Reputation: 371
XML Digital Signature and Canonicalization
Is it enough to just specify the canonicalization method to canonicalize the input xml as in
signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl;
or should we also have to new up XmlDsigExcC14NTransform and add it as in
var reference = new Reference { Uri = ""};
reference.AddTransform(new XmlDsigExcC14NTransform());
signedXml.AddReference(reference);
Upvotes: 1
Views: 1131
Answers (1)
Reputation: 66
There is a difference on which elements the canonicalization algorithm is applied to.
The canonicalization algorithm specified in CanonicalizationMethod is applied to the SignedInfo element of the signature node and is used for the calculation of SignatureValue
A Reference with an empty URI addresses the node set of the XML resource containing the signature node, so the canonicalization algorithm specified in the Transform element of a reference is applied to this nodeset. In this case the canonicalization is used for the calculation of a DigestValue
Upvotes: 3
Related Questions
- SignedXml CanonicalizationMethod - http://www.w3.org/2006/12/xml-c14n11
- Create Digital Signature for XML with reference to KeyInfo
- How to verify signatures of XML File in C# with <x509certificate> (not cert file)?
- Xml Digital signature with C# .NET Core 1.1
- How do I validate digitally signed XML documents in C#?
- XML Signing. Wrong Digital Signature
- XML Digital Signature with Inclusive Canonicalization
- XML DSIG Verification
- X509Certificate and XmlDsig
- XML Digital Signature in .NET