Code Comments
Programming Forum and web based access to our favorite programming groups.
SignedXMLHello, I'm trying to create signed XML document with SignedXml class. As a SigningKey I'd like to use key pair obtained from user certificate stored in current user certificate store. I'm using WSE 2 SP 2 to get certificate, but when I'm invoking ComputeSignature() method of SignedXML instance I recive the following exception: "An unhandled exception of type 'System.NotSupportedException' occurred in microsoft.web.services2.dll Additional information: DecryptValue" I'd also like to mention, that when I try to export key's parameters I recive the following exception: "An unhandled exception of type 'System.NotSupportedException' occurred in microsoft.web.services2.dll Additional information: Export of private parameters is not supported" User certificate was created with Windows 2003 Enterprice Edition's CertSrv. I've tryed to create certificate with and without checked "Mark keys as exportable" and the result is the same. What can be wrong? Here is code listing: // Create example data to sign. XmlDocument document = new XmlDocument(); XmlNode node = document.CreateNodeXmlNodeType.Element, "", "MyElement", "samples"); node.InnerText = "This is some text"; document.AppendChild(node); // Get user certificate X509CertificateStore store = new X509CertificateStore(X509CertificateStor e.StoreProvider.System, X509CertificateStore.StoreLocation.CurrentUser, X509CertificateStore.MyStore); store.Open(); X509Certificate xCert = store.Certificates[0]; store.Close(); // Create the SignedXml message. SignedXml signedXml = new SignedXml(); RSA key = xCert.Key; //RSA key = RSA.Create(); //key.ImportParameters(xCert.Key.ExportParameters(true)); signedXml.SigningKey = key; // Create a data object to hold the data to sign. DataObject dataObject = new DataObject(); dataObject.Data = document.ChildNodes; dataObject.Id = "MyObjectId"; // Add the data object to the signature. signedXml.AddObject(dataObject); // Create a reference to be able to package everything into the // message. Reference reference = new Reference(); reference.Uri = "#MyObjectId"; // Add it to the message. signedXml.AddReference(reference); // Add a KeyInfo. KeyInfo keyInfo = new KeyInfo(); keyInfo.AddClause(new RSAKeyValue(key)); signedXml.KeyInfo = keyInfo; // Compute the signature. signedXml.ComputeSignature(); Thanks for your replay - Karol.
Post Follow-up to this message
RE: SignedXMLKarol, I can see either one of the two issues 1. Your private Key is not part of the certificate 2. If you still believe that, the private key is present as part of the certificate, try using Microsoft.Web.Services.Security.X509.X509Certificate object for retrieving the Certificate from the store by using (X509CertificateStore available in the same package).I was able to implement it without any problem using this class and was having some issues with the WSE2 classes X509Certificate.Key will give u the private key Hope it helps Thanks Raj "Karol" wrote: > Hello, > I'm trying to create signed XML document with SignedXml class. As a > SigningKey I'd like to use key pair obtained from user certificate > stored in current user certificate store. I'm using WSE 2 SP 2 to get > certificate, but when I'm invoking ComputeSignature() method of > SignedXML instance I recive the following exception: > > "An unhandled exception of type 'System.NotSupportedException' > occurred in microsoft.web.services2.dll > > Additional information: DecryptValue" > > I'd also like to mention, that when I try to export key's parameters I > recive the following exception: > "An unhandled exception of type 'System.NotSupportedException' > occurred in microsoft.web.services2.dll > > Additional information: Export of private parameters is not supported" > > User certificate was created with Windows 2003 Enterprice Edition's > CertSrv. > I've tryed to create certificate with and without checked "Mark keys > as exportable" and the result is the same. > > What can be wrong? > > Here is code listing: > > // Create example data to sign. > XmlDocument document = new XmlDocument(); > XmlNode node = document.CreateNodeXmlNodeType.Element, "", > "MyElement", "samples"); > > node.InnerText = "This is some text"; > document.AppendChild(node); > > // Get user certificate > X509CertificateStore store = new > X509CertificateStore(X509CertificateStor e.StoreProvider.System, > X509CertificateStore.StoreLocation.CurrentUser, > X509CertificateStore.MyStore); > > store.Open(); > X509Certificate xCert = store.Certificates[0]; > store.Close(); > > // Create the SignedXml message. > SignedXml signedXml = new SignedXml(); > RSA key = xCert.Key; > //RSA key = RSA.Create(); > //key.ImportParameters(xCert.Key.ExportParameters(true)); > signedXml.SigningKey = key; > > // Create a data object to hold the data to sign. > DataObject dataObject = new DataObject(); > dataObject.Data = document.ChildNodes; > dataObject.Id = "MyObjectId"; > > // Add the data object to the signature. > signedXml.AddObject(dataObject); > > // Create a reference to be able to package everything into the > // message. > Reference reference = new Reference(); > reference.Uri = "#MyObjectId"; > > // Add it to the message. > signedXml.AddReference(reference); > > // Add a KeyInfo. > KeyInfo keyInfo = new KeyInfo(); > keyInfo.AddClause(new RSAKeyValue(key)); > signedXml.KeyInfo = keyInfo; > > // Compute the signature. > signedXml.ComputeSignature(); > > > Thanks for your replay - Karol. >
Post Follow-up to this message Re: SignedXMLIf your using WSE, why are you also using SignedXML? You could instead just sign the soap body with your token and WSE handles all that. Unless I miss something (which is likely.) -- William Stacey, MVP http://mvp.support.microsoft.com "Karol" <revir@tlen.pl> wrote in message news:c81dd2b5.0502100711.5d40ec5@posting.google.com... > Hello, > I'm trying to create signed XML document with SignedXml class. As a > SigningKey I'd like to use key pair obtained from user certificate > stored in current user certificate store. I'm using WSE 2 SP 2 to get > certificate, but when I'm invoking ComputeSignature() method of > SignedXML instance I recive the following exception: > > "An unhandled exception of type 'System.NotSupportedException' > occurred in microsoft.web.services2.dll > > Additional information: DecryptValue" > > I'd also like to mention, that when I try to export key's parameters I > recive the following exception: > "An unhandled exception of type 'System.NotSupportedException' > occurred in microsoft.web.services2.dll > > Additional information: Export of private parameters is not supported" > > User certificate was created with Windows 2003 Enterprice Edition's > CertSrv. > I've tryed to create certificate with and without checked "Mark keys > as exportable" and the result is the same. > > What can be wrong? > > Here is code listing: > > // Create example data to sign. > XmlDocument document = new XmlDocument(); > XmlNode node = document.CreateNodeXmlNodeType.Element, "", > "MyElement", "samples"); > > node.InnerText = "This is some text"; > document.AppendChild(node); > > // Get user certificate > X509CertificateStore store = new > X509CertificateStore(X509CertificateStor e.StoreProvider.System, > X509CertificateStore.StoreLocation.CurrentUser, > X509CertificateStore.MyStore); > > store.Open(); > X509Certificate xCert = store.Certificates[0]; > store.Close(); > > // Create the SignedXml message. > SignedXml signedXml = new SignedXml(); > RSA key = xCert.Key; > //RSA key = RSA.Create(); > //key.ImportParameters(xCert.Key.ExportParameters(true)); > signedXml.SigningKey = key; > > // Create a data object to hold the data to sign. > DataObject dataObject = new DataObject(); > dataObject.Data = document.ChildNodes; > dataObject.Id = "MyObjectId"; > > // Add the data object to the signature. > signedXml.AddObject(dataObject); > > // Create a reference to be able to package everything into the > // message. > Reference reference = new Reference(); > reference.Uri = "#MyObjectId"; > > // Add it to the message. > signedXml.AddReference(reference); > > // Add a KeyInfo. > KeyInfo keyInfo = new KeyInfo(); > keyInfo.AddClause(new RSAKeyValue(key)); > signedXml.KeyInfo = keyInfo; > > // Compute the signature. > signedXml.ComputeSignature(); > > > Thanks for your replay - Karol.
Post Follow-up to this message Re: SignedXMLRaj <Raj@discussions.microsoft.com> wrote in message news:<BA4401AB-8327-4701-B1B3-517A415D 6BF7@microsoft.com>... > Karol, > I can see either one of the two issues > > 1. Your private Key is not part of the certificate > > 2. If you still believe that, the private key is present as part of the > certificate, try using Microsoft.Web.Services.Security.X509.X509Certificat e > object for retrieving the Certificate from the store by using > (X509CertificateStore available in the same package).I was able to impleme nt > it without any problem using this class and was having some issues with th e > WSE2 classes > > X509Certificate.Key will give u the private key Thanks Raj, Retriving Certificate and it's Key with WSE 1.0 solved the problem :) -- Best regards, Karol
Post Follow-up to this message Re: SignedXML> > Thanks Raj, > Retriving Certificate and it's Key with WSE 1.0 solved the problem > :) > > -- > Best regards, > Karol [/B] Karol Hi !! Could you post some sample code of the corrected and working solution ?? I'm dealing wit the same problem at this moment. Thank you very much. El Bruno -- ElBruno ------------------------------------------------------------------------ Posted via http://www.mcse.ms ------------------------------------------------------------------------ View this thread: http://www.mcse.ms/message1415408.html
Post Follow-up to this message
Sponsored Links
Show a Printable Version
Email This Page to Someone!
Receive updates to this thread
Powered by vBulletin
Copyright 2000-2006 Jelsoft Enterprises Limited.
