none
Display existing Digital Signature RRS feed

  • Question

  • I'm currently working on my first digitally signed xml outside of infopath.  Signing it is easy, turning around and decrypting? hydrating? displaying that signature is baffling me.  I'm using certificates from smart cards to sign the information.  I've got the certificate saving with the xml, now how do I go about displaying who's signed the darn thing??  The W3C specifications on signatures clearly say that they are decryptable, but don't go into detail how.

    I'm using system.security.cryptography and cryptography.xml libraries so far.  Any direction at all would be a help.  Thank you for your time in advance.
    Jack Burnish
    Tuesday, January 12, 2010 11:33 PM

Answers

  • So easy a . . ya know the rest.
    X509 certificates are saved in this format in a signed XML document/element
    <KeyInfo>
              <X509Data>
                <X509Certificate> 
                  'ByteDataHere
                </X509Certificate>
              </X509Data>
    </KeyInfo>
    Once I figured out that A. that wasn't an encrypted hash but a byte string and B. that you could create a certificate object from a byte array, I was in business.

    'create receiving objects
    'assumes that you've already loaded the xml to a document called Doc and that you have already imported System.Security.Cryptography
            Dim certBytes() As Byte = Nothing
            Dim certString As String = String.empty
            Dim encText As New System.Text.UTF8Encoding()
            ' Find the X509Certificate entry
            Dim certList As XmlNodeList = Doc.GetElementsByTagName("X509Certificate")
            If certList.Count > 0 Then
                certString = certList(0).InnerText
            End If
            If certString <> String.Empty Then
                certBytes = encText.GetBytes(certString)
            End If
            Dim reCert As New X509Certificate2(certBytes)
    From here it won't be any problem displaying that information in a signature block on page.  Certainly tons of examples out there on how to verify signatures.
    Jack Burnish
    • Marked as answer by Jack Burnish Wednesday, January 13, 2010 3:54 PM
    Wednesday, January 13, 2010 3:54 PM