Question
I'm struggling with this now a whole week and hope someone could help me out.
I need to sign xml using SHA256 and xmldsig. For this I use the SignedXML Class. When looking into this class I see it uses the SignatureAlgorithm value of the loaded key to determine what Hashing type to use.
No matter how I load the key(via cert store of via loading cert file) it will show SHA1 as SignatureAlgorithm. When I look up the details of my Certificate in the MMC cert store, it shows SHA256 as SignatureAlgorithm.
I tried both openssl and makecert to generate a SHA256 cert key, but both will load as SHA1 in .Net And so signedXml.ComputeSignature(); will use SHA1 as a SignatureMethod
.Net 4.0 should support SHA256 right?
Solution
Found out that I was probably using the wrong class.
Instead of Microsoft.Web.Services.Security.SignedXml of should use System.Security.Cryptography.Xml.SignedXml. The latter doesn't use the SignatureAlgorithm of the used key to determine what Algorithm to use. Now I can set the Algorithm myself with 'SignedXml.SignedInfo.SignatureMethod' and use a SHA1 key.
OTHER TIPS
You have to declare a KeyedHashAlgorithm object and pass a string corresponding to SHA256 (documentation here).
The corresponding string for SHA256 is HMACSHA256
Then pass this object to the ComputeSignature method.
The code should be as follows:
KeyedHashAlgorithm kha = KeyedHashAlgorithm.Create("HMACSHA256");
signedXml.ComputeSignature(kha);
https://stackoverflow.com/questions/17220535
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian