Question

我想在XML文件中添加数字签名，特别是在签名文件之前我想在文件中添加xml注释然后登录。

签约部分似乎工作正常。即对于我的评论或文件中的不同内容，我得到不同的签名。此外，正确显示了canonalization属性并明确显示签名包含注释。

但是，当在XML文件上执行签名时，将忽略注释的内容。即，如果我更改了注释的内容，则签名在每种情况下都被声明为有效。

我不明白的一点是，如果签名为评论中的不同内容产生不同的值，这是怎么回事。

可能出现什么问题？

我的示例文件：

原始XML文件：

    <?xml version="1.0" encoding="utf-8"?>
    <test>
    <ThisIsATest></ThisIsATest>
    </test>

带有示例注释的签名文件：

    <?xml version="1.0" encoding="utf-8"?>
    <test><!--Comment 1-->
    <ThisIsATest></ThisIsATest>
    <!--Comment 1-->
    <Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments" /><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><Reference URI=""><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><DigestValue>0XZNOavY/0SEZPoU1cBJZs+rAlo=</DigestValue></Reference></SignedInfo><SignatureValue>T9xYVBwbWX3qg4IfsB3XJkviTaOh0pmEJ4Acimf9PA5Y5eDQ+ML8cWXkRPj4pYaGPa13TuwXkc0OK2izen4Cajrg4IZJRW8bLAIEt19wf1F8bduEN02WW2GZVN65OwUqSDqkC4vqMQ07IsVKap0KQaiyOrguZEEtygmSDES1OdM=</SignatureValue><KeyInfo><KeyValue><RSAKeyValue><Modulus>yi0TzN4OQ+mhHSDTZLcZPMnzbSrF51T9yLnWpnkkA+zUyhN6vEHBPgTjDst7RWQNg3G74NR4a88EiBCGzUdEH0a61cyUgHLW1/0IpBIr37jyhwFkLNmogpCltwO5KXNFOuqfq+yXYupHMkgW0BMn7AZfqr3XpuQsjGu2SQUxvr0=</Modulus><Exponent>AQAB</Exponent></RSAKeyValue></KeyValue></KeyInfo></Signature></test>

带有不同示例注释的签名文件：

 <?xml version="1.0" encoding="utf-8"?>
    <test><!--Comment 2-->
    <ThisIsATest></ThisIsATest>
    <!--Comment 2-->
    <Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments" /><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><Reference URI=""><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><DigestValue>0XZNOavY/0SEZPoU1cBJZs+rAlo=</DigestValue></Reference></SignedInfo><SignatureValue>gnAIkBy2Bi6CaxT6mCPCMw97BboX6EZ2l5tTuSj9zbPIdznScjMMhuUIFYGnl2Q73Nmify3HX2PHCyONfk9aaBcoP2v0G754NiH5T86gkGqo1IaMJVE9zXhjv5mMI7qV+o0lqvBLnvrr1hooIdUt6OL4j3OXgVG0OzhChaOz8K8=</SignatureValue><KeyInfo><KeyValue><RSAKeyValue><Modulus>nvH+jxiGv3BCqW3yWgsEr+VGiDIOdCn11FwHsU6CDVVIkzufMpyLnOPZQ5nSV1lWRS2KDUCLdp2FlJKNnJPnD0O3WBcpTN7+q9XrSYvu7UihEL4T1dT0QoBhBoKOLj08y45ZJ02tKqOmsN0LlDCr/dGiidZywPbr4s5uPQCJxLM=</Modulus><Exponent>AQAB</Exponent></RSAKeyValue></KeyValue></KeyInfo></Signature></test>

我的代码中添加了注释和签名文件的部分：

    public XmlDocument SignXMLString2(string xmlStringToSign) {
        var originalDocument = new XmlDocument { PreserveWhitespace = true };
        originalDocument.LoadXml(xmlStringToSign);

        string commentString = "Comment 1";

        var documentElement = originalDocument.DocumentElement;
        var commentElement1 = originalDocument.CreateComment(commentString);
        var commentElement2 = originalDocument.CreateComment(commentString);


        documentElement.PrependChild(commentElement1);
        documentElement.AppendChild(commentElement2);
        documentElement.AppendChild(originalDocument.CreateTextNode("\n"));


        var transformEnveloped = new XmlDsigEnvelopedSignatureTransform();
        var reference = new Reference { Uri = "" };
        reference.AddTransform(transformEnveloped);


        var xmldsig = new SignedXml(originalDocument);


        xmldsig.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigCanonicalizationWithCommentsUrl;// tried different one's here
        // xmldsig.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NWithCommentsTransformUrl;
        // xmldsig.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigC14NWithCommentsTransformUrl;

        xmldsig.AddReference(reference);
        xmldsig.SigningKey = new RSACryptoServiceProvider();
        xmldsig.KeyInfo = new KeyInfo();

        xmldsig.KeyInfo.AddClause(new RSAKeyValue((RSA)xmldsig.SigningKey));
        xmldsig.ComputeSignature();

        XmlElement signature = xmldsig.GetXml();



        XmlNode signatureNode = originalDocument.ImportNode(signature, true);


        originalDocument.DocumentElement.AppendChild(signatureNode);

        return originalDocument;

    }

我的代码中验证签名的部分：

  public bool Validate2(string pathSigned) {

                string xmlString = File.ReadAllText(path: pathSigned, encoding: Encoding.UTF8);


                var signedDocument = new XmlDocument { PreserveWhitespace = true };
                signedDocument.LoadXml(xmlString);

                var xmldsig = new SignedXml(signedDocument);




                var signature = (XmlElement)signedDocument.GetElementsByTagName("Signature")[0];
                xmldsig.LoadXml(signature);

                Console.WriteLine("xmldsig.SignedInfo.CanonicalizationMethod=" + xmldsig.SignedInfo.CanonicalizationMethod);//This shows the proper canonicalization

                bool result = xmldsig.CheckSignature();
                return result;
        }

Answer 1

您正在使用URI：＆＃34;＆＃34;。这是一个相同的文档URI（参见http://www.w3.org/TR/xmldsig-core/#sec-Same-Document）。在这种情况下，注释节点将被删除（甚至在任何规范化之前），并且不包含在签名部分中。

希望这有帮助。

无法验证XML文件的签名包括c＃中的注释

1 个答案: