[Mono-dev] Problems using SignedXML API

Sebastien Pouliot sebastien.pouliot at gmail.com
Mon Aug 14 16:40:43 EDT 2006 

Hello Romy,

On Mon, 2006-08-14 at 16:02 -0400, romyd misc wrote:
> Hi All,
> 
> I'm using Sn utility to generata public private key pair and i use
> API's from System.Security.Cryptography and

How did you convert this key from the binary format used by SN and the
xml format used by RSACryptoServiceProvider ?

> System.Security.Cryptography.Xml to sign the License file which is
> just an xml file with some elements in it.
> 
> After signing, if i make any changes in signed xml file and if i try
> to verify the file again it fails with .NET2.0 framework. But if i run
> the same code and make changes in signed license file on mono, it
> still verifies it fine.

Strange... how does MS fails ? it return false or throw an exception ?

> Although if i make a change in length of the signature element, like
> if i add or remove any character then mono runtime complains.
> 
> Are there some open issues in using SignedXML on mono or am i using
> these API's correctly on mono?
> 
> Here's the code snippet:
> 
>             #region RSA crypto service provider & load the signed XML
> license file
>             // Create an RSA crypto service provider from the embedded
>             // XML document resource (the public key).
>             RSACryptoServiceProvider csp = new RSACryptoServiceProvider();
>             csp.FromXmlString(xmlkey);
> 
>             // Load the signed XML license file.
>             XmlDocument xmldoc = new XmlDocument();
>             xmldoc.Load(LICENSEFILE_PATH);
> 
>             // Create the signed XML object & verify the signature.
>             SignedXml sxml = new SignedXml(xmldoc);
>             sxml.CheckSignature(csp)

Where are you checking the boolean result of CheckSignature ?

Anyway this isn't complete enough, so please fill a bug report on
http://bugzilla.ximian.com with a complete sample including:

- an XML document which fails on Fx 2.0 and works under Mono;

- the sample RSA key you generated (either as a file or, better,
directly embedded in your sample source);

Thanks
-- 
Sebastien Pouliot  <sebastien at ximian.com>
Blog: http://pages.infinit.net/ctech/

More information about the Mono-devel-list mailing list