signing same xml makes different signature every time

Question

Hello. I'm trying to sign an XML-document with an X509-certificate. That's the source document:

<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/">
  <s:Header>
    <Action xmlns="http://schemas.microsoft.com/ws/2005/05/addressing/none" s:mustUnderstand="1">http://roskazna.ru/SmevUnifoService/UnifoTransferMsg</Action>
    <ActivityId xmlns="http://schemas.microsoft.com/2004/09/ServiceModel/Diagnostics" CorrelationId="d1ee6720-525b-4745-8173-f86089d24521">d20437e1-a284-4597-ac92-47cc9eafd55d</ActivityId>
  <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" id="Cert"></wsse:BinarySecurityToken></wsse:Security></s:Header>
  <s:Body id="body">
    <UnifoTransferMsg xmlns="http://roskazna.ru/SmevUnifoService/">
      <Message xmlns="http://smev.gosuslugi.ru/rev110801">
        <Sender>
          <Code>00408</Code>
          <Name>ООО «Научно-производственный центр Бюджетного учёта»</Name>
        </Sender>
        <Recipient>
          <Code>0000000000</Code>
          <Name>UNIFO</Name>
        </Recipient>
        <Originator>
          <Code>0000000001</Code>
          <Name>External Organization</Name>
        </Originator>
        <TypeCode>5</TypeCode>
        <Date>2013-01-01T00:00:00</Date>
      </Message>
      <MessageData xmlns="http://smev.gosuslugi.ru/rev110801">
        <AppData>
          <exportData xmlns="http://rosrazna.ru/xsd/SmevUnifoService">
            <DataRequest xmlns="http://roskazna.ru/xsd/PGU_DataRequest">
              <PostBlock xmlns="">
                <ID>254510</ID>
                <TimeStamp>2013-01-01T00:00:00</TimeStamp>
                <SenderIdentifier>00002</SenderIdentifier>
              </PostBlock>
            </DataRequest>
          </exportData>
        </AppData>
      </MessageData>
    </UnifoTransferMsg>
  </s:Body>
</s:Envelope>

The content of <s:Body> element always the same (timestamps are static).

I'm performing signing with SignedXmlObject:

            X509Store store = new X509Store(StoreName.My);
            
            store.Open(OpenFlags.ReadOnly);
            
            var signingCerts = store.Certificates.Find(X509FindType.FindByThumbprint,
                                    "ea dc a4 4f c1 f0 9a 8a f5 c3 1e 2e 13 55 06 92 30 dd 41 7a", true);            
            if (signingCerts.Count<=0) return unsignedMessage;
            store.Close();

            var signingCert = signingCerts[0];

            var signedXml = new SignedXml(xDoc);
            signedXml.SigningKey = signingCert.PrivateKey;
            signedXml.KeyInfo = new KeyInfo();
            signedXml.KeyInfo.AddClause(new KeyInfoX509Data(signingCert));
            signedXml.SignedInfo.SignatureMethod = signingCert.PrivateKey.SignatureAlgorithm;
            Reference reference = new Reference();
            reference.Uri = "#body";
            var env = new XmlDsigExcC14NTransform();
            reference.AddTransform(env);
            reference.DigestMethod = "http://www.w3.org/2001/04/xmldsig-more#gostr3411";
            signedXml.SignedInfo.CanonicalizationMethod = "http://www.w3.org/2001/10/xml-exc-c14n#";            
            signedXml.AddReference(reference);
            signedXml.ComputeSignature();
            XmlElement xmlDigitalSignature = signedXml.GetXml();

The xmlDigitalSignature is (mostly):

<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></CanonicalizationMethod>
<SignatureMethod Algorithm="urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34102001-gostr3411"></SignatureMethod>
<Reference URI="#body">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></Transform>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#gostr3411"></DigestMethod>
<DigestValue>kAaM4srbIgOfz9AFbHwVIHqEKAGoQNSWBWDN/MsIRd8=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>Ol36sV+to2FmR6WJ3VrbgCU5HFiq5GPx8QWRfKfEO/Odqzz0iydSAdQk6gaMBtgqk04F92lzajF1McZU5eeb4w==</SignatureValue>
<KeyInfo>
<X509Data>
<X509Certificate>MIIFazCCBRqgAwIBAgIKGk42hgABAABVUTAIBgYqhQMCAgMwggEjMR4wHAYJKoZIhvcNAQkBFg91Y0Byb3NlbHRvcmcucnUxCzAJBgNVBAYTAlJVMRUwEwYDVQQHDAzQnNC+0YHQutCy0LAxgYswgYgGA1UECgyBgNCe0YLQutGA0YvRgtC+0LUg0LDQutGG0LjQvtC90LXRgNC90L7QtSDQvtCx0YnQtdGB0YLQstC+ICLQldC00LjQvdCw0Y8g0Y3Qu9C10LrRgtGA0L7QvdC90LDRjyDRgtC+0YDQs9C+0LLQsNGPINC/0LvQvtGJ0LDQtNC60LAiMTAwLgYDVQQLDCfQo9C00L7RgdGC0L7QstC10YDRj9GO0YnQuNC5INGG0LXQvdGC0YAxHTAbBgNVBAMMFNCj0KYg0J7QkNCeINCV0K3QotCfMB4XDTEyMDYwOTA2MTUwMFoXDTEzMDYwOTA2MjQwMFowggFPMR0wGwYJKoZIhvcNAQkBFg5wdnY4ODhAbWFpbC5ydTELMAkGA1UEBhMCUlUxGzAZBgNVBAgeEgQzAC4AIAQcBD4EQQQ6BDIEMDEbMBkGA1UEBx4SBDMALgAgBBwEPgRBBDoEMgQwMS8wLQYDVQQKHiYEHgQeBB4AIAQdBB8EJgAgACIEEQROBDQENgQ1BEIALQAyADEAIjFDMEEGA1UEAx46BBYEQwRABDAEMgQ7BDUEMgQwACAEGwROBDEEPgQyBEwAIAQSBDsEMAQ0BDgEPAQ4BEAEPgQyBD0EMDE+MDwGCSqGSIb3DQEJAhMvSU5OPTc3MDUzNTc3NTcvS1BQPTc3MDgwMTAwMS9PR1JOPTEwMzc3MzkzMjM1NTUxMTAvBgNVBAweKAQTBDUEPQQ1BEAEMAQ7BEwEPQRLBDkAIAQ0BDgEQAQ1BDoEQgQ+BEAwYzAcBgYqhQMCAhMwEgYHKoUDAgIkAAYHKoUDAgIeAQNDAARA5wqlJPNMapZIIQpi4PxwGAUpSjtCUE3WxyBbK5Jx/wccJr7YnA+4fiK3PAW4ELbNRSNconi0QQRxokbxC+V4VKOCAfwwggH4MA4GA1UdDwEB/wQEAwIE8DAdBgNVHQ4EFgQUY/rjGVTIbJS7l32dEYB/glzGqtcwYQYDVR0lBFowWAYIKoUDBgMBBAEGCCsGAQUFBwMEBgcqhQMGAwEBBgcqhQMCAiIGBggrBgEFBQcDAgYIKoUDBgMBBAMGCCqFAwYDAQQCBggqhQMGAwEDAQYIKoUDBgMBAgEwHwYDVR0jBBgwFoAUl5jFDlED1omkb9PY7iutLk58A/8wga0GA1UdHwSBpTCBojCBn6CBnKCBmYZKaHR0cDovL3VjLnJvc2VsdG9yZy5ydS9yYS9jZHAvOTc5OGM1MGU1MTAzZDY4OWE0NmZkM2Q4ZWUyYmFkMmU0ZTdjMDNmZi5jcmyGS2h0dHA6Ly9ldHAucm9zZWx0b3JnLnJ1L3JhL2NkcC85Nzk4YzUwZTUxMDNkNjg5YTQ2ZmQzZDhlZTJiYWQyZTRlN2MwM2ZmLmNybDBmBggrBgEFBQcBAQRaMFgwVgYIKwYBBQUHMAKGSmh0dHA6Ly91Yy5yb3NlbHRvcmcucnUvcmEvY2RwLzk3OThjNTBlNTEwM2Q2ODlhNDZmZDNkOGVlMmJhZDJlNGU3YzAzZmYuY3J0MCsGA1UdEAQkMCKADzIwMTIwNjA5MDYxNTAwWoEPMjAxMzA2MDkwNjE0MDBaMAgGBiqFAwICAwNBAPKm81Ey8aVIwDk1lGXKLwbrBNZg3TyCDzr3+GwR+8Woo3abOdALkIL/C/FhzmuUp71OV+MfYGZMTuG+l1QpWMQ=</X509Certificate>
</X509Data>
</KeyInfo>
</Signature>

The DigestValue is always the same, but the SignatureValue is always different! I can verify the whole <Signature> element by SignedInfo object and it always returns true, but the SignatureValue is always different. How can that be?

Answer 1

ok, nvm, i've just figured out that "gost34102001-gostr341" creates different signatures for the same data.