HighTechTalks DotNet Forums  

Validating XMLSignature with SignedXml

Go Back HighTechTalks DotNet Forums Dotnet Dotnet Security Validating XMLSignature with SignedXml

Dotnet Security microsoft.public.dotnet.security


Discuss Validating XMLSignature with SignedXml in the Dotnet Security forum.



Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old   
Matevz Gacnik
 
Posts: n/a

Default Validating XMLSignature with SignedXml - 03-02-2005 , 03:03 AM





Hi,

Well I have one of those things that seem impossible to grok, but are still
happening.

Consider this document:
<ts:TimeStampResponse
xmlns:ts="http://www.entrust.com/schemas/timestamp-protocol-20020207">
<ts:StatusInfo status="granted" />
<dsig:Signature Id="TimeStampToken"
xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
<dsig:SignedInfo>
<dsig:CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
<dsig:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<dsig:Reference URI="#TimeStampInfo-FD285246ED3BE42981000000000000427D">
<dsigigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<dsigigestValue>DtqF8Aq2E26XGspY2482HbuPSfM=</dsigigestValue>
</dsig:Reference>
<dsig:Reference URI="#TimeStampAuthority">
<dsigigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<dsigigestValue>E59riJkSk8J1iEPZN0i+xdayAV0=</dsigigestValue>
</dsig:Reference>
</dsig:SignedInfo>
<dsig:SignatureValue>Pq...A==</dsig:SignatureValue>
<dsig:KeyInfo Id="TimeStampAuthority">
<dsig:X509Data>
<dsig:X509Certificate>MII...0NOG</dsig:X509Certificate>
</dsig:X509Data>
</dsig:KeyInfo>
<dsig:Object Id="TimeStampInfo-FD285246ED3BE42981000000000000427D">
<ts:TimeStampInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:ts="http://www.entrust.com/schemas/timestamp-protocol-20020207">
<ts:Policy id="your policy uri here" />
<tsigest>
<dsigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<dsigestValue>PPjS7YgUEcdJ66IdLqit0h0ZrGw=</dsigestValue>
</tsigest>

<ts:SerialNumber>861450351577355099651760324269956 54607485</ts:SerialNumber>
<ts:CreationTime>2005-03-02T07:51:19.696Z</ts:CreationTime>
<ts:Nonce>2264737485596048822</ts:Nonce>
</ts:TimeStampInfo>
</dsig:Object>
</dsig:Signature>
</ts:TimeStampResponse>

If I check the signature validity against it, it will fail in .NET Fx
1.1/2.0. But if I remove everything but the Signature element, I can validate
it. This is a timestamp response from an Entrust server.

Since the signature element has an embedded object, I can't seem to find a
good reason for it.

Any ideas?

Reply With Quote
Reply

« Previous Thread | Next Thread »



Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Powered by vBulletin Version 3.5.4
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.


Contact Us - HighTechTalks DotNet Forums - Archive - Top