[Mono-bugs] [Bug 79454][Nor] Changed - [2.0] SignedXml does not support X509Data element
bugzilla-daemon at bugzilla.ximian.com
bugzilla-daemon at bugzilla.ximian.com
Wed Sep 20 13:29:28 EDT 2006
Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.
Changed by gert.driesen at pandora.be.
http://bugzilla.ximian.com/show_bug.cgi?id=79454
--- shadow/79454 2006-09-20 13:04:58.000000000 -0400
+++ shadow/79454.tmp.3220 2006-09-20 13:29:28.000000000 -0400
@@ -51,6 +51,26 @@
------- Additional Comments From atsushi at ximian.com 2006-09-20 13:04 -------
X509Data support has been there since 1.1, so I rather doubt different
reason. It would be better if there is a signable X509Certificate to
make signing possible.
(Stealing the bug, as I'm on trying to fix another EncryptedXml bug.)
+
+------- Additional Comments From gert.driesen at pandora.be 2006-09-20 13:29 -------
+Atsushi, the X509Data element is read perfectly fine, and is
+available in KeyInfo but SignedXml.CheckSignatureInternal does not
+use it (while it should on the 2.0 profile).
+
+Implementing support for X509 certificates is probably not that
+hard, but for issuer serial, subject name and SKI we need to perform
+a lookup in the certificate store (and if I'm not mistaken, this is
+not implemented yet).
+
+From MSDN:
+
+"In version 2.0 and later of the .NET Framework, the CheckSignature
+method will search the "AddressBook" store for certificates suitable
+for the verification. For example, if the certificate is referenced
+by a Subject Key Identifier (SKI), the CheckSignature method will
+select certificates with this SKI and try them one after another
+until it can verify the certificate."
+
More information about the mono-bugs
mailing list