Reputation: 13
Dotnet Core Signing XML Document with XAdES-BES
I'm required to Sign xml document with XAdES-BES standard.
My vendor Suggested in their documentation that I should use Apache Santuario library, but As I'm using dotnet, I don't have acccess to that library, and ended Up using SignedXml.
Requirements:
There should be 3 references.
a reference pointing to the KeyInfo element, which contains an unambiguous reference to the signer's certificate.
a reference pointing to the SignedProperties element within the ds:Object block.
a reference pointing to the document element and it's entire contents. and it's URI-less.
All elements should have their namespace as prefix: eg ds:Object.
This is how I'm adding the ds: prefix
I'm using this website for Verification
The Validation Fails, and this is the tools.chilkat result.
Signature is Invalid
Update
By minifying the XML before loading it into XmlDocument, I am now getting References 1 and 2 as valid. However, Reference 3 and the Signature are still invalid. I have also committed the changes to the repo.
Update 2
I believe I've identified the issue. I'm using this function to compute the signature and set the prefix. It returns the XML with the prefix and recalculates the signature, but the old digest values persist, which is incorrect.
public void ComputeSignature(string prefix)
{
this.BuildDigestedReferences();
AsymmetricAlgorithm signingKey = this.SigningKey ?? throw new CryptographicException("Cryptography_Xml_LoadKeyFailed");
SignatureDescription? description = CryptoConfig.CreateFromName(this.SignedInfo?.SignatureMethod) as SignatureDescription ?? throw new CryptographicException("Cryptography_Xml_SignatureDescriptionNotCreated");
HashAlgorithm? hash = description.CreateDigest() ?? throw new CryptographicException("Cryptography_Xml_CreateHashAlgorithmFailed");
this.GetC14NDigest(hash, prefix);
this.m_signature.SignatureValue = description.CreateFormatter(signingKey).CreateSignature(hash);
}
Is there an alternative method to recalculate the digest values on the prefixed XML?
Update
We were unable to achieve success with C#, so we switched to Java. This outcome is quite disappointing.
Upvotes: 1
Views: 209
Answers (0)
Related Questions
- Equivalent to AssemblyInfo in dotnet core/csproj
- How to Deserialize XML document
- Append XML with XAdES-T Timestamp Response (TSR)
- Create Digital Signature for XML with reference to KeyInfo
- Processing the SignedProperties node in XaDeS XML Signature(C++)
- "malformed reference element" exception signing a XML file
- Generating XADES-BES with “ds” prefix