如何在不使用 SignedXml 的情况下在 C# 中验证 xml 数字签名?
How to verify xml digital signature in c# without using SignedXml?
如何在不使用 SignedXml(在 dotnet 核心中不可用)的情况下验证 xml 签名(在 SOAP 请求中使用)?
我正在这样尝试,但它总是给我错误:
public static void CheckSignature(XElement responseXml, MyResponseType response)
{
string originalDigestValue = Convert.ToBase64String(response.Signature.SignedInfo.Reference.FirstOrDefault().DigestValue);
var originalSignatureValue = response.Signature.SignatureValue.Value;
X509DataType certificateData = (X509DataType)response.Signature.KeyInfo.Items[0];
X509Certificate2 certificate = new X509Certificate2((byte[])certificateData.Items[0]);
//for calculating digest value
//responseXml.Descendants(nm + "Signature").SingleOrDefault().Remove();
//var digestValue = Convert.ToBase64String(SHA1.Create().ComputeHash(System.Text.Encoding.UTF8.GetBytes(responseXml.Document.ToString())));
XNamespace nm = @"http://www.w3.org/2000/09/xmldsig#";
var signedInfoNode = responseXml.Descendants(nm + "SignedInfo").SingleOrDefault();
var signedInfo = signedInfoNode.ToString().Trim();
byte[] signedInfoBytes = Encoding.UTF8.GetBytes(signedInfo);
var hash = SHA1.Create().ComputeHash(signedInfoBytes);
RSA rsa = certificate.GetRSAPublicKey();
try
{
Console.WriteLine("Signed Info: \n" + signedInfo);
Console.WriteLine("Verification: \n" + rsa.VerifyData(signedInfoBytes, originalSignatureValue, HashAlgorithmName.SHA1, RSASignaturePadding.Pkcs1));
Console.WriteLine("Verification hash: \n" + rsa.VerifyData(hash, originalSignatureValue, HashAlgorithmName.SHA1, RSASignaturePadding.Pkcs1));
}
catch (Exception exc)
{
//
}
}
xmldsig is a very large, very complicated spec. You can try to implement it if you like, the complicated bits are turning the XML document into bytes for doing signing and verification (the canonicalization (or c14n) spec是分开的,而且很大)。
SignedXml 现在应该可以使用 .NET Core 2.0 Preview 1,升级绝对是您最简单的选择。
如何在不使用 SignedXml(在 dotnet 核心中不可用)的情况下验证 xml 签名(在 SOAP 请求中使用)?
我正在这样尝试,但它总是给我错误:
public static void CheckSignature(XElement responseXml, MyResponseType response)
{
string originalDigestValue = Convert.ToBase64String(response.Signature.SignedInfo.Reference.FirstOrDefault().DigestValue);
var originalSignatureValue = response.Signature.SignatureValue.Value;
X509DataType certificateData = (X509DataType)response.Signature.KeyInfo.Items[0];
X509Certificate2 certificate = new X509Certificate2((byte[])certificateData.Items[0]);
//for calculating digest value
//responseXml.Descendants(nm + "Signature").SingleOrDefault().Remove();
//var digestValue = Convert.ToBase64String(SHA1.Create().ComputeHash(System.Text.Encoding.UTF8.GetBytes(responseXml.Document.ToString())));
XNamespace nm = @"http://www.w3.org/2000/09/xmldsig#";
var signedInfoNode = responseXml.Descendants(nm + "SignedInfo").SingleOrDefault();
var signedInfo = signedInfoNode.ToString().Trim();
byte[] signedInfoBytes = Encoding.UTF8.GetBytes(signedInfo);
var hash = SHA1.Create().ComputeHash(signedInfoBytes);
RSA rsa = certificate.GetRSAPublicKey();
try
{
Console.WriteLine("Signed Info: \n" + signedInfo);
Console.WriteLine("Verification: \n" + rsa.VerifyData(signedInfoBytes, originalSignatureValue, HashAlgorithmName.SHA1, RSASignaturePadding.Pkcs1));
Console.WriteLine("Verification hash: \n" + rsa.VerifyData(hash, originalSignatureValue, HashAlgorithmName.SHA1, RSASignaturePadding.Pkcs1));
}
catch (Exception exc)
{
//
}
}
xmldsig is a very large, very complicated spec. You can try to implement it if you like, the complicated bits are turning the XML document into bytes for doing signing and verification (the canonicalization (or c14n) spec是分开的,而且很大)。
SignedXml 现在应该可以使用 .NET Core 2.0 Preview 1,升级绝对是您最简单的选择。