How to sign an XML file with a RSA key in .NET?

Yes, I have managed to do that. I think the problem is with your reference. The uri should point to the id of the element that the signature is for.

Anyway, check the below code, hope it points you in the right direction.

Yes, I have managed to do that. I think the problem is with your reference. The uri should point to the id of the element that the signature is for.

Anyway, check the below code, hope it points you in the right direction. /Klaus /// /// Signs an XmlDocument with an xml signature using the signing certificate given as argument to the method. /// /// The XmlDocument to be signed /// The is of the topmost element in the xmldocument /// The certificate used to sign the document public static void SignDocument(XmlDocument doc, string id, X509Certificate2 cert) { SignedXml signedXml = new SignedXml(doc); signedXml.SignedInfo.

CanonicalizationMethod = SignedXml. XmlDsigExcC14NTransformUrl; signedXml. SigningKey = cert.

PrivateKey; // Retrieve the value of the "ID" attribute on the root assertion element. Reference reference = new Reference("#" + id); reference. AddTransform(new XmlDsigEnvelopedSignatureTransform()); reference.

AddTransform(new XmlDsigExcC14NTransform()); signedXml. AddReference(reference); // Include the public key of the certificate in the assertion. SignedXml.

KeyInfo = new KeyInfo(); signedXml.KeyInfo. AddClause(new KeyInfoX509Data(cert, X509IncludeOption. WholeChain)); signedXml.

ComputeSignature(); // Append the computed signature. The signature must be placed as the sibling of the Issuer element. XmlNodeList nodes = doc.DocumentElement.

GetElementsByTagName("Issuer", Saml20Constants. ASSERTION); // doc.DocumentElement. InsertAfter(doc.

ImportNode(signedXml.GetXml(), true), nodes0); nodes0.ParentNode. InsertAfter(doc. ImportNode(signedXml.GetXml(), true), nodes0); }.

With the "" you implicit signs all of the XML if you use an id you only sign parts of it. – Henrik Jepsen Dec 1 '09 at 10:06 The signature I have to do must follow the rule "Only what is seen should be signed". I assumed I had to sign the whole document, but I may was wrong... I will try so change the Uri of the reference.

Hope fully it will do the trick. – Nicolas Riou Dec 1 '09 at 10:26 How do you set the Id of the top element? I tried this : // Create a data object to hold the data to sign.

DataObject dataObject = new DataObject(); dataObject. Data = Doc. ChildNodes; dataObject.Id = "MyObjectId"; // Add the data object to the signature.

SignedXml. AddObject(dataObject); // Add the key to the SignedXml document.SignedXml. SigningKey = Key; // Create a reference to be signed.

Reference reference = new Reference("#MyObjectId"); But I am getting an exception ... – Nicolas Riou Dec 1 '09 at 10:45.

It seems to me, that you sign the everrything in the xml:reference. Uri = ""; Purhaps you break the signature when you insert it in the document or insert it in a wrong way. Also be aware of namespaces and whitespace some of it is also signed which can cause problems later on when working on the signed document.

So, next step of my personal cryptographic nightmare : I am now trying to change the Uri of the Reference, so that I don't sign the whole xml document but only the top Element. The source code now looks like this : private static void SignXml(XmlDocument Doc, RSA Key) { // Check arguments. If (Doc == null) throw new ArgumentException("Le xml est null"); if (Key == null) throw new ArgumentException("La cle est requise"); // Create a SignedXml object.

SignedXml signedXml = new SignedXml(); // Add the key to the SignedXml document. SignedXml. SigningKey = Key; // Create a data object to hold the data to sign.

DataObject dataObject = new DataObject(); dataObject. Data = Doc. ChildNodes; dataObject.Id = "MyObjectId"; // Add the data object to the signature.

SignedXml. AddObject(dataObject); // Create a reference to be signed. Reference reference = new Reference(); reference.

Uri = "#MyObjectId"; // Add an enveloped transformation to the reference. Reference. AddTransform( new XmlDsigEnvelopedSignatureTransform()); // Add the reference to the SignedXml object.

SignedXml. AddReference(reference); // Compute the signature.SignedXml. ComputeSignature(); // Get the XML representation of the signature and save // it to an XmlElement object.

XmlElement xmlDigitalSignature = signedXml.GetXml(); // Append the element to the XML document.Doc.DocumentElement. AppendChild(Doc. ImportNode(xmlDigitalSignature, true)); } The line signedXml.

ComputeSignature(); throws an exception : System. InvalidOperationException : "Le noeud spécifié ne peut pas être inséré comme enfant valide de ce noeud, car le noeud spécifié n'est pas du type correct." (Sorry about french :) ) In English, that sould be something like that : Specified node can not be inserted as a valid child of this node, because the specified node is not of the correct type.

Try to replace dataObject. Data = Doc. ChildNodes; with this: dataObject.

Data = Doc. GetElementsByTagName("YourRootNodeNameHere").

I cant really gove you an answer,but what I can give you is a way to a solution, that is you have to find the anglde that you relate to or peaks your interest. A good paper is one that people get drawn into because it reaches them ln some way.As for me WW11 to me, I think of the holocaust and the effect it had on the survivors, their families and those who stood by and did nothing until it was too late.