How to find X509SerialNumber

Question

I'm building soap message which requires wse security and for some reason, the client requires KeyInfo, subject and serial #. but the serial # displayued for the x509 is hex and doesn't fit the xsd requirements for X509SerialNumber node which is integer. I've read that this needs to the the issuer serial # but it isn't part of the cert. This is a self signed certificate. How can I determine what the serial # is?

Please DO NOT tell me to use WCF. If I could use it, I would. I know WCF would make it easier, I hold an MCTS for WCF.

Answer 1

I found what I needed. http://www.dotnetmonster.com/Uwe/Forum.aspx/dotnet-security/2875/Manually-computing-sha1-digest-of-reference-containing

Just needed to add some code. the X509ChainElement.Certificate.GetSerialNumberString() gives me what I need and I don't have to calc anything.

Here is the code I'm now using

public static XmlElement GenerateSignature(XmlElement xmlToSign, StoreName storeName, StoreLocation storeLocation, X509Certificate2 certificate, string referenceID)
    {
        SignedXml signedXml = new SignedXml(xmlToSign);

        signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl;
        signedXml.SigningKey = certificate.PrivateKey;

        Reference tRef = new Reference(referenceID);
        XmlDsigExcC14NTransform env = new XmlDsigExcC14NTransform();

        tRef.AddTransform(env);
        signedXml.AddReference(tRef);

        KeyInfo keyInfo = new KeyInfo();
        X509Chain x509Chain = new X509Chain();
        x509Chain.Build(certificate);

        foreach (X509ChainElement element in x509Chain.ChainElements)
        {
            KeyInfoX509Data x509Data = new KeyInfoX509Data(element.Certificate);
            string issuer = element.Certificate.Issuer;
            x509Data.AddIssuerSerial(issuer, element.Certificate.GetSerialNumberString());
            keyInfo.AddClause(x509Data);
        }

        signedXml.KeyInfo = keyInfo;
        signedXml.ComputeSignature();

        XmlElement xmlDsig = signedXml.GetXml();
        return xmlDsig;
    }

Answer 2

There's only one serial number field of the certificate and it's is binary data. The issuer can put anything there. In fact, serial number is treated as a very large integer number, but such number will look like a binary if you just inspect the byte array that holds the number. So you need to treat this value as a huge number and convert it to "readable" form. Eg. If you have 4-byte-long byte array that contains FF 00 FF 00 (4 bytes), the string representation will be "4278255360"

Update: my above explanation applies to XMLDSig and XMLEnc standards. In other standards (or just for display purposes) other formats can be used (such as base64, base16 encoding etc.).