none
SignedXml CheckSignature: enable SignedXmlDebugLog

    Question

  • Hi,

    I'm trying to verify a digital signature using SignedXml.CheckSignature and the rsa-sha256 algorithm. No matter what I try it keeps returning false.

    I suspect that either the certificate, or the message is incorrect, but because it's not my certificate and a response message I can't be sure. When I sign and verify a message of my own it returns true.

    What I'm trying to do is to activate the SignedXmlDebugLog (System.Security.Cryptography.Xml.SignedXmlDebugLog), because I think that would provide me with the information I need.

    Now there's the problem. This msdn thread is the only reference I could find of the existence of this log, let alone how to enable it.

    Can anyone help me / point me in the right direction how to enable this SignedXmlDebugLog / trace?

    Any help will be much appreciated!

    Here's my C# code, I'm using VS2012 and .NET4.5

    Reference:

    Sign XML Documents with digital signature

    Verify digital signatures of XML documents

    Using receipts to verify purchases (Verify SHA256)

    using System;
    using System.IO;
    using System.Security;
    using System.Security.Cryptography;
    using System.Security.Cryptography.X509Certificates;
    using System.Security.Cryptography.Xml;
    using System.Text;
    using System.Xml;
    using System.Xml.Linq;
    
    namespace Certificate_test
    {
        public sealed class RSAPKCS1SHA256SignatureDescription : SignatureDescription
        {
            public RSAPKCS1SHA256SignatureDescription()
            {
                base.KeyAlgorithm = typeof(RSACryptoServiceProvider).FullName;
                base.DigestAlgorithm = typeof(SHA256Managed).FullName;
                base.FormatterAlgorithm = typeof(RSAPKCS1SignatureFormatter).FullName;
                base.DeformatterAlgorithm = typeof(RSAPKCS1SignatureDeformatter).FullName;
            }
    
            public override AsymmetricSignatureDeformatter CreateDeformatter(AsymmetricAlgorithm key)
            {
                if (key == null)
                {
                    throw new ArgumentNullException("key");
                }
    
                RSAPKCS1SignatureDeformatter deformatter = new RSAPKCS1SignatureDeformatter(key);
                deformatter.SetHashAlgorithm("SHA256");
                return deformatter;
            }
    
            public override AsymmetricSignatureFormatter CreateFormatter(AsymmetricAlgorithm key)
            {
                if (key == null)
                {
                    throw new ArgumentNullException("key");
                }
    
                RSAPKCS1SignatureFormatter formatter = new RSAPKCS1SignatureFormatter(key);
                formatter.SetHashAlgorithm("SHA256");
                return formatter;
            }
    
        }
    
        class Program
        {
            static void Main(string[] args)
            {
                X509Certificate2 public_cert = new X509Certificate2(File.ReadAllBytes(@"..\..\public.cer"));
                X509Certificate2 private_cert = new X509Certificate2(File.ReadAllBytes(@"..\..\private.pfx"), "test", X509KeyStorageFlags.PersistKeySet);
    			
                try
                {
                    XmlDocument document = new XmlDocument();
                    document.PreserveWhitespace = true;
                    document.Load(@"..\..\input.xml");
                    PFCryptography.Sign(document, private_cert);
    
                    if (!PFCryptography.Verify(document, public_cert))
                    { }
    
                }
                finally
                {
                    private_cert.Reset();
                    public_cert.Reset();
                }
    
                X509Certificate2 validate_cert = new X509Certificate2(File.ReadAllBytes(@"..\..\validate.cer"));
    
                try
                {
                    XmlDocument document = new XmlDocument();
                    document.PreserveWhitespace = true;
                    document.Load(@"..\..\response.xml");
    
                    if (!PFCryptography.Verify(document, validate_cert))
                    { }
                }
                finally
                {
                    validate_cert.Reset();
                }
            }
    
            public static class PFCryptography
            {
                public static void Sign (XmlDocument xmlDocument, X509Certificate2 certificate)
                {
                    RSA key = (RSACryptoServiceProvider)certificate.PrivateKey;
    
                    SignedXml signedXml = new SignedXml(xmlDocument);
                    signedXml.SigningKey = key;
    
                    Reference reference = new Reference();
                    reference.Uri = "";
                    reference.AddTransform(new XmlDsigEnvelopedSignatureTransform());
                    signedXml.AddReference(reference);
    
                    KeyInfo keyInfo = new KeyInfo();
                    KeyInfoName kin = new KeyInfoName();
                    kin.Value = certificate.Thumbprint;
                    keyInfo.AddClause(kin);
                    signedXml.KeyInfo = keyInfo;
    
                    signedXml.ComputeSignature();
                    XmlElement xmlDigitalSignature = signedXml.GetXml();
                    xmlDocument.DocumentElement.AppendChild(xmlDocument.ImportNode(xmlDigitalSignature, true));
                }
    
                public static bool Verify (XmlDocument xmlDocument, X509Certificate2 certificate)
                {
                    SignedXml signedXml = new SignedXml(xmlDocument);
    
                    // .NET does not support SHA256-RSA2048 signature verification by default, so register this algorithm for verification
                    CryptoConfig.AddAlgorithm(typeof(RSAPKCS1SHA256SignatureDescription), "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");
    
                    signedXml.SigningKey = certificate.PublicKey.Key;
    
                    XmlNodeList dsigs = xmlDocument.GetElementsByTagName("Signature", SignedXml.XmlDsigNamespaceUrl);
    
                    if (dsigs.Count != 1)
                        return false;
    
                    signedXml.LoadXml((XmlElement)dsigs[0]);
    
                    bool isValid = signedXml.CheckSignature(certificate, true);
    
                    return isValid;
                }
            }
        }
    }




    Tuesday, June 11, 2013 10:22 AM

Answers

  • Hi Pluriform Developer, 

    Here's the information I got.  You
    need an app.config file similar to the below (which would create a file called XmlDsiLog.txt). The format isn’t super friendly, but it does show the XML as it goes through the various transforms.

    <configuration>

               <system.diagnostics>

                 <sources>

                   <source name="System.Security.Cryptography.Xml.SignedXml"

                           switchName="XmlDsigLogSwitch">

                     <listeners>

                       <add name="logFile" />

                    </listeners>

                   </source>

                 </sources>

                 <switches>

                   <add name="XmlDsigLogSwitch" value="Verbose" />

                 </switches>

                 <sharedListeners>

                   <add name="logFile"

                        type="System.Diagnostics.TextWriterTraceListener"

                        initializeData="XmlDsigLog.txt"/>

                 </sharedListeners>

                 <trace autoflush="true">

                   <listeners>

                     <add name="logFile" />

                   </listeners>

                 </trace>

               </system.diagnostics>

             </configuration>


    Carlos Lopez - Microsoft Escalation Engineer

    Friday, June 21, 2013 2:52 AM

All replies

  • Hi Pluriform Developer,

    I'll try to involve some other engineers more familiar with this issue in the thread. It may take some time to get the response. Your patience will be appreciated.

    Thanks for your understanding.

    Best regards,


    Chester Hong
    MSDN Community Support | Feedback to us
    Develop and promote your apps in Windows Store
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    Thursday, June 13, 2013 2:24 AM
    Moderator
  • Hi Chester,

    Thanks for your reply. I'll try to remain patient, but I've been struggling with this for quite some time now so I would prefer to get a response sooner than later.

    I was wondering, Stefan 000000 did seem to get this log to work (reference below). Is there a way he could be asked to reply to this thread? That would be greatly appreciated.

    Thanks again.

    ----

    XMLDsig and .Net - same input different output?

    Hi,

    I try to verify signed xml documents and want to transfer legacy code (which I wrote myself) to a new project. My problem is, that the verification failed even if the input is the same. (It only differs in some conversions from XmlDocument to XmlElement, ... - but that's far before this log lines)

    I activated the log (System.Security.Cryptography.Xml.SignedXmlDebugLog) and the inputs are identically:

    5424;3023;2011-04-28 17:01:46.5320;Trace;System.Security.Cryptography.Xml.SignedXml;43;System.Security.Cryptography.Xml.SignedXmlDebugLog.WriteLine;"[SignedXml#015b9d55, BeginSignatureVerification] Kontext wird verwendet: <FirstPairState xmlns=""http://logima.de/osl""><!--class Logima.OSL.ReaderEraserControl.DosimeterPairState--><DosimeterID>0010000533</DosimeterID><ReaderID>09000112</ReaderID><DatasetID>b3be3387-ae77-4330-9f7e-894b650c9f32</DatasetID><Timestamp>2010-02-09T19:01:01.3051349+01:00</Timestamp><!--class Logima.OSL.ReaderEraserControl.DosimeterPairState--><PairID>First</PairID><RequestAuthor>ReaderEraserControl</RequestAuthor><State>StandardErasing</State><Signature xmlns=""http://www.w3.org/2000/09/xmldsig#""><SignedInfo><CanonicalizationMethod Algorithm=""http://www.w3.org/TR/2001/REC-xml-c14n-20010315"" /><SignatureMethod Algorithm=""http://www.w3.org/2000/09/xmldsig#rsa-sha1"" /><Reference URI=""""><Transforms><Transform Algorithm=""http://www.w3.org/2000/09/xmldsig#enveloped-signature"" /></Transforms><DigestMethod Algorithm=""http://www.w3.org/2000/09/xmldsig#sha1"" /><DigestValue>+90k3r32Yy9ORVKBq3vojem4Em4=</DigestValue></Reference></SignedInfo><SignatureValue>Boff2KUooSjxJnBEm/nkxuAiQKmBO33JnQAHSrGVV1HJfiCmjNyOEPhQ92dSTXId2M+Gko0WZYkFoFfgWTvPLYmOTYJamYjo9JrthJ+3XmLD4NU9HKuXwnuTzc9kLeUK3HqD4TDkFxyr2iu43SyU+C1NXodQT+dTIj7IvuC93EazPaMDZyw=</SignatureValue><KeyInfo><X509Data><X509Certificate>MIIF0jCCA7qgAwIBAgIBAzANBgkqhkiG9w0BAQ0FADByMQswCQYDVQQGEwJERTEQMA4GA1UECAwHQmF2YXJpYTEWMBQGA1UECgwNaWJhIERvc2ltZXRyeTEPMA0GA1UECgwGTG9naW1hMQwwCgYDVQQLDANPU0wxGjAYBgNVBAMMEU9TTCBmb3IgSGVsbWhvbHR6MB4XDTA5MTIxMDA5MDI1M1oXDTEyMTExMjA5MDI1M1owdjELMAkGA1UEBhMCREUxEDAOBgNVBAgMB0JhdmFyaWExFjAUBgNVBAoMDWliYSBEb3NpbWV0cnkxDzANBgNVBAoMBkxvZ2ltYTEMMAoGA1UECwwDT1NMMR4wHAYDVQQDDBVPU0xfUmVhZGVyU05fMDkwMDAxMTIwgaQwDQYJKoZIhvcNAQEBBQADgZIAMIGOAoGGC/4PRK2w8MBl0ZpJJB017hMlToH7X2J1HKH+PsSVEHCoIlsr+8WaPYgTdR/BCFbydx0lcuNXCNZJKyYrD7jeAXpJlYlpUL7FCXSjGwxf1GI2udj2B+Jjy5FDeJwP30PsH+iBAVz2WpAYeb9cMRoN2DwA55yLI6a7T6dhz4SLNscgcAsHLgkCAwEAAaOCAewwggHoMAwGA1UdEwQFMAMBAf8wNgYJYIZIAYb4QgENBCkWJ0FuIE9TTCBDZXJ0aWZpY2F0ZSBnZW5lcmF0ZWQgYnkgT3BlblNTTDAdBgNVHQ4EFgQUVD4f+dID78DOOKFMu6xlLFMxC6YwgcgGA1UdIwSBwDCBvYAU6wVR42ypZbb5xr8sWoWX1qgN5VWhgaGkgZ4wgZsxCzAJBgNVBAYTAkRFMRAwDgYDVQQIDAdCYXZhcmlhMRIwEAYDVQQHDAlOdXJlbWJlcmcxFjAUBgNVBAoMDWliYSBEb3NpbWV0cnkxDzANBgNVBAoMBkxvZ2ltYTEMMAoGA1UECwwDT1NMMR0wGwYDVQQDDBRPU0wgUm9vdCBDZXJ0aWZpY2F0ZTEQMA4GCSqGSIb3DQEJARYBIIIBAzBGBglghkgBhvhCAQQEORY3aHR0cHM6Ly9zZWN1cmVkb3MuaWJhLWdyb3VwLmNvbS9wa2kvb3NsL2NhLXJvb3QtY3JsLnBlbTA3BglghkgBhvhCAQIEKhYoaHR0cHM6Ly9zZWN1cmVkb3MuaWJhLWdyb3VwLmNvbS9wa2kvb3NsLzAbBglghkgBhvhCAQMEDhYMcmV2b2NhdGlvbi8/MBgGCWCGSAGG+EIBBwQLFglyZW5ld2FsLz8wDQYJKoZIhvcNAQENBQADggIBAGr0ljEtJfCTyLtNTvjo5Izpq69zP0gqegpEQUSnulpmnR3SSKgtIrYeQQ1m6LTsXINqJ/CvjoQnTt1sUNvV4iKc2msthi46PLSg0K4L9dcrRrkz1LsJFsBUybf0JtHUEhFice3C+C09wM7FynGl4xvQGuUBLTX1riClPgFGlZrny6FPYQ37cvLoSzH8uOBCS28+kkyEIrMtTRfs/uFFW4MUfNAhA3aGpn/QfA6kabYEfUh5epdgjfN83E0ItvphCLju6dOD7wl2hjIocOb52/YpBxVzWfkaJBgZMtMl7P+xMnscPs6VCCndc/SkVgnlIJ6DXXf4zXq4QLaVlQOtESEVyTUUYTShMs/a+0sRdPvhafEgMNaySSbufVWtlDxbcGFJqLBliEvzY5cZ8fpM4r/W6IWbpYdQQatNNE4Gv7ZRG8ACqV91pSyfVU2gUsx+9RPFQ0CN90pgjKDpbnjgJ1ZleyFSDzJFnaQAK7Tu1rYueH58wWG2tZ5OLNVA3LkREIkmUnAzNyhJM7EOEHczP86gaPEdXPiK9gseS+SDEn3f0S/4xLRMzihzkg35psj6+pNPG4YxoHXxPPBeUnzl5WFjQ10yTFMxdldUKWLZ2VQVnfep/bOIWvAJuzAwRWsCi6oPR0xIosJSlzCBFe08aRfyMlaM57EL6AH8ChS+3GOw</X509Certificate></X509Data></KeyInfo></Signature></FirstPairState>";Agent: adapter run thread for test 'VerifyTest11' with id '84f92b3c-dc48-4509-86b0-efd3d3e2d94e';;;;
    
    5424;603 ;2011-04-28 16:59:22.3717;Trace;System.Security.Cryptography.Xml.SignedXml;43;System.Security.Cryptography.Xml.SignedXmlDebugLog.WriteLine;"[SignedXml#00ad6b8a, BeginSignatureVerification] Kontext wird verwendet: <FirstPairState xmlns=""http://logima.de/osl""><!--class Logima.OSL.ReaderEraserControl.DosimeterPairState--><DosimeterID>0010000533</DosimeterID><ReaderID>09000112</ReaderID><DatasetID>b3be3387-ae77-4330-9f7e-894b650c9f32</DatasetID><Timestamp>2010-02-09T19:01:01.3051349+01:00</Timestamp><!--class Logima.OSL.ReaderEraserControl.DosimeterPairState--><PairID>First</PairID><RequestAuthor>ReaderEraserControl</RequestAuthor><State>StandardErasing</State><Signature xmlns=""http://www.w3.org/2000/09/xmldsig#""><SignedInfo><CanonicalizationMethod Algorithm=""http://www.w3.org/TR/2001/REC-xml-c14n-20010315"" /><SignatureMethod Algorithm=""http://www.w3.org/2000/09/xmldsig#rsa-sha1"" /><Reference URI=""""><Transforms><Transform Algorithm=""http://www.w3.org/2000/09/xmldsig#enveloped-signature"" /></Transforms><DigestMethod Algorithm=""http://www.w3.org/2000/09/xmldsig#sha1"" /><DigestValue>+90k3r32Yy9ORVKBq3vojem4Em4=</DigestValue></Reference></SignedInfo><SignatureValue>Boff2KUooSjxJnBEm/nkxuAiQKmBO33JnQAHSrGVV1HJfiCmjNyOEPhQ92dSTXId2M+Gko0WZYkFoFfgWTvPLYmOTYJamYjo9JrthJ+3XmLD4NU9HKuXwnuTzc9kLeUK3HqD4TDkFxyr2iu43SyU+C1NXodQT+dTIj7IvuC93EazPaMDZyw=</SignatureValue><KeyInfo><X509Data><X509Certificate>MIIF0jCCA7qgAwIBAgIBAzANBgkqhkiG9w0BAQ0FADByMQswCQYDVQQGEwJERTEQMA4GA1UECAwHQmF2YXJpYTEWMBQGA1UECgwNaWJhIERvc2ltZXRyeTEPMA0GA1UECgwGTG9naW1hMQwwCgYDVQQLDANPU0wxGjAYBgNVBAMMEU9TTCBmb3IgSGVsbWhvbHR6MB4XDTA5MTIxMDA5MDI1M1oXDTEyMTExMjA5MDI1M1owdjELMAkGA1UEBhMCREUxEDAOBgNVBAgMB0JhdmFyaWExFjAUBgNVBAoMDWliYSBEb3NpbWV0cnkxDzANBgNVBAoMBkxvZ2ltYTEMMAoGA1UECwwDT1NMMR4wHAYDVQQDDBVPU0xfUmVhZGVyU05fMDkwMDAxMTIwgaQwDQYJKoZIhvcNAQEBBQADgZIAMIGOAoGGC/4PRK2w8MBl0ZpJJB017hMlToH7X2J1HKH+PsSVEHCoIlsr+8WaPYgTdR/BCFbydx0lcuNXCNZJKyYrD7jeAXpJlYlpUL7FCXSjGwxf1GI2udj2B+Jjy5FDeJwP30PsH+iBAVz2WpAYeb9cMRoN2DwA55yLI6a7T6dhz4SLNscgcAsHLgkCAwEAAaOCAewwggHoMAwGA1UdEwQFMAMBAf8wNgYJYIZIAYb4QgENBCkWJ0FuIE9TTCBDZXJ0aWZpY2F0ZSBnZW5lcmF0ZWQgYnkgT3BlblNTTDAdBgNVHQ4EFgQUVD4f+dID78DOOKFMu6xlLFMxC6YwgcgGA1UdIwSBwDCBvYAU6wVR42ypZbb5xr8sWoWX1qgN5VWhgaGkgZ4wgZsxCzAJBgNVBAYTAkRFMRAwDgYDVQQIDAdCYXZhcmlhMRIwEAYDVQQHDAlOdXJlbWJlcmcxFjAUBgNVBAoMDWliYSBEb3NpbWV0cnkxDzANBgNVBAoMBkxvZ2ltYTEMMAoGA1UECwwDT1NMMR0wGwYDVQQDDBRPU0wgUm9vdCBDZXJ0aWZpY2F0ZTEQMA4GCSqGSIb3DQEJARYBIIIBAzBGBglghkgBhvhCAQQEORY3aHR0cHM6Ly9zZWN1cmVkb3MuaWJhLWdyb3VwLmNvbS9wa2kvb3NsL2NhLXJvb3QtY3JsLnBlbTA3BglghkgBhvhCAQIEKhYoaHR0cHM6Ly9zZWN1cmVkb3MuaWJhLWdyb3VwLmNvbS9wa2kvb3NsLzAbBglghkgBhvhCAQMEDhYMcmV2b2NhdGlvbi8/MBgGCWCGSAGG+EIBBwQLFglyZW5ld2FsLz8wDQYJKoZIhvcNAQENBQADggIBAGr0ljEtJfCTyLtNTvjo5Izpq69zP0gqegpEQUSnulpmnR3SSKgtIrYeQQ1m6LTsXINqJ/CvjoQnTt1sUNvV4iKc2msthi46PLSg0K4L9dcrRrkz1LsJFsBUybf0JtHUEhFice3C+C09wM7FynGl4xvQGuUBLTX1riClPgFGlZrny6FPYQ37cvLoSzH8uOBCS28+kkyEIrMtTRfs/uFFW4MUfNAhA3aGpn/QfA6kabYEfUh5epdgjfN83E0ItvphCLju6dOD7wl2hjIocOb52/YpBxVzWfkaJBgZMtMl7P+xMnscPs6VCCndc/SkVgnlIJ6DXXf4zXq4QLaVlQOtESEVyTUUYTShMs/a+0sRdPvhafEgMNaySSbufVWtlDxbcGFJqLBliEvzY5cZ8fpM4r/W6IWbpYdQQatNNE4Gv7ZRG8ACqV91pSyfVU2gUsx+9RPFQ0CN90pgjKDpbnjgJ1ZleyFSDzJFnaQAK7Tu1rYueH58wWG2tZ5OLNVA3LkREIkmUnAzNyhJM7EOEHczP86gaPEdXPiK9gseS+SDEn3f0S/4xLRMzihzkg35psj6+pNPG4YxoHXxPPBeUnzl5WFjQ10yTFMxdldUKWLZ2VQVnfep/bOIWvAJuzAwRWsCi6oPR0xIosJSlzCBFe08aRfyMlaM57EL6AH8ChS+3GOw</X509Certificate></X509Data></KeyInfo></Signature></FirstPairState>";Agent: adapter run thread for test 'VerifyTest11' with id '84f92b3c-dc48-4509-86b0-efd3d3e2d94e';;;;
    But the canonized form is different (the <signature/> element is still there in the first line):
    5424;3037;2011-04-28 17:01:47.4070;Trace;System.Security.Cryptography.Xml.SignedXml;43;System.Security.Cryptography.Xml.SignedXmlDebugLog.WriteLine;"[Reference#00b1772d, ReferenceData] Umgewandelte Verweisinhalte: <FirstPairState xmlns=""http://logima.de/osl""><DosimeterID>0010000533</DosimeterID><ReaderID>09000112</ReaderID><DatasetID>b3be3387-ae77-4330-9f7e-894b650c9f32</DatasetID><Timestamp>2010-02-09T19:01:01.3051349+01:00</Timestamp><PairID>First</PairID><RequestAuthor>ReaderEraserControl</RequestAuthor><State>StandardErasing</State><Signature xmlns=""http://www.w3.org/2000/09/xmldsig#""><SignedInfo><CanonicalizationMethod Algorithm=""http://www.w3.org/TR/2001/REC-xml-c14n-20010315""></CanonicalizationMethod><SignatureMethod Algorithm=""http://www.w3.org/2000/09/xmldsig#rsa-sha1""></SignatureMethod><Reference URI=""""><Transforms><Transform Algorithm=""http://www.w3.org/2000/09/xmldsig#enveloped-signature""></Transform></Transforms><DigestMethod Algorithm=""http://www.w3.org/2000/09/xmldsig#sha1""></DigestMethod><DigestValue>+90k3r32Yy9ORVKBq3vojem4Em4=</DigestValue></Reference></SignedInfo><SignatureValue>Boff2KUooSjxJnBEm/nkxuAiQKmBO33JnQAHSrGVV1HJfiCmjNyOEPhQ92dSTXId2M+Gko0WZYkFoFfgWTvPLYmOTYJamYjo9JrthJ+3XmLD4NU9HKuXwnuTzc9kLeUK3HqD4TDkFxyr2iu43SyU+C1NXodQT+dTIj7IvuC93EazPaMDZyw=</SignatureValue><KeyInfo><X509Data><X509Certificate>MIIF0jCCA7qgAwIBAgIBAzANBgkqhkiG9w0BAQ0FADByMQswCQYDVQQGEwJERTEQMA4GA1UECAwHQmF2YXJpYTEWMBQGA1UECgwNaWJhIERvc2ltZXRyeTEPMA0GA1UECgwGTG9naW1hMQwwCgYDVQQLDANPU0wxGjAYBgNVBAMMEU9TTCBmb3IgSGVsbWhvbHR6MB4XDTA5MTIxMDA5MDI1M1oXDTEyMTExMjA5MDI1M1owdjELMAkGA1UEBhMCREUxEDAOBgNVBAgMB0JhdmFyaWExFjAUBgNVBAoMDWliYSBEb3NpbWV0cnkxDzANBgNVBAoMBkxvZ2ltYTEMMAoGA1UECwwDT1NMMR4wHAYDVQQDDBVPU0xfUmVhZGVyU05fMDkwMDAxMTIwgaQwDQYJKoZIhvcNAQEBBQADgZIAMIGOAoGGC/4PRK2w8MBl0ZpJJB017hMlToH7X2J1HKH+PsSVEHCoIlsr+8WaPYgTdR/BCFbydx0lcuNXCNZJKyYrD7jeAXpJlYlpUL7FCXSjGwxf1GI2udj2B+Jjy5FDeJwP30PsH+iBAVz2WpAYeb9cMRoN2DwA55yLI6a7T6dhz4SLNscgcAsHLgkCAwEAAaOCAewwggHoMAwGA1UdEwQFMAMBAf8wNgYJYIZIAYb4QgENBCkWJ0FuIE9TTCBDZXJ0aWZpY2F0ZSBnZW5lcmF0ZWQgYnkgT3BlblNTTDAdBgNVHQ4EFgQUVD4f+dID78DOOKFMu6xlLFMxC6YwgcgGA1UdIwSBwDCBvYAU6wVR42ypZbb5xr8sWoWX1qgN5VWhgaGkgZ4wgZsxCzAJBgNVBAYTAkRFMRAwDgYDVQQIDAdCYXZhcmlhMRIwEAYDVQQHDAlOdXJlbWJlcmcxFjAUBgNVBAoMDWliYSBEb3NpbWV0cnkxDzANBgNVBAoMBkxvZ2ltYTEMMAoGA1UECwwDT1NMMR0wGwYDVQQDDBRPU0wgUm9vdCBDZXJ0aWZpY2F0ZTEQMA4GCSqGSIb3DQEJARYBIIIBAzBGBglghkgBhvhCAQQEORY3aHR0cHM6Ly9zZWN1cmVkb3MuaWJhLWdyb3VwLmNvbS9wa2kvb3NsL2NhLXJvb3QtY3JsLnBlbTA3BglghkgBhvhCAQIEKhYoaHR0cHM6Ly9zZWN1cmVkb3MuaWJhLWdyb3VwLmNvbS9wa2kvb3NsLzAbBglghkgBhvhCAQMEDhYMcmV2b2NhdGlvbi8/MBgGCWCGSAGG+EIBBwQLFglyZW5ld2FsLz8wDQYJKoZIhvcNAQENBQADggIBAGr0ljEtJfCTyLtNTvjo5Izpq69zP0gqegpEQUSnulpmnR3SSKgtIrYeQQ1m6LTsXINqJ/CvjoQnTt1sUNvV4iKc2msthi46PLSg0K4L9dcrRrkz1LsJFsBUybf0JtHUEhFice3C+C09wM7FynGl4xvQGuUBLTX1riClPgFGlZrny6FPYQ37cvLoSzH8uOBCS28+kkyEIrMtTRfs/uFFW4MUfNAhA3aGpn/QfA6kabYEfUh5epdgjfN83E0ItvphCLju6dOD7wl2hjIocOb52/YpBxVzWfkaJBgZMtMl7P+xMnscPs6VCCndc/SkVgnlIJ6DXXf4zXq4QLaVlQOtESEVyTUUYTShMs/a+0sRdPvhafEgMNaySSbufVWtlDxbcGFJqLBliEvzY5cZ8fpM4r/W6IWbpYdQQatNNE4Gv7ZRG8ACqV91pSyfVU2gUsx+9RPFQ0CN90pgjKDpbnjgJ1ZleyFSDzJFnaQAK7Tu1rYueH58wWG2tZ5OLNVA3LkREIkmUnAzNyhJM7EOEHczP86gaPEdXPiK9gseS+SDEn3f0S/4xLRMzihzkg35psj6+pNPG4YxoHXxPPBeUnzl5WFjQ10yTFMxdldUKWLZ2VQVnfep/bOIWvAJuzAwRWsCi6oPR0xIosJSlzCBFe08aRfyMlaM57EL6AH8ChS+3GOw</X509Certificate></X509Data></KeyInfo></Signature></FirstPairState>";Agent: adapter run thread for test 'VerifyTest11' with id '84f92b3c-dc48-4509-86b0-efd3d3e2d94e';;;;
    5424;617 ;2011-04-28 16:59:23.2448;Trace;System.Security.Cryptography.Xml.SignedXml;43;System.Security.Cryptography.Xml.SignedXmlDebugLog.WriteLine;"[Reference#02f58909, ReferenceData] Umgewandelte Verweisinhalte: <FirstPairState xmlns=""http://logima.de/osl""><DosimeterID>0010000533</DosimeterID><ReaderID>09000112</ReaderID><DatasetID>b3be3387-ae77-4330-9f7e-894b650c9f32</DatasetID><Timestamp>2010-02-09T19:01:01.3051349+01:00</Timestamp><PairID>First</PairID><RequestAuthor>ReaderEraserControl</RequestAuthor><State>StandardErasing</State></FirstPairState>";Agent: adapter run thread for test 'VerifyTest11' with id '84f92b3c-dc48-4509-86b0-efd3d3e2d94e';;;;

    And so verification failed for the second try (corresponding to the first lines above)...:

    5424;3038;2011-04-28 17:01:47.4670;Trace;System.Security.Cryptography.Xml.SignedXml;43;System.Security.Cryptography.Xml.SignedXmlDebugLog.WriteLine;"[SignedXml#015b9d55, VerifyReference] Verweis Reference#00b1772d mit Hash ""http://www.w3.org/2000/09/xmldsig#sha1"" (SHA1CryptoServiceProvider) weist den Hashwert ""78b95d1f459e9af1ceabd62d87ae5ed6b3fd071e"" auf, erwartet wurde Hashwert ""fbdd24debdf6632f4e455281ab7be88de9b8126e"".";Agent: adapter run thread for test 'VerifyTest11' with id '84f92b3c-dc48-4509-86b0-efd3d3e2d94e';;;;

    Does anybody have any idea why?

    Thanks!

        Stefan

     

     





    Thursday, June 13, 2013 8:11 AM
  • Hi Pluriform Developer,

    I'll look into how you can enable the SignedXmlDebugLog trace.  I'll ask the .NET developer responsible for the class how to enable it.  I'll keep you posted.

    Thanks


    Carlos Lopez - Microsoft Escalation Engineer

    Wednesday, June 19, 2013 1:55 AM
  • Hi Pluriform Developer, 

    Here's the information I got.  You
    need an app.config file similar to the below (which would create a file called XmlDsiLog.txt). The format isn’t super friendly, but it does show the XML as it goes through the various transforms.

    <configuration>

               <system.diagnostics>

                 <sources>

                   <source name="System.Security.Cryptography.Xml.SignedXml"

                           switchName="XmlDsigLogSwitch">

                     <listeners>

                       <add name="logFile" />

                    </listeners>

                   </source>

                 </sources>

                 <switches>

                   <add name="XmlDsigLogSwitch" value="Verbose" />

                 </switches>

                 <sharedListeners>

                   <add name="logFile"

                        type="System.Diagnostics.TextWriterTraceListener"

                        initializeData="XmlDsigLog.txt"/>

                 </sharedListeners>

                 <trace autoflush="true">

                   <listeners>

                     <add name="logFile" />

                   </listeners>

                 </trace>

               </system.diagnostics>

             </configuration>


    Carlos Lopez - Microsoft Escalation Engineer

    Friday, June 21, 2013 2:52 AM
  • Carlos,

    That was exactly what we needed.

    Thanks so much for all of your help and taking the time to answer our question.

    Sincerely,

    Pluriform Software

    Friday, June 21, 2013 11:09 AM