Home > Archive > Dot Net XML > May 2005 > SignedXML
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
|
|
|
| Hello,
I'm trying to create signed XML document with SignedXml class. As a
SigningKey I'd like to use key pair obtained from user certificate
stored in current user certificate store. I'm using WSE 2 SP 2 to get
certificate, but when I'm invoking ComputeSignature() method of
SignedXML instance I recive the following exception:
"An unhandled exception of type 'System.NotSupportedException'
occurred in microsoft.web.services2.dll
Additional information: DecryptValue"
I'd also like to mention, that when I try to export key's parameters I
recive the following exception:
"An unhandled exception of type 'System.NotSupportedException'
occurred in microsoft.web.services2.dll
Additional information: Export of private parameters is not supported"
User certificate was created with Windows 2003 Enterprice Edition's
CertSrv.
I've tryed to create certificate with and without checked "Mark keys
as exportable" and the result is the same.
What can be wrong?
Here is code listing:
// Create example data to sign.
XmlDocument document = new XmlDocument();
XmlNode node = document.CreateNodeXmlNodeType.Element, "",
"MyElement", "samples");
node.InnerText = "This is some text";
document.AppendChild(node);
// Get user certificate
X509CertificateStore store = new
X509CertificateStore(X509CertificateStor
e.StoreProvider.System,
X509CertificateStore.StoreLocation.CurrentUser,
X509CertificateStore.MyStore);
store.Open();
X509Certificate xCert = store.Certificates[0];
store.Close();
// Create the SignedXml message.
SignedXml signedXml = new SignedXml();
RSA key = xCert.Key;
//RSA key = RSA.Create();
//key.ImportParameters(xCert.Key.ExportParameters(true));
signedXml.SigningKey = key;
// Create a data object to hold the data to sign.
DataObject dataObject = new DataObject();
dataObject.Data = document.ChildNodes;
dataObject.Id = "MyObjectId";
// Add the data object to the signature.
signedXml.AddObject(dataObject);
// Create a reference to be able to package everything into the
// message.
Reference reference = new Reference();
reference.Uri = "#MyObjectId";
// Add it to the message.
signedXml.AddReference(reference);
// Add a KeyInfo.
KeyInfo keyInfo = new KeyInfo();
keyInfo.AddClause(new RSAKeyValue(key));
signedXml.KeyInfo = keyInfo;
// Compute the signature.
signedXml.ComputeSignature();
Thanks for your replay - Karol.
| |
|
| Karol,
I can see either one of the two issues
1. Your private Key is not part of the certificate
2. If you still believe that, the private key is present as part of the
certificate, try using Microsoft.Web.Services.Security.X509.X509Certificate
object for retrieving the Certificate from the store by using
(X509CertificateStore available in the same package).I was able to implement
it without any problem using this class and was having some issues with the
WSE2 classes
X509Certificate.Key will give u the private key
Hope it helps
Thanks
Raj
"Karol" wrote:
> Hello,
> I'm trying to create signed XML document with SignedXml class. As a
> SigningKey I'd like to use key pair obtained from user certificate
> stored in current user certificate store. I'm using WSE 2 SP 2 to get
> certificate, but when I'm invoking ComputeSignature() method of
> SignedXML instance I recive the following exception:
>
> "An unhandled exception of type 'System.NotSupportedException'
> occurred in microsoft.web.services2.dll
>
> Additional information: DecryptValue"
>
> I'd also like to mention, that when I try to export key's parameters I
> recive the following exception:
> "An unhandled exception of type 'System.NotSupportedException'
> occurred in microsoft.web.services2.dll
>
> Additional information: Export of private parameters is not supported"
>
> User certificate was created with Windows 2003 Enterprice Edition's
> CertSrv.
> I've tryed to create certificate with and without checked "Mark keys
> as exportable" and the result is the same.
>
> What can be wrong?
>
> Here is code listing:
>
> // Create example data to sign.
> XmlDocument document = new XmlDocument();
> XmlNode node = document.CreateNodeXmlNodeType.Element, "",
> "MyElement", "samples");
>
> node.InnerText = "This is some text";
> document.AppendChild(node);
>
> // Get user certificate
> X509CertificateStore store = new
> X509CertificateStore(X509CertificateStor
e.StoreProvider.System,
> X509CertificateStore.StoreLocation.CurrentUser,
> X509CertificateStore.MyStore);
>
> store.Open();
> X509Certificate xCert = store.Certificates[0];
> store.Close();
>
> // Create the SignedXml message.
> SignedXml signedXml = new SignedXml();
> RSA key = xCert.Key;
> //RSA key = RSA.Create();
> //key.ImportParameters(xCert.Key.ExportParameters(true));
> signedXml.SigningKey = key;
>
> // Create a data object to hold the data to sign.
> DataObject dataObject = new DataObject();
> dataObject.Data = document.ChildNodes;
> dataObject.Id = "MyObjectId";
>
> // Add the data object to the signature.
> signedXml.AddObject(dataObject);
>
> // Create a reference to be able to package everything into the
> // message.
> Reference reference = new Reference();
> reference.Uri = "#MyObjectId";
>
> // Add it to the message.
> signedXml.AddReference(reference);
>
> // Add a KeyInfo.
> KeyInfo keyInfo = new KeyInfo();
> keyInfo.AddClause(new RSAKeyValue(key));
> signedXml.KeyInfo = keyInfo;
>
> // Compute the signature.
> signedXml.ComputeSignature();
>
>
> Thanks for your replay - Karol.
>
| |
| William Stacey [MVP] 2005-02-14, 9:12 pm |
| If your using WSE, why are you also using SignedXML? You could instead just
sign the soap body with your token and WSE handles all that. Unless I miss
something (which is likely.)
--
William Stacey, MVP
http://mvp.support.microsoft.com
"Karol" <revir@tlen.pl> wrote in message
news:c81dd2b5.0502100711.5d40ec5@posting.google.com...
> Hello,
> I'm trying to create signed XML document with SignedXml class. As a
> SigningKey I'd like to use key pair obtained from user certificate
> stored in current user certificate store. I'm using WSE 2 SP 2 to get
> certificate, but when I'm invoking ComputeSignature() method of
> SignedXML instance I recive the following exception:
>
> "An unhandled exception of type 'System.NotSupportedException'
> occurred in microsoft.web.services2.dll
>
> Additional information: DecryptValue"
>
> I'd also like to mention, that when I try to export key's parameters I
> recive the following exception:
> "An unhandled exception of type 'System.NotSupportedException'
> occurred in microsoft.web.services2.dll
>
> Additional information: Export of private parameters is not supported"
>
> User certificate was created with Windows 2003 Enterprice Edition's
> CertSrv.
> I've tryed to create certificate with and without checked "Mark keys
> as exportable" and the result is the same.
>
> What can be wrong?
>
> Here is code listing:
>
> // Create example data to sign.
> XmlDocument document = new XmlDocument();
> XmlNode node = document.CreateNodeXmlNodeType.Element, "",
> "MyElement", "samples");
>
> node.InnerText = "This is some text";
> document.AppendChild(node);
>
> // Get user certificate
> X509CertificateStore store = new
> X509CertificateStore(X509CertificateStor
e.StoreProvider.System,
> X509CertificateStore.StoreLocation.CurrentUser,
> X509CertificateStore.MyStore);
>
> store.Open();
> X509Certificate xCert = store.Certificates[0];
> store.Close();
>
> // Create the SignedXml message.
> SignedXml signedXml = new SignedXml();
> RSA key = xCert.Key;
> //RSA key = RSA.Create();
> //key.ImportParameters(xCert.Key.ExportParameters(true));
> signedXml.SigningKey = key;
>
> // Create a data object to hold the data to sign.
> DataObject dataObject = new DataObject();
> dataObject.Data = document.ChildNodes;
> dataObject.Id = "MyObjectId";
>
> // Add the data object to the signature.
> signedXml.AddObject(dataObject);
>
> // Create a reference to be able to package everything into the
> // message.
> Reference reference = new Reference();
> reference.Uri = "#MyObjectId";
>
> // Add it to the message.
> signedXml.AddReference(reference);
>
> // Add a KeyInfo.
> KeyInfo keyInfo = new KeyInfo();
> keyInfo.AddClause(new RSAKeyValue(key));
> signedXml.KeyInfo = keyInfo;
>
> // Compute the signature.
> signedXml.ComputeSignature();
>
>
> Thanks for your replay - Karol.
| |
|
| Raj <Raj@discussions.microsoft.com> wrote in message news:<BA4401AB-8327-4701-B1B3-517A415D6BF7@microsoft.com>...
> Karol,
> I can see either one of the two issues
>
> 1. Your private Key is not part of the certificate
>
> 2. If you still believe that, the private key is present as part of the
> certificate, try using Microsoft.Web.Services.Security.X509.X509Certificate
> object for retrieving the Certificate from the store by using
> (X509CertificateStore available in the same package).I was able to implement
> it without any problem using this class and was having some issues with the
> WSE2 classes
>
> X509Certificate.Key will give u the private key
Thanks Raj,
Retriving Certificate and it's Key with WSE 1.0 solved the problem :)
--
Best regards,
Karol
| |
| ElBruno 2005-05-24, 4:04 pm |
|
>
> Thanks Raj,
> Retriving Certificate and it's Key with WSE 1.0 solved the problem
> :)
>
> --
> Best regards,
> Karol [/B]
Karol Hi !!
Could you post some sample code of the corrected and working solution
??
I'm dealing wit the same problem at this moment.
Thank you very much.
El Bruno
--
ElBruno
------------------------------------------------------------------------
Posted via http://www.mcse.ms
------------------------------------------------------------------------
View this thread: http://www.mcse.ms/message1415408.html
|
|
|
|
|