none
Sign a XML with certificate RRS feed

  • Question

  • Hi,

    I'm looking for the way to sign a XML with a certificate which is not exportable. For some security issues we shouldn't let our certificate marked as exportable.

    It works when you want to crypt a XML, you don't need the password. So, why does it mandatory just to sign? 

    Thanks in advance for helping me

    Florian

    • Moved by Mike FengModerator Wednesday, September 19, 2012 6:02 AM CLR (From:.NET Base Class Library)
    Thursday, September 13, 2012 4:12 PM

All replies

  • Signing is different from crypting.


    Ghost,
    Call me ghost for short, Thanks
    To get the better answer, it should be a better question.

    Saturday, September 15, 2012 11:11 AM
  • Thanks I know but I need to be able to sign without the needing to retrieve the password.

    When you use a Smart Key you sign but you are not able to access the private key.

    Florian

    Monday, September 17, 2012 3:16 PM
  • Hi Florian,

    Welcome to the MSDN Forum.

    I believe you have seen this documentation: http://msdn.microsoft.com/en-us/library/ms229745.aspx 

    It seems it doesn't meet your requirement. Would you like to tell us which step(s) should be changed in that sample?

    If you didn't see it, please take a look at it.

    Best regards,


    Mike Feng
    MSDN Community Support | Feedback to us
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    Tuesday, September 18, 2012 5:35 AM
    Moderator
  • Thanks for your reply, 

    I need it to be signed by a X509 certificate and the problem is :

    RSACryptoServiceProvider privateKeyProvider = 
       
    (RSACryptoServiceProvider)certificate.PrivateKey;

    If I use that, it require my X509 to be exportable which is not safe.

    Thank you for helping me.

    Florian

    Tuesday, September 18, 2012 3:00 PM
  • Hi Florian,

    Is this a workaround? It is the security part of the above document:

    Never store or transfer the private key of an asymmetric key pair in plaintext. For more information about symmetric and asymmetric cryptographic keys, seeGenerating Keys for Encryption and Decryption.

    Never embed a private key directly into your source code. Embedded keys can be easily read from an assembly using the Ildasm.exe (MSIL Disassembler) or by opening the assembly in a text editor such as Notepad.

    Best regards,


    Mike Feng
    MSDN Community Support | Feedback to us
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    Wednesday, September 19, 2012 6:08 AM
    Moderator
  • Hi Mike,

    I know that we should never embed it in source code, I never meant to do it.

    I saw that http://www.eldos.com/sbb/ says that they succeed to sign an XML file whereas the certificate is not exportable (and so the private key is not readable)

    Is there a turnaround I missed?

    Florian

    Wednesday, September 19, 2012 5:50 PM
  • Hi Florian,

    Sorry, I have no idea about the tool.

    I think you can ask the author how it achieve this.

    Best regards,


    Mike Feng
    MSDN Community Support | Feedback to us
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    Thursday, September 20, 2012 9:19 AM
    Moderator