none
SignedXml checksignature returns false RRS feed

  • Question

  • I need your help please.

    So I Generated Document with Xml Signature on java and when I am trying to validate in on C# i got false. Then I generated Same Document with signature on C# and It's ok. returns true.

    here is my generated xml in C#:

    <GovTalkMessage xmlns="http://www.govtalk.gov.uk/CM/envelope">
      <EnvelopeVersion>2.0</EnvelopeVersion>
      <Header>
        <MessageDetails>
          <Class>**********</Class>
          <Qualifier>request</Qualifier>
          <Function>submit</Function>
          <CorrelationID></CorrelationID>
          <ResponseEndPoint PollInterval="0" />
          <GatewayTimestamp>2015-05-22 10:36:00 46</GatewayTimestamp>
        </MessageDetails>
        <SenderDetails>
          <IDAuthentication>
            <SenderID>*******</SenderID>
            <Authentication>
              <Method>clear</Method>
              <Value>******</Value>
            </Authentication>
          </IDAuthentication>
          <EmailAddress>nomail</EmailAddress>
        </SenderDetails>
      </Header>
      <Body>
        <Message xmlns="urn:g3.ge:cra:call:CRA_Xcrms_ProcessRequest:v1">
          <Request>
            <SubcontractId>*********</SubcontractId>
            <Parameters>
              <ECKeyValue xmlns="http://www.w3.org/2009/xmldsig11#" Id="b8fab299-1f02-4952-bc51-51c1a801cfbd">
                <NamedCurve URI="urn:oid:1.3.36.3.3.2.8.1.1.7" />
                <PublicKey>BHeO8NM3siFsm/4wOuZfuYqxEyHITRIw10nck6VWmsQeIpJ7SA6octSy6CribK+I8CfALnlPCi0ugcfhtndJjRo=</PublicKey>
                <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
                  <SignedInfo>
                    <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments" />
                    <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
                    <Reference URI="#b8fab299-1f02-4952-bc51-51c1a801cfbd">
                      <Transforms>
                        <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments" />
                      </Transforms>
                      <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                      <DigestValue>dj0zX2jwmWo31ZHQZ8QD/oCofWM=</DigestValue>
                    </Reference>
                  </SignedInfo>
                  <SignatureValue>WesZbraD0p0eW0GmhQ8ZpTyQ9Z3xiiWph/mIam2nhVPmXfJCdVVvPPxwL3IfseZLXUa4xQwOO4Goa6DOH8drqSbORdrHiTmB7f5QfeqL1kH3BB5sQuHWyHHtN37284e7/jB+1awxcyVkdE9Vk2lDsHmn4f3vjdk1tvKJOYlfsP0MEJQ4XG2fpCWgGebWHCy1oNUOI9X/hOLxQK+n5MVHM7hiO7xDcziSq2SgAOIoxHgAKEfDUR8fC1QPwQGTpClLoY2QD1wbv1h3FsnK9+Fg7Tx1g0iE6hyppb3dSveZBNWr8fOA9GMgeUzgB54bGQ8PPixRxIBs4L7Wb+Ro9qQG4w==</SignatureValue>
                  <KeyInfo>
                    <X509Data>
                      <X509Certificate>MIIFaDCCBFCgAwIBAgIKGKrxUAAAAAACYTANBgkqhkiG9w0BAQUFADBCMRIwEAYKCZImiZPyLGQBGRYCZ2UxEzARBgoJkiaJk/IsZAEZFgNjcmExFzAVBgNVBAMTDkNSQSBJU1NVSU5HIENBMB4XDTE2MDEwNDExMzgxOFoXDTE4MDEwMzExMzgxOFowgY8xCzAJBgNVBAYTAkdFMQwwCgYDVQQIEwNOL0ExEDAOBgNVBAcTB1RiaWxpc2kxEzARBgNVBAoTCkdlb0ZpblRlY2gxCzAJBgNVBAsTAklUMRowGAYDVQQDExFUYW1hciBEYXR1YXNodmlsaTEiMCAGCSqGSIb3DQEJARYTdGFtYXJAZ2VvZmludGVjaC5nZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMvjGHYQc+6pE+S90YcQ72gIu+6Min/rIQdezK6AYuxCLNocQlWM5GN2yzxbFc4S1p6j8D8Q/QKBrJ6p6T/93EyiZcV/CwEE6RC+VZkyzgz14FsQKXvjn20y8iGVIdwN7+vyTnkfFS6QngzrAukJE5TUcBQxw9Ja7Pn5QRaH6r2qiroKgw3DqszpRONMi701RNOcKYhvHZSVNQG6ZN4k/1z1TIEG4BgyhGp/9923Yo1NE8bxai2e6GBULaDV9zgicIP4bQqpAjzKlfVPVD07zE+qQlzViiXUo3Ivkk6LhRX5LtJ7f783MHY4NKMSrrpvy3wXuhvmj5SI/GQCmevqfU8CAwEAAaOCAhAwggIMMAsGA1UdDwQEAwIFoDA7BgkrBgEEAYI3FQcELjAsBiQrBgEEAYI3FQiMrxOCxd0kgeWXFZnFboLIgn1ZherrPoWoyzkCAWQCAQkwRAYJKoZIhvcNAQkPBDcwNTAOBggqhkiG9w0DAgICAIAwDgYIKoZIhvcNAwQCAgCAMAcGBSsOAwIHMAoGCCqGSIb3DQMHMB0GA1UdDgQWBBRs+UHm6cklk/B9F+ftjFRbSTSPiDAfBgNVHSMEGDAWgBTDtujkuZ450dwAyTWTgpsCj5IwSTBOBgNVHR8ERzBFMEOgQaA/hj1odHRwOi8vY3JhLWlzc3VpbmdjYS5jcmEuZ2UvQ2VydEVucm9sbC9DUkElMjBJU1NVSU5HJTIwQ0EuY3JsMG4GCCsGAQUFBwEBBGIwYDBeBggrBgEFBQcwAoZSaHR0cDovL2NyYS1pc3N1aW5nY2EuY3JhLmdlL0NlcnRFbnJvbGwvQ1JBLUlTU1VJTkdDQS5jcmEuZ2VfQ1JBJTIwSVNTVUlORyUyMENBLmNydDA1BgNVHSUELjAsBgorBgEEAYI3FAICBggrBgEFBQcDAgYIKwYBBQUHAwQGCisGAQQBgjcKAwQwQwYJKwYBBAGCNxUKBDYwNDAMBgorBgEEAYI3FAICMAoGCCsGAQUFBwMCMAoGCCsGAQUFBwMEMAwGCisGAQQBgjcKAwQwDQYJKoZIhvcNAQEFBQADggEBAFPv8dF7lv0koP4qTnf6xyR3GW5hf0k0gOv7LMxuvwNZR6fnupVNx5QS4zEsQnJQoUII9qXyScxaXe96bPRKQqMaJLpMhxjsLMqpPRTLmdIvVExf4Jyo3ZPzquYx/+IokzhJaXK2qV2Z1P/kd0p1I03BYdWEabGz+MsARSer2s4IxeELgVSHKwk/aYY3LdsddbMJg1TO0Knmqvssri/rtJ6h9PAbtheijukEktmjWdLZ+A+/mATmX9i5FOKVkc9bdRmIw0M59ura+r3HThlZ+5J6amFuQJAxp7M6RwnLOqPyk21Hiaccufw4Hr6CvQ8c9lcjbK0k5z7dBDMt+JA4shI=</X509Certificate>
                    </X509Data>
                  </KeyInfo>
                </Signature>
              </ECKeyValue>
            </Parameters>
          </Request>
        </Message>
      </Body>
    </GovTalkMessage>

    and here is my generated xml in java:

    <GovTalkMessage xmlns="http://www.govtalk.gov.uk/CM/envelope">
      <EnvelopeVersion>2.0</EnvelopeVersion>
      <Header>
        <MessageDetails>
          <Class>*******</Class>
          <Qualifier>request</Qualifier>
          <Function>submit</Function>
          <CorrelationID/>
          <ResponseEndPoint PollInterval="0"/>
          <GatewayTimestamp>2015-05-22 10:36:00 46</GatewayTimestamp>
        </MessageDetails>
        <SenderDetails>
          <IDAuthentication>
            <SenderID>*******</SenderID>
            <Authentication>
              <Method>clear</Method>
              <Value>*******</Value>
            </Authentication>
          </IDAuthentication>
          <EmailAddress>nomail</EmailAddress>
        </SenderDetails>
      </Header>
      <Body>
        <Message xmlns="urn:g3.ge:cra:call:CRA_Xcrms_ProcessRequest:v1">
          <Request>
            <SubcontractId>*******</SubcontractId>
            <Parameters>
              <ECKeyValue xmlns="http://www.w3.org/2009/xmldsig11#" Id="e05606fa-f84f-4f03-b979-59e3ab07c431">
                <NamedCurve URI="urn:oid:1.3.36.3.3.2.8.1.1.7"/>
                <PublicKey>BHCX/TfxYEqT+RkvWwe7FUwgcfYv4Delhn4Gh3VDwYdfiPNsbdSrpdTifdzjW4xF2t18Dv6oWHvnxj4vzulyLLU=</PublicKey>
                <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
                  <SignedInfo>
                    <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments"/>
                    <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
                    <Reference URI="#e05606fa-f84f-4f03-b979-59e3ab07c431">
                      <Transforms>
                        <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments"/>
                      </Transforms>
                      <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                      <DigestValue>bkpr3QO9lbDyLHfN78AptsaAiDA=</DigestValue>
                    </Reference>
                  </SignedInfo>
                  <SignatureValue>tKSd9QHighByIW87N/Flkpt5KlaeOCQjT3ot3oNycNA5143GLjo/LZr6LyILiCef9fkLtxotnANXgAxtU2VQePKJcrqksKxwFeRQg4ZaPv5R41LbNQVNlgM1pa70JpFtRgFwFIm8qzKokcd0dpBG/i+Q3318CRKbAJHXqnOvCU3g8hgWhcKDo8KISkOkvVvDiOXLlmVVspYEc9Miz+2SlXK0psMcpEZTs8Qwl2eUabcQq457pV3sWw+kWQCWWBJbU2t2sXTLw2jqT4gSvz68Txn5WwS5km0ArdmEwN7DqEpBWd9ItSVlQuq45Xi7ymwuHB4cUkx0EYwFjeOa6Y4hZw==</SignatureValue>
                  <KeyInfo>
                    <X509Data>
                      <X509Certificate>MIIFaDCCBFCgAwIBAgIKGKrxUAAAAAACYTANBgkqhkiG9w0BAQUFADBCMRIwEAYKCZImiZPyLGQBGRYCZ2UxEzARBgoJkiaJk/IsZAEZFgNjcmExFzAVBgNVBAMTDkNSQSBJU1NVSU5HIENBMB4XDTE2MDEwNDExMzgxOFoXDTE4MDEwMzExMzgxOFowgY8xCzAJBgNVBAYTAkdFMQwwCgYDVQQIEwNOL0ExEDAOBgNVBAcTB1RiaWxpc2kxEzARBgNVBAoTCkdlb0ZpblRlY2gxCzAJBgNVBAsTAklUMRowGAYDVQQDExFUYW1hciBEYXR1YXNodmlsaTEiMCAGCSqGSIb3DQEJARYTdGFtYXJAZ2VvZmludGVjaC5nZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMvjGHYQc+6pE+S90YcQ72gIu+6Min/rIQdezK6AYuxCLNocQlWM5GN2yzxbFc4S1p6j8D8Q/QKBrJ6p6T/93EyiZcV/CwEE6RC+VZkyzgz14FsQKXvjn20y8iGVIdwN7+vyTnkfFS6QngzrAukJE5TUcBQxw9Ja7Pn5QRaH6r2qiroKgw3DqszpRONMi701RNOcKYhvHZSVNQG6ZN4k/1z1TIEG4BgyhGp/9923Yo1NE8bxai2e6GBULaDV9zgicIP4bQqpAjzKlfVPVD07zE+qQlzViiXUo3Ivkk6LhRX5LtJ7f783MHY4NKMSrrpvy3wXuhvmj5SI/GQCmevqfU8CAwEAAaOCAhAwggIMMAsGA1UdDwQEAwIFoDA7BgkrBgEEAYI3FQcELjAsBiQrBgEEAYI3FQiMrxOCxd0kgeWXFZnFboLIgn1ZherrPoWoyzkCAWQCAQkwRAYJKoZIhvcNAQkPBDcwNTAOBggqhkiG9w0DAgICAIAwDgYIKoZIhvcNAwQCAgCAMAcGBSsOAwIHMAoGCCqGSIb3DQMHMB0GA1UdDgQWBBRs+UHm6cklk/B9F+ftjFRbSTSPiDAfBgNVHSMEGDAWgBTDtujkuZ450dwAyTWTgpsCj5IwSTBOBgNVHR8ERzBFMEOgQaA/hj1odHRwOi8vY3JhLWlzc3VpbmdjYS5jcmEuZ2UvQ2VydEVucm9sbC9DUkElMjBJU1NVSU5HJTIwQ0EuY3JsMG4GCCsGAQUFBwEBBGIwYDBeBggrBgEFBQcwAoZSaHR0cDovL2NyYS1pc3N1aW5nY2EuY3JhLmdlL0NlcnRFbnJvbGwvQ1JBLUlTU1VJTkdDQS5jcmEuZ2VfQ1JBJTIwSVNTVUlORyUyMENBLmNydDA1BgNVHSUELjAsBgorBgEEAYI3FAICBggrBgEFBQcDAgYIKwYBBQUHAwQGCisGAQQBgjcKAwQwQwYJKwYBBAGCNxUKBDYwNDAMBgorBgEEAYI3FAICMAoGCCsGAQUFBwMCMAoGCCsGAQUFBwMEMAwGCisGAQQBgjcKAwQwDQYJKoZIhvcNAQEFBQADggEBAFPv8dF7lv0koP4qTnf6xyR3GW5hf0k0gOv7LMxuvwNZR6fnupVNx5QS4zEsQnJQoUII9qXyScxaXe96bPRKQqMaJLpMhxjsLMqpPRTLmdIvVExf4Jyo3ZPzquYx/+IokzhJaXK2qV2Z1P/kd0p1I03BYdWEabGz+MsARSer2s4IxeELgVSHKwk/aYY3LdsddbMJg1TO0Knmqvssri/rtJ6h9PAbtheijukEktmjWdLZ+A+/mATmX9i5FOKVkc9bdRmIw0M59ura+r3HThlZ+5J6amFuQJAxp7M6RwnLOqPyk21Hiaccufw4Hr6CvQ8c9lcjbK0k5z7dBDMt+JA4shI=</X509Certificate>
                    </X509Data>
                  </KeyInfo>
                </Signature>
              </ECKeyValue>
            </Parameters>
          </Request>
        </Message>
      </Body>
    </GovTalkMessage>

    I generated these files billion times but this C# code like files which are generated from C# and but I have problem files which are generated by java:

     //it's income xml request
            string requestFromService = "myxmlFile.xml";
    
    
            XmlDocument xmlDocument = new XmlDocument();
            xmlDocument.LoadXml(Helpers.readAllFromFile(requestFromService));
    
            XmlElement xml = xmlDocument.DocumentElement;
            XmlElement keyValue = xml.GetElementsByTagName("ECKeyValue").Item(0) as XmlElement;
    
            XmlElement signatureElement = xml.GetElementsByTagName("Signature").Item(0) as XmlElement;
    
            keyValue.RemoveChild(signatureElement);
    
            //
            var signedXml = new SignedXml(keyValue);
            signedXml.LoadXml(signatureElement);
            bool result = signedXml.CheckSignature();
    
            Console.WriteLine(String.Format("Result : {0}", result));

    how System.Security.Cryptography.Xml.SignedXml works. why xml signature is not valid? please help.

    Thursday, March 31, 2016 11:07 AM

All replies

  • If the e-cert that you use to sign the XML in Java is not found in the local "AddressBook" (i.e.: Other People) certification store (see Remarks section), the function will always returns false.

    Also see this blog entry if you want to import the cert to LocalMachine certification store (by default it exist on CurrentUser store only).

    Friday, April 1, 2016 3:21 AM
    Answerer
  • No certificate is installed and it works when I generated file from C#. but When I generated file from java it doesn't works. Can't understand why
    Friday, April 1, 2016 6:17 PM
  • When you signed the XML on your own machine, it uses "your" e-cert in "Personal folder" so when you verify it on the same machine, it can find the corresponding public cert in the certificate store.

    Try get a signed file and verify it on another machine that don't know "you", this time it should fail.

    Saturday, April 2, 2016 4:13 PM
    Answerer