0

I would like to add additional RsaKeyValue KeyInfo that includes the public key in the Digital Signature.

The user then does not have to save the certificate - instead he can use that public key to check the validity of the document.

So far here is my signing function:

public static void SignXmlDocumentWithCertificate(XmlDocument xmlDoc, X509Certificate2 cert)
    {
        SignedXml signedXml = new SignedXml(xmlDoc);
        //we will sign it with private key
        signedXml.SigningKey = cert.PrivateKey;
        Reference reference = new Reference();
        //sign the entire doc
        reference.Uri = "";
        XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform();
        reference.AddTransform(env);
        signedXml.AddReference(reference);

        KeyInfo keyInfo = new KeyInfo();
        keyInfo.AddClause(new KeyInfoX509Data(cert));
        keyInfo.(cert);
        signedXml.KeyInfo = keyInfo;
        signedXml.ComputeSignature();

        // Get the XML representation of the signature and save
        // it to an XmlElement object.
        XmlElement xmlDigitalSignature = signedXml.GetXml();

        // Append the element to the XML document.
        xmlDoc.DocumentElement.AppendChild(xmlDoc.ImportNode(xmlDigitalSignature, true));
   }

It is written in C++ in this document : https://learn.microsoft.com/en-us/dotnet/api/system.security.cryptography.xml.rsakeyvalue?view=netframework-4.8

Scroll down do the part

// Add an RSAKeyValue KeyInfo (optional; helps recipient find key to validate).

How do I do it in C#?

How do I add this optional keyinfo with the public key?

grozdeto
  • 1,201
  • 1
  • 13
  • 34
  • See if my solution at following posting helps : https://stackoverflow.com/questions/46722997/saml-assertion-in-a-xml-using-c-sharp/46724392 – jdweng Oct 29 '19 at 15:40

1 Answers1

1

I solved it after a lot of digging and trying. To send the public key in the Signature here is what I did:

RSACryptoServiceProvider rsaprovider = (RSACryptoServiceProvider)cert.PublicKey.Key;
RSAKeyValue rkv = new RSAKeyValue(rsaprovider);
keyInfo.AddClause(rkv);

This add the following to the XML:

        <KeyValue>
        <RSAKeyValue>
        <Modulus>t++UmV1G9ApuI118GdwK0BoxN3tjrxuQHTwKvlFgl6VrcLhMCb5Q2prga8I4HKLvLDr3L4bsrH0k9r6PPppqMpiN/KGdm6eB2uLnWtJXh1PWcnzfHfodYfQP/NAavIo4wSjss0L41c75/CA0x11iDdU4BOdTHGXaFCaNPQ5DLe3LK+6hjZ+fOYMpCd035TYTLo5+/Ttk5eCzr+MHfnWCaCIOUgkbq0OIUQWch2Sc9regIiA9oPPjUmmbqptLfm9wZBHRZZ+7Q4BewxSBBCIFt5yPhCsTZ1fFINV16tGtXTmtgXCagu4NiH7XsyhZhYDrA8CXb31Dn7M/ussNQkGrEQ==
        </Modulus>
        <Exponent>AQAB</Exponent>
        </RSAKeyValue>
        </KeyValue>
grozdeto
  • 1,201
  • 1
  • 13
  • 34