Problemas con XML signature
Tengo un problema al firmar un XML tipo Detached, resulta que genero la firma pero despues a la hora de verificarla siempre me da que no es valida, el codigo esta en c# y es el siguiente:
using System;
using System.IO;
using System.Security.Cryptography;
using System.Security.Cryptography.Xml;
using System.Security.Cryptography.X509Certificates;
using System.Xml;
using System.Text;
public class GenerateXMLSecurity
{
String filename = "mireply.xml";
String elemento = "DATOS";
String result = "mireplyResult.xml";
static void Main(String[] args)
{
String filename = "mireply.xml";
String elemento = "DATOS";
String result = "mireplyResult.xml";
//Crea un objeto documento XML
XmlDocument document = new XmlDocument();
document.PreserveWhitespace = true;
document.Load(new XmlTextReader(filename));
// crea un objeto para manejar la etiqueta #signature.
SignedXml signedXml = new SignedXml(document);
//crea una referencia hacia el certificado fisico
X509Certificate Cert = X509Certificate.CreateFromCertFile("testCert.cer");
//referencia hacia el elemento que se va firmar.
Reference miref = new Reference();
miref.Uri = "#" + elemento;
signedXml.AddReference(miref);
RSA key = RSA.Create();
signedXml.SigningKey = key;
//crea la etiqueda #keyInfo con informacion de la clave publica
KeyInfo ki = new KeyInfo();
ki.AddClause(new KeyInfoX509Data(Cert));
signedXml.KeyInfo = ki;
signedXml.ComputeSignature();
XmlElement xmlDigitalSignature = signedXml.GetXml();
document.DocumentElement.AppendChild(xmlDigitalSignature);
document.Save(new XmlTextWriter(result, new UTF8Encoding(false)));
Console.WriteLine(xmlDigitalSignature.OuterXml);
}
}
y la firma que genera es es:
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="#DATOS">
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>4rgxLlcXhrdub2nT69U85ulB+Fk=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>I9JHvThPvzWLcncIQM7zlT133SoEaiRsKP2/nHt36mG8V0W2iYUdF4BJxLulgS8wHlFnDdLcnZwIRTdt2LgUeaSymoQZZofYfObwb8G5wFlqC0CWPLwdrI8QlUPmUfjtVk0r0SDqxE4VmVBSdUwAU25j2th8CEzYdT8ya9OOOHc=</SignatureValue>
<KeyInfo>
<X509Data xmlns="http://www.w3.org/2000/09/xmldsig#">
<X509Certificate>MIIEUzCCA/2gAwIBAgIKDGKcXAAAAAAAJDANBgkqhkiG9w0BAQUFADBsMQswCQYDVQQGEwJFUzESMBAGA1UECBMJQSBDT1JVTkhBMREwDwYDVQQHEwhTQU5USUFHTzEPMA0GA1UEChMGQ0lYVEVDMQ8wDQYDVQQLEwZDSVhURUMxFDASBgNVBAMTC0NBLVNJU1RFTUFTMB4XDTA0MTAwNTEyMjY1MVoXDTA1MTAwNTEyMzY1MVowcjELMAkGA1UEBhMCRVMxEjAQBgNVBAgTCUEgQ09SVU5IQTERMA8GA1UEBxMIU0FOVElBR08xDzANBgNVBAoTBkNJWFRFQzEPMA0GA1UECxMGQ0lYVEVDMRowGAYDVQQDExFjaXh0ZWNkZXNhcnJvbGxvMjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAyUDGw/5wAiLx0KVzA9/IQQSSa5w24S0aS+x46f5yCce43qfDd58VvkxR1rjddKxT4WY2a2mLZXeCDF8zbibj6Yblic0N8F8w3jOIKuI57Wl6mj9a20+hohpge6hl68jOPk4okdlRsL7ksjKa9LMIgbEmOuxaj12wcu4fbU6tRJ8CAwEAAaOCAjUwggIxMA4GA1UdDwEB/wQEAwIE8DATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUpFg6Hz5AFAQSTkVQwgnraOIL8EowgaUGA1UdIwSBnTCBmoAU0j/7HLf+gYxw5QYUtKlRQuAakgKhcKRuMGwxCzAJBgNVBAYTAkVTMRIwEAYDVQQIEwlBIENPUlVOSEExETAPBgNVBAcTCFNBTlRJQUdPMQ8wDQYDVQQKEwZDSVhURUMxDzANBgNVBAsTBkNJWFRFQzEUMBIGA1UEAxMLQ0EtU0lTVEVNQVOCEFKwjGvH5wSATTS9e0tySmowgYMGA1UdHwR8MHowOqA4oDaGNGh0dHA6Ly9zZXJ2LXNpczEuY2l4dGVjLmwvQ2VydEVucm9sbC9DQS1TSVNURU1BUy5jcmwwPKA6oDiGNmZpbGU6Ly9cXHNlcnYtc2lzMS5jaXh0ZWMubFxDZXJ0RW5yb2xsXENBLVNJU1RFTUFTLmNybDCBvAYIKwYBBQUHAQEEga8wgawwUwYIKwYBBQUHMAKGR2h0dHA6Ly9zZXJ2LXNpczEuY2l4dGVjLmwvQ2VydEVucm9sbC9zZXJ2LXNpczEuY2l4dGVjLmxfQ0EtU0lTVEVNQVMuY3J0MFUGCCsGAQUFBzAChklmaWxlOi8vXFxzZXJ2LXNpczEuY2l4dGVjLmxcQ2VydEVucm9sbFxzZXJ2LXNpczEuY2l4dGVjLmxfQ0EtU0lTVEVNQVMuY3J0MA0GCSqGSIb3DQEBBQUAA0EAY52IGCLW4cqMhvb/SQ28F0LZRZd8mbrOi3bL8+CnGkRDPFAAhzNI5S5vOSVZv9Q7Pn62gSZyuCYBfXYWIX/OGg==</X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
no se si es problema del algoritmo de encriptación o que puede ser, os agradeceria q me hecharais un cable es urgente, gracias.
using System;
using System.IO;
using System.Security.Cryptography;
using System.Security.Cryptography.Xml;
using System.Security.Cryptography.X509Certificates;
using System.Xml;
using System.Text;
public class GenerateXMLSecurity
{
String filename = "mireply.xml";
String elemento = "DATOS";
String result = "mireplyResult.xml";
static void Main(String[] args)
{
String filename = "mireply.xml";
String elemento = "DATOS";
String result = "mireplyResult.xml";
//Crea un objeto documento XML
XmlDocument document = new XmlDocument();
document.PreserveWhitespace = true;
document.Load(new XmlTextReader(filename));
// crea un objeto para manejar la etiqueta #signature.
SignedXml signedXml = new SignedXml(document);
//crea una referencia hacia el certificado fisico
X509Certificate Cert = X509Certificate.CreateFromCertFile("testCert.cer");
//referencia hacia el elemento que se va firmar.
Reference miref = new Reference();
miref.Uri = "#" + elemento;
signedXml.AddReference(miref);
RSA key = RSA.Create();
signedXml.SigningKey = key;
//crea la etiqueda #keyInfo con informacion de la clave publica
KeyInfo ki = new KeyInfo();
ki.AddClause(new KeyInfoX509Data(Cert));
signedXml.KeyInfo = ki;
signedXml.ComputeSignature();
XmlElement xmlDigitalSignature = signedXml.GetXml();
document.DocumentElement.AppendChild(xmlDigitalSignature);
document.Save(new XmlTextWriter(result, new UTF8Encoding(false)));
Console.WriteLine(xmlDigitalSignature.OuterXml);
}
}
y la firma que genera es es:
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="#DATOS">
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>4rgxLlcXhrdub2nT69U85ulB+Fk=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>I9JHvThPvzWLcncIQM7zlT133SoEaiRsKP2/nHt36mG8V0W2iYUdF4BJxLulgS8wHlFnDdLcnZwIRTdt2LgUeaSymoQZZofYfObwb8G5wFlqC0CWPLwdrI8QlUPmUfjtVk0r0SDqxE4VmVBSdUwAU25j2th8CEzYdT8ya9OOOHc=</SignatureValue>
<KeyInfo>
<X509Data xmlns="http://www.w3.org/2000/09/xmldsig#">
<X509Certificate>MIIEUzCCA/2gAwIBAgIKDGKcXAAAAAAAJDANBgkqhkiG9w0BAQUFADBsMQswCQYDVQQGEwJFUzESMBAGA1UECBMJQSBDT1JVTkhBMREwDwYDVQQHEwhTQU5USUFHTzEPMA0GA1UEChMGQ0lYVEVDMQ8wDQYDVQQLEwZDSVhURUMxFDASBgNVBAMTC0NBLVNJU1RFTUFTMB4XDTA0MTAwNTEyMjY1MVoXDTA1MTAwNTEyMzY1MVowcjELMAkGA1UEBhMCRVMxEjAQBgNVBAgTCUEgQ09SVU5IQTERMA8GA1UEBxMIU0FOVElBR08xDzANBgNVBAoTBkNJWFRFQzEPMA0GA1UECxMGQ0lYVEVDMRowGAYDVQQDExFjaXh0ZWNkZXNhcnJvbGxvMjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAyUDGw/5wAiLx0KVzA9/IQQSSa5w24S0aS+x46f5yCce43qfDd58VvkxR1rjddKxT4WY2a2mLZXeCDF8zbibj6Yblic0N8F8w3jOIKuI57Wl6mj9a20+hohpge6hl68jOPk4okdlRsL7ksjKa9LMIgbEmOuxaj12wcu4fbU6tRJ8CAwEAAaOCAjUwggIxMA4GA1UdDwEB/wQEAwIE8DATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUpFg6Hz5AFAQSTkVQwgnraOIL8EowgaUGA1UdIwSBnTCBmoAU0j/7HLf+gYxw5QYUtKlRQuAakgKhcKRuMGwxCzAJBgNVBAYTAkVTMRIwEAYDVQQIEwlBIENPUlVOSEExETAPBgNVBAcTCFNBTlRJQUdPMQ8wDQYDVQQKEwZDSVhURUMxDzANBgNVBAsTBkNJWFRFQzEUMBIGA1UEAxMLQ0EtU0lTVEVNQVOCEFKwjGvH5wSATTS9e0tySmowgYMGA1UdHwR8MHowOqA4oDaGNGh0dHA6Ly9zZXJ2LXNpczEuY2l4dGVjLmwvQ2VydEVucm9sbC9DQS1TSVNURU1BUy5jcmwwPKA6oDiGNmZpbGU6Ly9cXHNlcnYtc2lzMS5jaXh0ZWMubFxDZXJ0RW5yb2xsXENBLVNJU1RFTUFTLmNybDCBvAYIKwYBBQUHAQEEga8wgawwUwYIKwYBBQUHMAKGR2h0dHA6Ly9zZXJ2LXNpczEuY2l4dGVjLmwvQ2VydEVucm9sbC9zZXJ2LXNpczEuY2l4dGVjLmxfQ0EtU0lTVEVNQVMuY3J0MFUGCCsGAQUFBzAChklmaWxlOi8vXFxzZXJ2LXNpczEuY2l4dGVjLmxcQ2VydEVucm9sbFxzZXJ2LXNpczEuY2l4dGVjLmxfQ0EtU0lTVEVNQVMuY3J0MA0GCSqGSIb3DQEBBQUAA0EAY52IGCLW4cqMhvb/SQ28F0LZRZd8mbrOi3bL8+CnGkRDPFAAhzNI5S5vOSVZv9Q7Pn62gSZyuCYBfXYWIX/OGg==</X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
no se si es problema del algoritmo de encriptación o que puede ser, os agradeceria q me hecharais un cable es urgente, gracias.
Yo utiliso el WSE 2.0 para firmar, pero me está saliendo el error: DecryptValue :(... y nosé como solucionarlo:
SignedXml sig = new SignedXml(doc);
sig.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigCanonicalizationUrl;
Reference rr = new Reference();
rr.Uri = \"\";
System.Security.Cryptography.Xml.XmlDsigEnvelopedSignatureTransform trns = new System.Security.Cryptography.Xml.XmlDsigEnvelopedSignatureTransform();
rr.AddTransform(trns);
sig.AddReference(rr);
KeyInfo keyinf = new KeyInfo();
keyinf.AddClause(new RSAKeyValue(clave));
keyinf.AddClause(new KeyInfoX509Data(certificado));
sig.KeyInfo = keyinf;
sig.SigningKey = clave;
sig.ComputeSignature();
XmlElement xmlDigitalSignature = sig.GetXml();
SignedXml sig = new SignedXml(doc);
sig.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigCanonicalizationUrl;
Reference rr = new Reference();
rr.Uri = \"\";
System.Security.Cryptography.Xml.XmlDsigEnvelopedSignatureTransform trns = new System.Security.Cryptography.Xml.XmlDsigEnvelopedSignatureTransform();
rr.AddTransform(trns);
sig.AddReference(rr);
KeyInfo keyinf = new KeyInfo();
keyinf.AddClause(new RSAKeyValue(clave));
keyinf.AddClause(new KeyInfoX509Data(certificado));
sig.KeyInfo = keyinf;
sig.SigningKey = clave;
sig.ComputeSignature();
XmlElement xmlDigitalSignature = sig.GetXml();