c# - 使用 RSA-SHA256 签名方法问题对 Xml 文档进行签名

标签 c# signedxml

我正在使用以下方法对 Xml 文档进行签名:

public static XmlDocument SignDocument(XmlDocument doc)
    {
        string signatureCanonicalizationMethod = "http://www.w3.org/2001/10/xml-exc-c14n#";
        string signatureMethod = @"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";
        string digestMethod = @"http://www.w3.org/2001/04/xmlenc#sha256";

        string signatureReferenceURI = "#_73e63a41-156d-4fda-a26c-8d79dcade713";

        CryptoConfig.AddAlgorithm(typeof(RSAPKCS1SHA256SignatureDescription), signatureMethod);

        var signingCertificate = GetCertificate();

        SignedXml signer = new SignedXml(doc);
        signer.SigningKey = signingCertificate.PrivateKey;
        signer.KeyInfo = new KeyInfo();
        signer.KeyInfo.AddClause(new KeyInfoX509Data(signingCertificate));

        signer.SignedInfo.CanonicalizationMethod = signatureCanonicalizationMethod;
        signer.SignedInfo.SignatureMethod = signatureMethod;

        XmlDsigEnvelopedSignatureTransform envelopeTransform = new XmlDsigEnvelopedSignatureTransform();
        XmlDsigExcC14NTransform cn14Transform = new XmlDsigExcC14NTransform();

        Reference signatureReference = new Reference();
        signatureReference.Uri = signatureReferenceURI;
        signatureReference.AddTransform(envelopeTransform);
        signatureReference.AddTransform(cn14Transform);
        signatureReference.DigestMethod = digestMethod;

        signer.AddReference(signatureReference);

        signer.ComputeSignature();
        XmlElement signatureElement = signer.GetXml();

        doc.DocumentElement.AppendChild(signer.GetXml());

        return doc;
    }


        private static X509Certificate2 GetCertificate()
    {

        X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
        store.Open(OpenFlags.ReadOnly);
        X509Certificate2 card = null;
        foreach (X509Certificate2 cert in store.Certificates)
        {
            if (!cert.HasPrivateKey) continue;

            if (cert.Thumbprint.Equals("a_certain_thumb_print", StringComparison.OrdinalIgnoreCase))
            {
                card = cert;
                break;
            }
        }
        store.Close();

        return card;
    }

尝试计算签名时会抛出类型为 System.Security.Cryptography.CryptographicException 的异常,并显示错误消息指定的算法无效。有什么想法吗?

机器:Windows Server 2008 R2

.Net 框架:4.0.

集成环境:Visual Studio 2010。

最佳答案

非常感谢这个博客。它实际上解决了我的问题。 顺便说一句,如果证书是从文件加载的,它应该是可导出的: X509Certificate2 x509Key = new X509Certificate2("xxxxx.pfx", "123", X509KeyStorageFlags.Exportable);

关于c# - 使用 RSA-SHA256 签名方法问题对 Xml 文档进行签名,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/11765460/

上一篇:c# - 为什么 ASP.NET 页面是空的,但对于用户控件 (.ascx)?

下一篇:c# - 清除私有(private)收藏或将其设置为空?

相关文章:

c# - 为什么我无法调用 DbContextOptionsBuilder 上的 UseInMemoryDatabase 方法?

c# - asp.net-mvc-2中的分页

c# - C# .NET 中部分文档的 Xml 签名验证失败

mono - System.Security.Cryptography.Xml 在可移植类库中?

c# - .Net : SignedXml - Signing xml with transform algorithm exc-c14n

c# - ChannelFactory.CreateChannel() 是否真的打开了连接?

c# - 在 Windows C# 之间传递对象

C# 类库方法摘要未在智能感知中显示

c# - 如何针对机器存储验证 SignedXml 中的证书

c# - SignedXml 生成无效签名

©2024 IT工具网  联系我们