开发者

How to verify certificate in SignedXml against machine store

问答 作者:

I would like to verify the signature in a SignedXml against the certificates in the machine store. This code is us开发者_StackOverflowed to verify the signature:

internal bool VerifySignature(XmlDocument xml)
{
    var signedXml = new SignedXml(xml);
    var nsMgr = new XmlNamespaceManager(xml.NameTable);
    nsMgr.AddNamespace("ds", "http://www.w3.org/2000/09/xmldsig#");
    signedXml.LoadXml((XmlElement)xml.SelectSingleNode("//ds:Signature", nsMgr));
    return signedXml.CheckSignature();
}

The signature verifies fine, but only against itself and not against the certificates installed on the machine. Is there a way to check it against the root certificates in the local certificate store as well?

If anyone is interested, I used the CheckSignature(X509Certificate2, Boolean) method. I got the certificate from the Signature object and checked it like this:

var x509data = signedXml.Signature.KeyInfo.OfType<KeyInfoX509Data>().First();
var verified = false;
if(x509data != null)
{
    var cert = x509data.Certificates[0] as X509Certificate2;
    verified = cert != null && signedXml.CheckSignature(cert, false);
}
return verified;

You can use the overload of the CheckSignature method which takes an AsymmetricAlgorithm.

Pass along the public key of your certificate. You can fetch this via X509Store.

继续阅读:.netcertificatesignedxml

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9