我使用下面的方法來簽署XML文檔的XML文檔:簽名使用RSA-SHA256簽名方法問題
public static XmlDocument SignDocument(XmlDocument doc)
{
string signatureCanonicalizationMethod = "http://www.w3.org/2001/10/xml-exc-c14n#";
string signatureMethod = @"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";
string digestMethod = @"http://www.w3.org/2001/04/xmlenc#sha256";
string signatureReferenceURI = "#_73e63a41-156d-4fda-a26c-8d79dcade713";
CryptoConfig.AddAlgorithm(typeof(RSAPKCS1SHA256SignatureDescription), signatureMethod);
var signingCertificate = GetCertificate();
SignedXml signer = new SignedXml(doc);
signer.SigningKey = signingCertificate.PrivateKey;
signer.KeyInfo = new KeyInfo();
signer.KeyInfo.AddClause(new KeyInfoX509Data(signingCertificate));
signer.SignedInfo.CanonicalizationMethod = signatureCanonicalizationMethod;
signer.SignedInfo.SignatureMethod = signatureMethod;
XmlDsigEnvelopedSignatureTransform envelopeTransform = new XmlDsigEnvelopedSignatureTransform();
XmlDsigExcC14NTransform cn14Transform = new XmlDsigExcC14NTransform();
Reference signatureReference = new Reference();
signatureReference.Uri = signatureReferenceURI;
signatureReference.AddTransform(envelopeTransform);
signatureReference.AddTransform(cn14Transform);
signatureReference.DigestMethod = digestMethod;
signer.AddReference(signatureReference);
signer.ComputeSignature();
XmlElement signatureElement = signer.GetXml();
doc.DocumentElement.AppendChild(signer.GetXml());
return doc;
}
private static X509Certificate2 GetCertificate()
{
X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadOnly);
X509Certificate2 card = null;
foreach (X509Certificate2 cert in store.Certificates)
{
if (!cert.HasPrivateKey) continue;
if (cert.Thumbprint.Equals("a_certain_thumb_print", StringComparison.OrdinalIgnoreCase))
{
card = cert;
break;
}
}
store.Close();
return card;
}
試圖計算時類型System.Security.Cryptography.CryptographicException的異常被拋出帶錯誤消息的簽名指定的算法無效。有任何想法嗎?
機器:Windows Server 2008 R2
.Net Framework:4.0。
IDE:Visual Studio 2010.
實現我解決這個問題(感謝菲利普)如下: /*添加的代碼後VAR signingCertificate = GetCertificate以下行(); */ CspParameters cspParams = new CspParameters(24); cspParams.KeyContainerName =「XML_DISG_RSA_KEY」; RSACryptoServiceProvider key = new RSACryptoServiceProvider(cspParams); key.FromXmlString(signingCertificate.PrivateKey.ToXmlString(true)); /*將新密鑰分配給簽署者的SigningKey */ metadataSigner.SigningKey = key; – UncleZen 2012-08-03 18:00:50
thx UncleZen修復了它,但cspParams.KeyContainerName =「XML_DISG_RSA_KEY」不是必需的,它在沒有它的情況下也起作用。 – BitSchupser 2013-10-07 11:20:53