Verify digital signature on xml in .net core using RSA, below code is returning always false.
Have tried the below solutions but results are same.
- SignedXml.CheckSignature fails in .NET 4 but it works in .NET 3.5, 3 or 2
- SignedXml checksignature returns false
Adding XML & C# code
<soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:car="http://www.absd.com/cargoport"
>
<soapenv:Header>
<wsse:Security
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
>
<ds:Signature Id="SIG-A2ACE59D81846C2E1416732798666315"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
>
<ds:SignedInfo
xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces PrefixList="car soapenv"
xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"
/>
</ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<ds:Reference URI="">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces PrefixList="car"
xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"
/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>aiO7Q1GM4NbMtl/FYw8WRpdOjc0=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>l8xd8HWSj+UbuOMsEg9rrBn54hDxFh76Vef/C8+sHQ5Gv7ab6Km50iMcVMCGsXqCRqTvsnjXCrFg YJkSw3N5yJ61qJ4doE7dvBBjwUgIG/wIg89KI7KFnyJu5FOEJBtDk03j49hVXu90kYV1cgLmlIqg yjItkhMHttZ71XGkFcat9ZWfczrQQ9dR3b1ZtSA8lRtsl9hSTgNWzItZUBI2iwxa53i+Xg2up6IO pdXersRf10o0BhB9K6UZ8yUeMVKpXwhM1AIwxM2fn4tC+ZV0b2HLf0KHAS7KdBI8w7cAv7yIYFJH D+GhgKgF8J74SAJWEg5c0g4KLIUPhJlNa/Hx9g==</ds:SignatureValue>
<ds:KeyInfo Id="KI-A2ACE59D81846C2E1416732798666002">
<wsse:SecurityTokenReference wsu:Id="STR-A2ACE59D81846C2E1416732798666043">
<wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1">+8kGrRMHE4iTqmjaaTjpjQP/W4g=</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
</soapenv:Header>
<soapenv:Body wsu:Id="id-A2ACE59D81846C2E1416732798666074"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
>
<region>usa</region>
</soapenv:Body>
</soapenv:Envelope>
C# code
XmlDocument xmlDocument = new XmlDocument();
xmlDocument.PreserveWhitespace = true;
xmlDocument.Load("TestSample8.xml");
XmlNodeList signatureNodeList = xmlDocument.GetElementsByTagName("ds:Signature");
var signedXml = new SignedXml(xmlDocument);
// double-check the schema
// usually we would validate using XPath
var signatureElement = xmlDocument.GetElementsByTagName("ds:Signature");
if (signatureElement.Count != 1)
throw new InvalidOperationException("Too many signatures!");
signedXml.LoadXml((XmlElement)signatureElement[0]);
// validate references here!
if ((signedXml.SignedInfo.References[0] as Reference)?.Uri != "")
throw new InvalidOperationException("Check your references!");
X509Certificate2 x509Certificate2 = new X509Certificate2("example.crt");
// Verify the signature, assume the public key part of the
var result = signedXml.CheckSignature();
// signing key is in the key variable
if (signedXml.CheckSignature(x509Certificate2.GetRSAPublicKey()))
Console.WriteLine("Signature verified");
else
Console.WriteLine("Signature not valid");
