Hi there,
I have been taking a look at a microsoft example for enveloping XML
files. What I would like to use an "enveloped XML" file for is a custom
license file. I am just slightly confused as to how I verify *who* has
actually signed to file, rather than if it is signed or not.
For example, if I create license files I would like the application to
verify that they came from me, and were signed with my key, rather than
someone else making license files. This *is* possible isn't it? This is
the very last part of my application that needs completing so I'm keen to
get this right, any advice would be most appreciated!
Nick.
5  1584 
Hi Nak,
First of all, I would like to confirm my understanding of your issue. From
your description, I understand that you need to verify the signature of Xml
signing. If there is any misunderstandin g, please feel free to let me know.
Based on my research, CAPICOM has provided us with methods to sign and
verify xml documents. First we use private key to sign the document and
when we receive it, we use verify method and public key to verify if the
document is signed by certain person.
For more information, please check the following links: http://msdn.microsoft.com/library/de...us/xmlsdk/html
/xmmth_sign.asp http://msdn.microsoft.com/library/de...us/xmlsdk/html
/xmmth_verify.as p
HTH.
Kevin Yu
=======
"This posting is provided "AS IS" with no warranties, and confers no
rights."
Hi Kevin,
This is *exactly* what I was after, thank you most kindly!
Nick.
"Kevin Yu [MSFT]" <v-****@online.mic rosoft.com> wrote in message
news:Vc******** ******@cpmsftng xa10.phx.gbl... Hi Nak,
First of all, I would like to confirm my understanding of your issue. From
your description, I understand that you need to verify the signature of
Xml
signing. If there is any misunderstandin g, please feel free to let me
know.
Based on my research, CAPICOM has provided us with methods to sign and
verify xml documents. First we use private key to sign the document and
when we receive it, we use verify method and public key to verify if the
document is signed by certain person.
For more information, please check the following links:
http://msdn.microsoft.com/library/de...us/xmlsdk/html
/xmmth_sign.asp
http://msdn.microsoft.com/library/de...us/xmlsdk/html
/xmmth_verify.as p
HTH.
Kevin Yu
=======
"This posting is provided "AS IS" with no warranties, and confers no
rights."
Hi again Kevin,
On previous occasions I have created a key pair using the .NET Framework
Cryptography namespace,
Imports System.IO
Imports System.Security .Cryptography
Imports System.text
Public Function rsaCreateKeysFi les(ByVal iPrivateKeyFile As String, ByVal
iPublicKeyFile As String) As Boolean
Dim pFSmOutput As FileStream
Try
Dim pCPsParams As New CspParameters()
pCPsParams.Flag s = CspProviderFlag s.UseMachineKey Store
Dim pCSPRSA As New
System.Security .Cryptography.R SACryptoService Provider(pCPsPa rams)
Dim pStrData As String
pFSmOutput = New FileStream(iPri vateKeyFile, FileMode.Create )
pStrData = pCSPRSA.ToXmlSt ring(True)
pFSmOutput.Writ e(Encoding.ASCI I.GetBytes(pStr Data), 0,
pStrData.Length )
Call pFSmOutput.Flus h()
Call pFSmOutput.Clos e()
pFSmOutput = New FileStream(iPub licKeyFile, FileMode.Create )
pStrData = pCSPRSA.ToXmlSt ring(False)
pFSmOutput.Writ e(Encoding.ASCI I.GetBytes(pStr Data), 0,
pStrData.Length )
Call pFSmOutput.Flus h()
Call pFSmOutput.Clos e()
Return (True)
Catch ex As Exception
Call pFSmOutput.Flus h()
Call pFSmOutput.Clos e()
Throw (ex)
End Try
End Function
This function will create a public and a private key file at the paths
specified in the parameters iPrivateKeyFile and iPublicKeyFile. Is it
possible for me to use these keys using the API that you have referred me
onto. I presume that I have to use the createKeyFromCS P method, or do I
actually have to create the keys using this API also? Cheers again, much
appreciation in your direction.
Nick.
"Nak" <a@a.com> wrote in message
news:eB******** *******@TK2MSFT NGP09.phx.gbl.. . Hi Kevin,
This is *exactly* what I was after, thank you most kindly!
Nick.
"Kevin Yu [MSFT]" <v-****@online.mic rosoft.com> wrote in message
news:Vc******** ******@cpmsftng xa10.phx.gbl... Hi Nak,
First of all, I would like to confirm my understanding of your issue.
From
your description, I understand that you need to verify the signature of
Xml
signing. If there is any misunderstandin g, please feel free to let me
know.
Based on my research, CAPICOM has provided us with methods to sign and
verify xml documents. First we use private key to sign the document and
when we receive it, we use verify method and public key to verify if the
document is signed by certain person.
For more information, please check the following links:
http://msdn.microsoft.com/library/de...us/xmlsdk/html
/xmmth_sign.asp
http://msdn.microsoft.com/library/de...us/xmlsdk/html
/xmmth_verify.as p
HTH.
Kevin Yu
=======
"This posting is provided "AS IS" with no warranties, and confers no
rights."
Hello yet again,
Can XML verification and signing be performed through the SignedXML
class?
Nick.
"Nak" <a@a.com> wrote in message
news:%2******** ********@tk2msf tngp13.phx.gbl. .. Hi again Kevin,
On previous occasions I have created a key pair using the .NET
Framework Cryptography namespace,
Imports System.IO
Imports System.Security .Cryptography
Imports System.text
Public Function rsaCreateKeysFi les(ByVal iPrivateKeyFile As String, ByVal
iPublicKeyFile As String) As Boolean
Dim pFSmOutput As FileStream
Try
Dim pCPsParams As New CspParameters()
pCPsParams.Flag s = CspProviderFlag s.UseMachineKey Store
Dim pCSPRSA As New
System.Security .Cryptography.R SACryptoService Provider(pCPsPa rams)
Dim pStrData As String
pFSmOutput = New FileStream(iPri vateKeyFile, FileMode.Create )
pStrData = pCSPRSA.ToXmlSt ring(True)
pFSmOutput.Writ e(Encoding.ASCI I.GetBytes(pStr Data), 0,
pStrData.Length )
Call pFSmOutput.Flus h()
Call pFSmOutput.Clos e()
pFSmOutput = New FileStream(iPub licKeyFile, FileMode.Create )
pStrData = pCSPRSA.ToXmlSt ring(False)
pFSmOutput.Writ e(Encoding.ASCI I.GetBytes(pStr Data), 0,
pStrData.Length )
Call pFSmOutput.Flus h()
Call pFSmOutput.Clos e()
Return (True)
Catch ex As Exception
Call pFSmOutput.Flus h()
Call pFSmOutput.Clos e()
Throw (ex)
End Try
End Function
This function will create a public and a private key file at the paths
specified in the parameters iPrivateKeyFile and iPublicKeyFile. Is it
possible for me to use these keys using the API that you have referred me
onto. I presume that I have to use the createKeyFromCS P method, or do I
actually have to create the keys using this API also? Cheers again, much
appreciation in your direction.
Nick.
"Nak" <a@a.com> wrote in message
news:eB******** *******@TK2MSFT NGP09.phx.gbl.. . Hi Kevin,
This is *exactly* what I was after, thank you most kindly!
Nick.
"Kevin Yu [MSFT]" <v-****@online.mic rosoft.com> wrote in message
news:Vc******** ******@cpmsftng xa10.phx.gbl... Hi Nak,
First of all, I would like to confirm my understanding of your issue.
From
your description, I understand that you need to verify the signature of
Xml
signing. If there is any misunderstandin g, please feel free to let me
know.
Based on my research, CAPICOM has provided us with methods to sign and
verify xml documents. First we use private key to sign the document and
when we receive it, we use verify method and public key to verify if the
document is signed by certain person.
For more information, please check the following links:
http://msdn.microsoft.com/library/de...us/xmlsdk/html
/xmmth_sign.asp
http://msdn.microsoft.com/library/de...us/xmlsdk/html
/xmmth_verify.as p
HTH.
Kevin Yu
=======
"This posting is provided "AS IS" with no warranties, and confers no
rights."
All done, using the SignedXML class, thanks for your help Kevin.
Nick.
"Nak" <a@a.com> wrote in message
news:ul******** ******@TK2MSFTN GP12.phx.gbl... Hello yet again,
Can XML verification and signing be performed through the SignedXML
class?
Nick.
"Nak" <a@a.com> wrote in message
news:%2******** ********@tk2msf tngp13.phx.gbl. .. Hi again Kevin,
On previous occasions I have created a key pair using the .NET
Framework Cryptography namespace,
Imports System.IO
Imports System.Security .Cryptography
Imports System.text
Public Function rsaCreateKeysFi les(ByVal iPrivateKeyFile As String, ByVal
iPublicKeyFile As String) As Boolean
Dim pFSmOutput As FileStream
Try
Dim pCPsParams As New CspParameters()
pCPsParams.Flag s = CspProviderFlag s.UseMachineKey Store
Dim pCSPRSA As New
System.Security .Cryptography.R SACryptoService Provider(pCPsPa rams)
Dim pStrData As String
pFSmOutput = New FileStream(iPri vateKeyFile, FileMode.Create )
pStrData = pCSPRSA.ToXmlSt ring(True)
pFSmOutput.Writ e(Encoding.ASCI I.GetBytes(pStr Data), 0,
pStrData.Length )
Call pFSmOutput.Flus h()
Call pFSmOutput.Clos e()
pFSmOutput = New FileStream(iPub licKeyFile, FileMode.Create )
pStrData = pCSPRSA.ToXmlSt ring(False)
pFSmOutput.Writ e(Encoding.ASCI I.GetBytes(pStr Data), 0,
pStrData.Length )
Call pFSmOutput.Flus h()
Call pFSmOutput.Clos e()
Return (True)
Catch ex As Exception
Call pFSmOutput.Flus h()
Call pFSmOutput.Clos e()
Throw (ex)
End Try
End Function
This function will create a public and a private key file at the paths
specified in the parameters iPrivateKeyFile and iPublicKeyFile. Is it
possible for me to use these keys using the API that you have referred me
onto. I presume that I have to use the createKeyFromCS P method, or do I
actually have to create the keys using this API also? Cheers again, much
appreciation in your direction.
Nick.
"Nak" <a@a.com> wrote in message
news:eB******** *******@TK2MSFT NGP09.phx.gbl.. . Hi Kevin,
This is *exactly* what I was after, thank you most kindly!
Nick.
"Kevin Yu [MSFT]" <v-****@online.mic rosoft.com> wrote in message
news:Vc******** ******@cpmsftng xa10.phx.gbl...
Hi Nak,
First of all, I would like to confirm my understanding of your issue.
From
your description, I understand that you need to verify the signature of
Xml
signing. If there is any misunderstandin g, please feel free to let me
know.
Based on my research, CAPICOM has provided us with methods to sign and
verify xml documents. First we use private key to sign the document and
when we receive it, we use verify method and public key to verify if
the
document is signed by certain person.
For more information, please check the following links:
http://msdn.microsoft.com/library/de...us/xmlsdk/html
/xmmth_sign.asp
http://msdn.microsoft.com/library/de...us/xmlsdk/html
/xmmth_verify.as p
HTH.
Kevin Yu
=======
"This posting is provided "AS IS" with no warranties, and confers no
rights."
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Joel Leong |
last post by:
I wish to know the industrial practices for signing
assemblies with key files.
I genereted a key file to sign my assemblies.
Should I sign all my assemblies with a single key files
or I shall generate one key file for each assembly?
Perhaps, I should generate a key file per group of
related assemblies?
|
by: Martin |
last post by:
I have a couple of questions around code signing with MS technology:
1. Is there a way to transfer the generated strong name signing private key
directly to a smartcard (or generate it on the smart card), without the
unsecure intermediate storage to the filesystem using sn -k and sn -i?
2. What is the format of the key files produced by sn -k and sn -p?
3. Is there a way to generate a PKCS#10 format certificate request from the
sn -p...
|
by: Todd Richardson |
last post by:
Two questions. We would like to have users complete
ASP.NET web forms for submission. Once these are
completed I would like to generate an XML document from
the form. The XML document should include the data and
the form so that the orginal document could be recreated
even if the submitting form is changed in the future.
I would also like to sign the XML document so that we can
provide proof that the xml document has not been...
|
by: cl |
last post by:
I am using the "VeriSign Class 3 Code Signing" certificate for signing
my Access program in Office 2003.
Up to now, when program was installed on client machine, a form was
appearing and user was selecting option "Always trust files from this
publisher.....". With these steps Certificate was installed and
security warnings of Office 2003 were not appearing again.
On another machine, these steps didn't succed. When viewing the...
|
by: bob |
last post by:
Hello,
I thought assembly signing might add protection against people reverse
engineering my program, removing the protection and using it
illegally.
But it seems they can just stop the clr from authenticating it with Sn
-Vr.
Is that true, or have I misunderstood?
| | |
by: AVL |
last post by:
Hi
I need some clarification on signing.
what does it mean--signing an assembly?
where is ti used? How is it used?
|
by: Daniel |
last post by:
Hi, I need help signing SOAP/XML. Have been stuck with this for a
couple of days now.
I get the following error message from the server: "The security
token could not be authenticated or authorized."
I am probably doing something wrong in the signing process. I use a
tool called "Exchanger XML Professional 3.2" for canonicalization and
sending the message. OpenSSL for SHA-1 hashing, RSA signing and Base 64
encoding.
|
by: Raffi Basmajian |
last post by:
I am trying to understand the difference between signing ClickOnce manifests
and signing shared assemblies. My company is building .Net 2005 WinForm
applications for internal company use only. Currently, the ClickOnce security
settings on the applications is set for "Full Trust". We are using shared
assemblies across development groups, but none of these assemblies are signed
with strong names since signing assemblies is only required when...
|
by: raylopez99 |
last post by:
Anybody use Strong Name Signing? I think this is used by default for
Resource files, which is one reason perhaps I can't get my resource
files to work (somehow the public key is messed up, perhaps since I've
installed so many versions of Visual Studio)
RL
http://msdn.microsoft.com/en-us/library/h4fa028b.aspx
Deployment in Visual Studio
|
by: BillE |
last post by:
<extreme frustration>
I have googled and read about this, but can't seem to get a grip on it.
Apparently I am being coerced into digitally signing applications. Is this
true? What if I don't want to?
The basic question is: If I click the "Create Test Certificate" button on
the Signing tab of the properties for my application so I can publish it,
what happens when I distribute the application?
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
| | |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
| | |
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
|
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
