Is there a way to digitally sign a document on Medium Trust hosting?

Question

The hosting server just wont execute:

SignedXml.ComputeSignature();

I thought fromXML and toXML methods required full trust. But this came as a surprise. Now it is impossible to digitally sign any document.

On searching the net I found this: Using RSA Public Key Encryption in a Shared Web Hosting Environment

Anyone used this before or any other way out?

Answer 1

I was eventually able to develop the online activation system using Bounty Castle security API's.

There is not a direct method available, but the base API can be used to generate a digital signature.

Answer 2

I know this post is old but maybe someone will find it useful: The solution works with ASP .NET 3.5 in medium trust:

    private XmlDocument GetSignedDoc(XmlDocument doc)
{
      X509Certificate2 certificate = null;
                    try
                    {
                        certificate = new X509Certificate2(AppDomain.CurrentDomain.BaseDirectory + licenceFile, licenceFilePass, X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.Exportable);

                        if (certificate == null)
                            throw new Exception("The certificate i

s null!!!");
                }
                catch (Exception ex)
                {
                    exception += "X509Certificate2 fail! Did not get certificate " + AppDomain.CurrentDomain.BaseDirectory + licenceFile;
                    exception += FormatException(ex);
                    goto SetError;
                }
            RSACryptoServiceProvider myRSASigner = null;

            try
            {
                myRSASigner = (RSACryptoServiceProvider)certificate.PrivateKey;

                if (myRSASigner == null)
                {
                    throw new Exception("No valid cert was found");
                }


                    doc = SignXmlFile(doc, myRSASigner);

           catch (Exception ex)
                {
                    exception += "SignXmlFile failed";
                    exception += FormatException(ex);
                    goto SetError;
                }

}

private static XmlDocument SignXmlFile(XmlDocument doc, RSACryptoServiceProvider myRSA)
            {
                byte[] sign_this = Encoding.UTF8.GetBytes(doc.InnerXml);
                byte[] signature = myRSA.SignData(sign_this, new SHA1CryptoServiceProvider());
                string base64_string = Convert.ToBase64String(signature);

                XmlElement Signature = doc.CreateElement("Signature");
                Signature.AppendChild(doc.CreateTextNode(base64_string));
                doc.DocumentElement.AppendChild(doc.ImportNode(Signature, true));

                return doc;
            }

Answer 3

The authors of the article are basically reinventing the wheel by getting different pieces together in order to get some working code. While their approach should work and you could invent some similar approach yourself (take some code here and there and try to make it work), they confirm (in the history) that there were bugs that were fixed and I assume there can be more bugs there.

JFYI: we offer XML security components which work in limited environments because we have all code written ourselves and included in our assemblies.