Hello,
do somebody know how to compute the hash-value of the Attribute "hash" of Element ManifestInformation in a CLICKONCE deployment manifest. In Microsoft Documentation is mentioned this value have to be computed without Signature element, but not which Hash function to use (except CryptoBinary) and even not if the XML document should be exclusive canonized before..so it is hard to figure out that value! Maybe someone is more experienced with this problem. Thanks in advance!
Here an extraction of a general deployment manifest file in ClickOnce:
<?xml version="1.0" encoding="utf-8"?>
<asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:co.v1="urn:schemas-microsoft-com:clickonce.v1" xmlns:co.v2="urn:schemas-microsoft-com:clickonce.v2" xmlns="urn:schemas-microsoft-com:asm.v2" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xrml="urn:mpeg:mpeg21:2003:01-REL-R-NS" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<assemblyIdentity name="HelloWorld.application" version="1.0.0.0" publicKeyToken="12345" language="neutral" processorArchitecture="x86" xmlns="urn:schemas-microsoft-com:asm.v1" />
<description asmv2:publisher="Microsoft" asmv2:product="HelloWorld" xmlns="urn:schemas-microsoft-com:asm.v1" />
<deployment/>
<dependency>
<dependentAssembly dependencyType="install" codebase="anywhere.manifest" size="9999">
<assemblyIdentity name="HelloWorld.exe" version="1.0.0.0" publicKeyToken="12345" language="neutral" processorArchitecture="x86" type="win32" />
<hash>
...
</hash>
</dependentAssembly>
</dependency>
<publisherIdentity name="publishername" issuerKeyHash="123456789" />
<Signature
Id="StrongNameSignature" xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
...
</SignedInfo>
<SignatureValue>
...
</SignatureValue>
<KeyInfo Id="StrongNameKeyInfo">
<KeyValue>
...
</KeyValue>
<msrel:RelData
xmlns:msrel="http://schemas.microsoft.com/windows/rel/2005/reldata">
<r:license xmlns:r="urn:mpeg:mpeg21:2003:01-REL-R-NS"
xmlns:as="http://schemas.microsoft.com/windows/pki/2005/Authenticode">
<r:grant>
<as:ManifestInformation Hash="HASHVALUE TO COMPUTE"
Description="" Url="">
<as:assemblyIdentity name="HelloWorld.application"
version="1.0.0.0" publicKeyToken="12345" language="neutral"
processorArchitecture="x86" xmlns="urn:schemas-microsoft-com:asm.v1" />
</as:ManifestInformation>
<as:SignedBy />
<as:AuthenticodePublisher>
<as:X509SubjectName>publishername</as:X509SubjectName>
</as:AuthenticodePublisher>
</r:grant>
<r:issuer>
<Signature Id="AuthenticodeSignature" xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
...
</SignedInfo>
<SignatureValue>
...
</SignatureValue>
<KeyInfo>
...
<KeyValue>
<RSAKeyValue>
</RSAKeyValue>
</KeyValue>
<X509Data>
...
</X509Data>
</KeyInfo>
</Signature>
</r:issuer>
</r:license>
</msrel:RelData>
</KeyInfo>
</Signature>