Signing a json document or string with x509 certificate #64
-
|
How to signing a json document or string with x509 certificate? public static void fund()
{
string filePath = @"C:\Users\VIKAS\Desktop\Data.xml";
//Read the file
XmlDocument xmlDoc = new XmlDocument();
XElement ele = XElement.Load(filePath);
String Xml = ele.ToString();
xmlDoc.LoadXml(Xml);
string signature = SignedXMLCert(xmlDoc);
bool verified = ValidateSignature(signature);
}
public static string SignedXMLCert(XmlDocument xmlDoc)
{
string startupPath = AppDomain.CurrentDomain.BaseDirectory + @"Certificates\unidesk.p12";
// startupPath = AppDomain.CurrentDomain.BaseDirectory + @"\Certificates\BBPS_enc.cer";
//X509Certificate2 cert = new X509Certificate2(@"D:\Sonal\AXISOU_TEST.P12", "axisbank", X509KeyStorageFlags.Exportable);
X509Certificate2 cert = new X509Certificate2(startupPath, "axisbank", X509KeyStorageFlags.Exportable);
// string PrivateKey = GetRSAPrivateKeyBase64(cert);
var privateKey = cert.PrivateKey as RSACryptoServiceProvider;
SignedXml signedXml = new SignedXml(xmlDoc);
signedXml.SigningKey = privateKey;
// Create a reference to be signed.
Reference reference = new Reference();
reference.Uri = "";
KeyInfo keyInfo = new KeyInfo();
//startupPath = AppDomain.CurrentDomain.BaseDirectory + @"\Certificates\BBPS_enc.cer";
X509Certificate MSCert = new X509Certificate(startupPath, "axisbank", X509KeyStorageFlags.Exportable);
// X509Certificate MSCert = X509Certificate.CreateFromCertFile(startupPath);
keyInfo.AddClause(new KeyInfoX509Data(MSCert));
signedXml.KeyInfo = keyInfo;
// Add an enveloped transformation to the reference.
XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform();
reference.AddTransform(env);
// Add the reference to the SignedXml object.
signedXml.AddReference(reference);
// Compute the signature.
signedXml.ComputeSignature();
// Get the XML representation of the signature and save
// it to an XmlElement object.
XmlElement xmlDigitalSignature = signedXml.GetXml();
// Append the element to the XML document.
xmlDoc.DocumentElement.AppendChild(xmlDoc.ImportNode(xmlDigitalSignature, true));
return xmlDoc.InnerXml.ToString();
}
public static bool ValidateSignature(String signedServiceMetadataContent)
{
bool result = false;
X509Certificate2 cert = GetCertificate();
//Load the key
CspParameters csp = new CspParameters();
csp.KeyContainerName = cert.PublicKey.Key.ToString();
RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(csp);
//Load XML document
XmlDocument xmlDocument = new XmlDocument();
xmlDocument.PreserveWhitespace = true;
xmlDocument.LoadXml(signedServiceMetadataContent);
//create a SignedXml and load the xml document
SignedXml signedXml = new SignedXml(xmlDocument);
//find signature and create signature node list
XmlNodeList xmlNodeList = xmlDocument.GetElementsByTagName("Signature");
if (xmlNodeList.Count <= 0)
{
throw new CryptographicException("Verification failed: No Signature was found in the document.");
}
// if more than one signature was found.
if (xmlNodeList.Count >= 2)
{
throw new CryptographicException("Verification failed: More that one signature was found for the document.");
}
//Load signature into SignedXml
signedXml.LoadXml((XmlElement)xmlNodeList[0]);
//check the signature
result = signedXml.CheckSignature(cert, true);
//result = signedXml.CheckSignature(rsa);
return result;
}
private static X509Certificate2 GetCertificate()
{
string startupPath = AppDomain.CurrentDomain.BaseDirectory + @"Certificates\unidesk.p12";
X509Certificate2 cert = new X509Certificate2(startupPath, "axisbank", X509KeyStorageFlags.Exportable);
return new X509Certificate2(cert);
} |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 1 reply
-
|
XMLDsig signature format is only suitable for XML documents. You could apply JSON Web Signature (JWS) which is designed for JSON documents. JWS SignatureA JWS with compact serialization is represented by (see RFC7515)
JWS protected header The simplest header is composed by . means algorithm RSA with SHA-256 You can add other parameters such as (X.509 Certificate Chain) or (Content Type) JWS Payload The payload is your JSON object encoded as base64url JWS Signature The JWS signature is computed on
Build the following string and apply the RSA digital signature algorithm with the private key of your certificate Finally encode the signature as base64url and append the result to the previous data to sign. You will get a JWS like this where is the header the payload and the signature Use the following links to
JWS verificationTo verify a signature from the compact format , base64url decode the signature , and verify the signature with the signed data and the used certificate |
Beta Was this translation helpful? Give feedback.
-
|
https://stackoverflow.com/questions/40447670/signing-a-json-document-or-string-with-x509-certificate |
Beta Was this translation helpful? Give feedback.
-
Beta Was this translation helpful? Give feedback.
XMLDsig signature format is only suitable for XML documents. You could apply JSON Web Signature (JWS) which is designed for JSON documents.
JWS Signature
A JWS with compact serialization is represented by (see RFC7515)
JWS protected header
The simplest header is composed by . means algorithm RSA with SHA-256
algRS256You can add other parameters such as (X.509 Certificate Chain) or (Content Type)
x5cctyJWS Payload
The payload is your JSON object encoded as base64url