Why CheckSignature function returns false every time after saving the signed XML?

Category: azure key vault

Question

Tanmay K on Wed, 27 Dec 2017 19:07:36


Hi,

I am trying to sign a XML using azure keyVault and validate the signed XML. After signing the file, I have to validate the signature using public key of the certificate. When I check for the validity of the signature of signed XML using CheckSignature method, I get correct results except one observation that is  it gives false for CheckSignature() and true for CheckSignature(rsakey). But after saving the signed XML and using it for validity it returns false for every case. I tried to check all the options but couldn't come across any solution.

Am i doing anything wrong? Can it be the case where certificate/keys/secret details are having some sort of problem? Is there any known problem with specific version of .Net framework? 

Can anyone here please help me in getting it right?

I am using Azure keyVault to save the Certificate. The certificate is getting fetched using secret. I am currently using .NET framework 4.6.2.

The code snippet:

------------------------------------------------------------------------------------------------------------------------

RSACryptoServiceProvider _rsakey = null;
X509Certificate2 cer = null;

cer = await GetCertificate();//Gets Certificate from KeyVault

_rsakey = (RSACryptoServiceProvider)cer.PrivateKey;
KeyInfo keyInfo = new KeyInfo();
signedXml.SigningKey = rsaKey;
if (keyFromCert)
{
if(_rsakey!=null)
signedXml.SigningKey = _rsakey;
}
KeyInfoX509Data keyInfoData = new KeyInfoX509Data();
if (cer != null)
{
keyInfoData.AddSubjectName(cer.SubjectName.Name);
keyInfoData.AddCertificate(cer);
}

keyInfo.AddClause(keyInfoData);
signedXml.KeyInfo = keyInfo;
signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl;
Reference reference = new Reference();
reference.Uri = "";
reference.DigestMethod = "SHA1";
XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform();
reference.AddTransform(new XmlDsigExcC14NTransform());
signedXml.AddReference(reference);
signedXml.ComputeSignature();

bool passes = signedXml.CheckSignature(cer, true); // Returns True
bool passes1 = signedXml.CheckSignature(_rsakey);  // Returns True
bool passes2 = signedXml.CheckSignature(); //Returns False why this false?

XmlElement xmlDigitalSignature = signedXml.GetXml();

XmlDocument _xml = signedXml.GetXml().OwnerDocument;

xmlDoc.DocumentElement.AppendChild(xmlDoc.ImportNode(xmlDigitalSignature, true));

_xml.Save("C:\\signed_xml_prod.xml");
------------------------------------------------------------------------------------------------------------------------
//Now when we use above XMLs (_xml and xmlDoc), CheckSignature function returns false for both the XMLs
//Verification Logic
{
XmlDocument xmlDocument = new XmlDocument();
xmlDocument.PreserveWhitespace = true; //Tried without this line also, but no change in the outcome.
xmlDocument.Load("C:\\signed_xml_prod.xml");
SignedXml signedXml = new SignedXml(xmlDocument);
XmlNodeList nodeList = _Name.GetElementsByTagName("Signature");
try
{
signedXml.LoadXml((XmlElement)nodeList[0]);
}
catch (Exception ex) { }
bool ret = signedXml.CheckSignature(Key); //Returns False why this false?
bool ret1 = signedXml.CheckSignature(); //Returns False why this false?
}
------------------------------------------------------------------------------------------------------------------------

Thanks,
Tanmay