What to digest when signedXml.ComputeSignature()?

I use signedXml.ComputeSignature() method and save it to an xml file
(=output.xml). There is a digest value of "something" in it. Actually
it is some form of my input xml but not just the canonical form of my
xml. (is there some additional headers?)

What is "something" exactly? What is digested exactly when
signedXml.ComputeSignature()?

The digest value of myOutput.xml (explained below) is not equal to the
digest value in output.xml. Why?

XmlDocument doc = new XmlDocument();
doc.Load("input.xml");
XmlDsigC14NTransform canon = new XmlDsigC14NTransform(true);
canon.LoadInput(doc);
canon.Algorithm = "http://www.w3.org/2001/10/xml-exc-c14n-20010315";
XmlDocument document = new XmlDocument();
document.Load((Stream)canon.GetOutput());
document.Save("myOutput.xml");
0
10/31/2003 4:15:33 PM
dotnet.xml 7266 articles. 0 followers. Follow

0 Replies
1036 Views

Similar Articles

[PageSpeed] 37

Reply:

Similar Artilces:

Signed Xml - Reference
According to the xml digital signature standard (http://www.w3.org/TR/xmldsig-core/), signature can be one of following: enveloping, enveloped and detached. The standard says that signature element should be excluded when signing using enveloped signature. It also says that Object element (in case of enveloping signatgure) is not part of digital signature. So I started expermienting with SignedXml object in .net framework. To my surprise, the digest value of a reference changed depending on whether the signature is envloping or enveloped. I even used the transform for the reference for canoni...

What to digest when signedXml.ComputeSignature()?
I use signedXml.ComputeSignature() method and save it to an xml file (=output.xml). There is a digest value of "something" in it. Actually it is some form of my input xml but not just the canonical form of my xml. (is there some additional headers?) What is "something" exactly? What is digested exactly when signedXml.ComputeSignature()? The digest value of myOutput.xml (explained below) is not equal to the digest value in output.xml. Why? XmlDocument doc = new XmlDocument(); doc.Load("input.xml"); XmlDsigC14NTransform canon = new XmlDsigC14NTransform(true); can...

XmlDsigC14NTransform signedXml.ComputeSignature()
1. signedXml.ComputeSignature() outputs a digest value of something. what is it? I mean, how can i get it? I get the canonical form of my xml with XmlDsigC14NTransform then digest it but the digest value is different. 2.signedXml.ComputeSignature() uses XmlDsigC14NTransform. But how? What are the parameters? I also need to obtain canonicalized XML in C14N format, but I haven't discovered how to do it. When I compare the DigestValue gen'd by ComputeSignature and my own DigestValue gen'd using ComputeHash, I get different values, but only when namespaces are involved. "Lemba...

splitting RFC 1183 digests
I subscribe to a mailing list and receive daily digests, formatted according to RFC 1153. How can I split a digest into its individual messages? Thanks, -- Kevin Rodgers Sr. Software Engineer, IHS "Kevin Rodgers" <KevinRodgers@discussions.microsoft.com> wrote in message news:0138BA4D-37A6-4338-A707-02590998797A@microsoft.com... >I subscribe to a mailing list and receive daily digests, formatted according > to RFC 1153. How can I split a digest into its individual messages? But it's not really individual messages. It's just one big message ...

What is the exact SignedInfo structure to digest?
I am implemeting xml signing partially. I will process the xmlNode (canonicalize+digest+sign) to get the <SignatureValue>. Here is an example: <SignedInfo> <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" /> <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /> <Reference URI="#rAl12RdwxQg="> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <DigestValue>tco2dJJgB9d96lqqpk6pgCBowkY=</DigestValue> </Reference> &...

Business Portal Asking for password used for Digest
I am trying to log into the administration page of Business Portal but the website is asking for the name and password used for digest to log in. I have no idea what this is. Can someone clue me in? I am trying to access administration page but I am not able to. Thanks for your help in advance. I figured this out. No need to reply. "LF" wrote: > I am trying to log into the administration page of Business Portal but the > website is asking for the name and password used for digest to log in. I > have no idea what this is. Can someone clue me in? I am trying to...

Mailing list digest problem with Outlook 2003
With Outlook XP, mailing list daily digests that came into my mailbox were a long text mail containing all the messages posted to the list for that day. After upgrading from Outlook XP to Outlook 2003, instead of getting a long text message containing all the separate postings to the mailing list, each posting is an attachment to the message and has to be opened separately, which is most inconvenient. How can I change the behaviour back to the way it was previously? I''ve poked around in the various options and can't find anything relevant. It's definitely Outlook 2003 causing...

IMAP SASL DIGEST-MD5 mechanism?
Does nayone know if an IMAP SASL DIGEST-MD5 mechanism is available for Exchange 2k3 SP1 or SP2? My list of available mechanisms shows only NTLM, but clearly it was designed to support multiple mechanisms. Thanks. -GT "GT" <DSS4u@+++nospam+++HOTMAIL.COM> wrote: >Does nayone know if an IMAP SASL DIGEST-MD5 mechanism is available for >Exchange 2k3 SP1 or SP2? I don't think it is. At least not from MS. >My list of available mechanisms shows only NTLM, >but clearly it was designed to support multiple mechanisms. No comment on the "clearly it was...

Creating a searchable 'digest' of over 300 messages
Hi all. Hope you can help. I have over 300 messages stored in an outlook folder. They contain approx 400,000 words. I would like to create a 'word searchable' digest of all messages. I would also like to order them by choice such as by thread, date, recipient, etc. In a way, importing them into an excel or access database format would work. Anyone know if this can be done? Thanks in advance. Howard. -- Pontins History E-Mail: usenet@pontinshistory.co.uk Please visit www.pontinshistory.co.uk Skype ID (instant messaging and video calls): howie10 "Howie" <to.reply.pls....

"Daily digest" email with Outlook/Exchange
I want to set up an email address on my Exchange box, so that people can email it with news articles. It will then join all the articles into one email, and send it out each day to a group of recipients. Alternatively, I can do this with Outlook if that's possible. Anyone know how to do this? Or, is there something really simple I can install on a Windows or Linux box that will do the same job? I looked at Majordomo but I don't think this does quite what I'm after and looks like real overkill. I've got Exchange 2003/Outlook 2003. deKay -- Lofi Gaming - http://lofi-gaming....

Daily Email Digest
I'm using CRM 3. I'd like to automate a single email each day that gives me a list of the support cases created that day. I'm trying to do this using Workflow Manager, and not writing a custom assembly. Any thoughts? Best, Steve Hi Steve, There are few options. The best one will be scheduling a report for an email. http://blog.sonomapartners.com/2006/01/crm_30_report_s.html http://blogs.msdn.com/crm/archive/2007/04/12/scheduling-report-inside-crm.aspx Another way will be using some programming; http://gustafwesterlund.blogspot.com/2007/01/how-to-create-crm-email-with-repor...

SIGNEDXML
Hi, I have the following problem: I need to sign a XML Document whith SignedXML in Visual Basic .Net. When i signed the xml document and use the id Attribute in the next format "Id" this work, but, when i do the same but i only replace the id attribute for "ID" this does not work and gives me the message "Malformed Reference Element". For instance: This is my XML <mydocument ID="myfirstdocument"> ...... </mydocument> This is my code in VB.NET.... reference.uri="#myfirstdocument"... The above sample does not work This other...

SignedXML #2
Hello, I'm trying to create signed XML document with SignedXml class. As a SigningKey I'd like to use key pair obtained from user certificate stored in current user certificate store. I'm using WSE 2 SP 2 to get certificate, but when I'm invoking ComputeSignature() method of SignedXML instance I recive the following exception: "An unhandled exception of type 'System.NotSupportedException' occurred in microsoft.web.services2.dll Additional information: DecryptValue" I'd also like to mention, that when I try to export key's parameters I recive the fol...

SignedXML.CheckSignature() not working
I'm using Michael Gallants DecodeCertKey example to get the public key from an X509 certificate. I then create an RSAServiceProvider and try to use it to CheckSignature() on the signed XML file. Other sources such as http://www.infomosaic.net/XMLSign/SecureXMLVerifyWS.htm can verify the signature, but .Net won't. Any ideas? Here is the code I'm using: ' Verify the signature of an XML file and return the result. Public Shared Function VerifyXmlFile(ByVal Name As String) As Boolean ' Create a new XML document. Dim xmlDocument As New XmlDocument ...

SignedXML throws error
When I try to used the CheckSignature Method of SignedXML I get the following error. "Unknown transform has been encountered. at System.Security.Cryptography.Xml.Reference.LoadXml(XmlElement value)\r\n at System.Security.Cryptography.Xml.SignedInfo.LoadXml(XmlElement value)\r\n at System.Security.Cryptography.Xml.Signature.LoadXml(XmlElement value)\r\n at System.Security.Cryptography.Xml.SignedXml.LoadXml(XmlElement value)\r\n at SAML.Form1.button2_Click(Object sender, EventArgs e) in d:\\omtest\\saml\\form1.cs:line 295" string Any ideas what might be going wrong,...

SignedXml ds prefix
Hi! Im creating project in c# .net2.0, to sign and verify documens us xmldsig format. My problem is how to use prefix "ds" instead of: xmlns="http://www.w3.org/2000/09/xmldsig#" in SignedInfo, SignatureValue and KeyInfo node and their child nodes? I add xmlns:ds="http://www.w3.org/2000/09/xmldsig#" attribute to xmlDocument. After call ComputeSignature method, I add to signature xmlElement (XmlElement xmlDigitalSignature = signedXml.GetXml()) frefix ds (xmlDigitalSignature.Prefix = "ds") - this change xmlns="http://www.w3.org/2000/09/xmldsig#" ...

SignedXml.CheckSignature returns false when the root element has namespace declarations
Hi, I am using SignedXml with RSACryptoServiceProvider to sign some XML. the verification seems to work OK if there is no namespace declaration on the root element of the XML but if there is one it always returns false. here's a complete example: XmlDocument doc = new XmlDocument(); doc.LoadXml("<foo xmlns:foo=\"foo\" />"); SignedXml sx = new SignedXml(doc); RSACryptoServiceProvider csp = new RSACryptoServiceProvider(); sx.SigningKey = csp; Reference refe = new Reference(""); sx.AddReference(refe); sx.ComputeSignature(); XmlElement signature = sx.GetX...

Issues with SignedXml Class
Class SignedXml is used to produce/verify signature over XML document. One of its methods, function GetIdElement, is used to select Xml elements for signature and verification and consist following line: xmlElement = document.SelectSingleNode(String.Concat("//*[@Id=\"", idValue, "\"]")) is XmlElement; I can see two issues with this line 1. URI injection - there is no validation of idValue whatsoever; therefore I can successfully validate document below (see what is the URI). I have control over XPATH query you are performing. Although I cannot find any "da...

SignedXML signature assigning a prefix.
Hi all, I've Signed an XML document using x509 cert - no probs. I get an output of <Signature....>....</Signature> 64 Million dollar question: How to get this: <dsig:Signature.....>...</dsig:Signature> In otherwords, how to tell SignedXML Class to use a prefx of (in my case) 'dsig'? You have 3 lifelines and a phone a friend handy. Any help here would just be too good!! Thousand thanks in advance, Mick. ...

Urgent Help with CheckSignature method of SignedXml
Hey Friends, I have a Signed XML that looks like the below I also have the public certificate for this but i am not able to pass the public key of the X509Certificate2 to the CheckSignature method any idea or help? <?xml version="1.0" encoding="UTF-8"?> <B:Envelope xmlns:B="http://schemas.xmlsoap.org/soap/envelope/" xmlns:A="http://www.routeone.com/namespace.messaging.diag#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><SOAP:Header xmlns:SOAP-SEC="http://schemas.xmlsoap.org/soap/security/2000-12" xmlns:S...

SignedXml, X509Certificate2 and certificates with *Strong* protection
I have tried to use the System.Security.Cryptography.Xml.SignedXml class to sign an Xml message with Xml-DSIG and using an Enveloped signature type and the sha1RSA algorithm. Everything works fine with soft certificates and some smartcard based certificates. I'm using X509Certificate2 to hold the certificates. My problem is that our customers is forced (by law!) to use a smart-card based personal certificate with strong protection. That is a certificate that can't be accessed without the user being informed. If a message is to be signed, the user will have to punch his pi...

Help - Soap Message - SignedXml - Apache Xml Security Suite
I am using SignedXml class to sign and verify soap xml documents. We are not using WSE at this point. When I sign a soap document and send it to my trading partner, they can verify the document without any problem. However when they send me the signed soap document, I am not able to verify it. But they can take their signed document and can verify it without any problem. They are using Apache Xml Security Suite (v 1.0.4). One thing we noticed is that SignedXml class does not add any prefix to the Signature element. But the Apache suite adds it. However both namespace values are pointing to sa...

Which type of digital certificate to get from VeriSign for SignedXML
Hi all, Happy New Year. I am using SignedXML and an X509 certificate to digitally sign a SOAP message body and put the signature in the SOAP header for a B2B business application. Can you suggest which type of digital certificates from VeriSign is for this purpose? I checked VeriSign's web site but didn't find it obvious to decide. Thank you very much for your help. --- Guangxi Hi Guangxi, What about the Secure Site Services? SSL certificates are ideal for securing Web sites, intranets and extranets. It's cheap and guarantee every SSL session will receive powerful SSL enc...

Getting SignedXML to Emit Namespace-Qualified XML
I posted this to the security group with no luck. When I call SignedXML.ComputeSignature, then call SignXML.GetXML, I get XML that is not namespace-qualified. That is, the Signature node is named Signature rather than ds:Signature. Is there a way to make SignXML emit namespace-qualified XML? On Mar 19, 8:05=A0am, Stephen Wood <stephe...@gmail.com> wrote: > I posted this to the security group with no luck. > > When I call SignedXML.ComputeSignature, then call SignXML.GetXML, I > get > XML that is not namespace-qualified. =A0That is, the Signature node is > named Sign...

SignedXml gives false negatives when using namespaces in signed xm
Hello all, It seems that digitally signing XML documents using the SignedXml class has a bug - or at least a behavior I cannot explain. The problem occurs when I sign XML documents containing namespace prefixes and namespace references and then validate it. The validation always fails (returns false) in this case. When I remove the namespace prefixes and namespace references from the XML, signing and validating works fine. It seems that the problem has been recognized in .NET framework 1.1 (see http://support.microsoft.com/kb/888999/en-us), however I am using .NET 2.0, and the problem...