In C#, sign an xml with a x.509 certificate and check the signature In C#, sign an xml with a x.509 certificate and check the signature xml xml

In C#, sign an xml with a x.509 certificate and check the signature


c# xml digital-signature digital-certificate x509certificate2

In .NET, If you get your X509 cert from a .pfx file, like this: 

 X509Certificate2 certificate = new X509Certificate2(certFile, pfxPassword); RSACryptoServiceProvider rsaCsp = (RSACryptoServiceProvider) certificate.PrivateKey;

Then you can export the public key portion like so: 

 rsaCsp.ToXmlString(false);

The "false" part says, only export the public piece, don't export the private piece. (doc for RSA.ToXmlString)

And then in the verifying application, use 

 RSACryptoServiceProvider csp = new RSACryptoServiceProvider(); csp.FromXmlString(PublicKeyXml); bool isValid = VerifyXml(xmlDoc, rsa2);

And the VerifyXml calls CheckSignature(). It looks something like this: 

private Boolean VerifyXml(XmlDocument Doc, RSA Key){    // Create a new SignedXml object and pass it    // the XML document class.    var signedXml = new System.Security.Cryptography.Xml.SignedXml(Doc);    // Find the "Signature" node and create a new XmlNodeList object.    XmlNodeList nodeList = Doc.GetElementsByTagName("Signature");    // Throw an exception if no signature was found.    if (nodeList.Count <= 0)    {        throw new CryptographicException("Verification failed: No Signature was found in the document.");    }    // Though it is possible to have multiple signatures on     // an XML document, this app only supports one signature for    // the entire XML document.  Throw an exception     // if more than one signature was found.    if (nodeList.Count >= 2)    {        throw new CryptographicException("Verification failed: More that one signature was found for the document.");    }    // Load the first <signature> node.      signedXml.LoadXml((XmlElement)nodeList[0]);    // Check the signature and return the result.    return signedXml.CheckSignature(Key);}

c# xml digital-signature digital-certificate x509certificate2

Any certificate has a public and a private part. You only send around the public part. Just open any SSL enabled website in your browser, click on the padlock symbol and have a look at their certificate.

c# xml digital-signature digital-certificate x509certificate2

First off all you need to be sure that the certificate .pfx or .certhat you are using is intended for signing purpose.

You can check same in General Tab of a certificate*.Proves your identity to a remote computer*.Protects e-mail messages*.Allows data to be signed with the current time*.Allows data on disk to be encrypted*.2.16.356.100.2**Document Signing**

A Complete console application to digitally sign/verify XmlDocument in C# is written here.

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last