current user certificate store. I'm using...
by: Steve Jorgensen | last post by:
I often come up with logic like this somewhere in a function: .... If Not IsNull(<some expression>) Then <default action> Else <alternative action> End If ....
by: William Stacey [MVP] | last post by:
Given the following, how do I get the plain xml without the security elements (i.e. the original xml before the security was added) in the VerifyXML() method. TIA. using System; using...
by: Senshodan | last post by:
Hi all, I'm trying to use the SignedXML class in order to create a XMLDSIG signature using a certificate stored in a smartcard. For that purpose I find out the data of the certificate context (...
by: Rune Nergard | last post by:
I have tried to use the System.Security.Cryptography.Xml.SignedXml class to sign an Xml message with Xml-DSIG and using an Enveloped signature type and the sha1RSA algorithm. Everything works fine...
by: Rina0 | last post by:
Cybersecurity engineering is a specialized field that focuses on the design, development, and implementation of systems, processes, and technologies that protect against cyber threats and...
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 2 August 2023 starting at 18:00 UK time (6PM UTC+1) and finishing at about 19:15 (7.15PM) The start time is equivalent to 19:00 (7PM) in Central...
by: linyimin | last post by:
Spring Startup Analyzer generates an interactive Spring application startup report that lets you understand what contributes to the application startup time and helps to optimize it. Support for...
by: erikbower65 | last post by:
Here's a concise step-by-step guide for manually installing IntelliJ IDEA: 1. Download: Visit the official JetBrains website and download the IntelliJ IDEA Community or Ultimate edition based on...
by: Taofi | last post by:
I try to insert a new record but the error message says the number of query names and destination fields are not the same This are my field names ID, Budgeted, Actual, Status and Differences ...
by: DJRhino1175 | last post by:
When I run this code I get an error, its Run-time error# 424 Object required...This is my first attempt at doing something like this. I test the entire code and it worked until I added this - If...
by: DJRhino | last post by:
Private Sub CboDrawingID_BeforeUpdate(Cancel As Integer) If = 310029923 Or 310030138 Or 310030152 Or 310030346 Or 310030348 Or _ 310030356 Or 310030359 Or 310030362 Or...
by: lllomh | last post by:
How does React native implement an English player?
by: DJRhino | last post by:
Was curious if anyone else was having this same issue or not.... I was just Up/Down graded to windows 11 and now my access combo boxes are not acting right. With win 10 I could start typing...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.