[Mono-bugs] [Bug 79454][Nor] Changed - [2.0] SignedXml does not support X509Data element

bugzilla-daemon at bugzilla.ximian.com bugzilla-daemon at bugzilla.ximian.com
Wed Sep 20 13:29:28 EDT 2006

Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.

Changed by gert.driesen at pandora.be.


--- shadow/79454	2006-09-20 13:04:58.000000000 -0400
+++ shadow/79454.tmp.3220	2006-09-20 13:29:28.000000000 -0400
@@ -51,6 +51,26 @@
 ------- Additional Comments From atsushi at ximian.com  2006-09-20 13:04 -------
 X509Data support has been there since 1.1, so I rather doubt different
 reason. It would be better if there is a signable X509Certificate to
 make signing possible.
 (Stealing the bug, as I'm on trying to fix another EncryptedXml bug.)
+------- Additional Comments From gert.driesen at pandora.be  2006-09-20 13:29 -------
+Atsushi, the X509Data element is read perfectly fine, and is 
+available in KeyInfo but SignedXml.CheckSignatureInternal does not 
+use it (while it should on the 2.0 profile). 
+Implementing support for X509 certificates is probably not that 
+hard, but for issuer serial, subject name and SKI we need to perform 
+a lookup in the certificate store (and if I'm not mistaken, this is 
+not implemented yet).
+From MSDN:
+"In version 2.0 and later of the .NET Framework, the CheckSignature 
+method will search the "AddressBook" store for certificates suitable 
+for the verification. For example, if the certificate is referenced 
+by a Subject Key Identifier (SKI), the CheckSignature method will 
+select certificates with this SKI and try them one after another 
+until it can verify the certificate."

More information about the mono-bugs mailing list