使用RSA-SHA256签名方法对Xml文档进行签名问题

本文关键字:问题 文档 RSA-SHA256 方法 使用 Xml | 更新日期: 2024-09-21 03:19:13

我正在使用以下方法对Xml文档进行签名:

public static XmlDocument SignDocument(XmlDocument doc)
    {
        string signatureCanonicalizationMethod = "http://www.w3.org/2001/10/xml-exc-c14n#";
        string signatureMethod = @"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";
        string digestMethod = @"http://www.w3.org/2001/04/xmlenc#sha256";
        string signatureReferenceURI = "#_73e63a41-156d-4fda-a26c-8d79dcade713";
        CryptoConfig.AddAlgorithm(typeof(RSAPKCS1SHA256SignatureDescription), signatureMethod);
        var signingCertificate = GetCertificate();
        SignedXml signer = new SignedXml(doc);
        signer.SigningKey = signingCertificate.PrivateKey;
        signer.KeyInfo = new KeyInfo();
        signer.KeyInfo.AddClause(new KeyInfoX509Data(signingCertificate));
        signer.SignedInfo.CanonicalizationMethod = signatureCanonicalizationMethod;
        signer.SignedInfo.SignatureMethod = signatureMethod;
        XmlDsigEnvelopedSignatureTransform envelopeTransform = new XmlDsigEnvelopedSignatureTransform();
        XmlDsigExcC14NTransform cn14Transform = new XmlDsigExcC14NTransform();
        Reference signatureReference = new Reference();
        signatureReference.Uri = signatureReferenceURI;
        signatureReference.AddTransform(envelopeTransform);
        signatureReference.AddTransform(cn14Transform);
        signatureReference.DigestMethod = digestMethod;
        signer.AddReference(signatureReference);
        signer.ComputeSignature();
        XmlElement signatureElement = signer.GetXml();
        doc.DocumentElement.AppendChild(signer.GetXml());
        return doc;
    }

        private static X509Certificate2 GetCertificate()
    {
        X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
        store.Open(OpenFlags.ReadOnly);
        X509Certificate2 card = null;
        foreach (X509Certificate2 cert in store.Certificates)
        {
            if (!cert.HasPrivateKey) continue;
            if (cert.Thumbprint.Equals("a_certain_thumb_print", StringComparison.OrdinalIgnoreCase))
            {
                card = cert;
                break;
            }
        }
        store.Close();
        return card;
    }

尝试计算签名时引发类型为System.Security.Cryptography.CryptographicException的异常,错误消息为指定的算法无效。有什么想法吗?

计算机:Windows Server 2008 R2

.Net框架:4.0。

IDE:Visual Studio 2010。

使用RSA-SHA256签名方法对Xml文档进行签名问题

非常感谢您的博客。它实际上解决了我的问题。顺便说一句,如果证书是从文件加载的,那么它应该是可导出的:X509Certificate2 x509Key=新的X509Certification2("xxxxx.pfx","123",X509KeyStorageFlags.Exportable);

string signatureMethod=@"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";

此签名方法未根据在.NET中实现https://msdn.microsoft.com/en-us/library/system.security.cryptography.xml.signedinfo.signaturemethod(v=vs.110).aspx

@minhj的回复提到了一些博客,但没有链接。

但是,添加这里提到的类并注册它解决了这个问题。似乎每个应用程序域只应该注册一次。

相关文章: