我正在签署基于 SHA1 的 xml 文件,我的代码如下:
foreach (XmlNode infAlvara in ListInfAlvara)
{
string id = infAlvara.Attributes.GetNamedItem("Id").InnerText;
XmlNode nodeForSigning = infAlvara.ParentNode;
// It's necessary to create a namespace manager to use with SelectNode methods,// otherwise they won't work,because the node has a specific namespace.
var nsmgr = new XmlNamespaceManager(xmlDoc.Nametable);
nsmgr.AddNamespace("ns",nodeForSigning.NamespaceURI);
nsmgr.AddNamespace("ds",SignedXml.XmlDsigNamespaceUrl);
XmlNode nodeWithTheId = nodeForSigning.SelectSingleNode($"ns:{"infAlvara"}",nsmgr);
if (nodeWithTheId == null)
{
throw new Exception($"The tag with ID attribute '{"infAlvara"}' does not exist in the XML file. (Error code: 4)");
}
foreach (XmlNode node in nodeForSigning.SelectNodes("ds:Signature",nsmgr))
{
node.ParentNode.RemoveChild(node);
}
SignedXml signedXml = new SignedXml((XmlElement)nodeForSigning);
signedXml.SigningKey = certificate.PrivateKey;
signedXml.SignedInfo.SignatureMethod = SignedXml.XmlDsigRSASHA1Url;
Reference reference = new Reference("#" + id);
reference.AddTransform(new XmlDsigEnvelopedSignatureTransform());
reference.AddTransform(new XmlDsigC14NTransform());
reference.DigestMethod = SignedXml.XmlDsigSHA1Url;
signedXml.AddReference(reference);
signedXml.KeyInfo = new KeyInfo();
signedXml.KeyInfo.AddClause(new KeyInfoX509Data(certificate));
signedXml.ComputeSignature();
XmlElement xmlDigitalSignature = signedXml.GetXml();
nodeForSigning.AppendChild(xmlDoc.ImportNode(xmlDigitalSignature,true));
}
但是我从网络服务收到以下消息,表明签名无效。 下面是我在 xml 文件中的签名:
</infAlvara>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<Canonicalizationmethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<Digestvalue>bzwbgu3I/501qrSfv4aaA78Qhy4=</Digestvalue>
</Reference>
</SignedInfo>
<SignatureValue>Z0lW2dWsje0gLVeHqqdc+TtmT3lJOaFs6wIRyim68/+TTD/nAXnT12HviuQtYi1KfD9aDcXD9UBKJCp0kkijzvYeEN+OewsHNRQX5i+V23Lf0+cU8IvS3wRLurIYma0NanoiSpoJ7jMkWIUBsk9HB0n3ZarY+S85o4UjHRSDDQHQWP67zefkIzyHcHRF3MORJHKJ8YCuYeQlTLaxISytuyKA5Sm5tqj08oGbPe8yQrqMxKwUaBJIAlttNHS1CRL7FPrm9poEkOGm6WMLlUexfi0hdOIrBhlXSgc6kOnysdWfoqN7eNIr33bE+v+Uwl/Wp9wUPzGwmaxRwOlKM0FzWg==</SignatureValue>
<KeyInfo>
<X509Data>
<X509Certificate>MIIHLzCCBRegAwIBAgIIbBshASlZGpswDQYJKoZIhvcNAQELBQAwWTELMAkGA1UEBhMCQlIxEzARBgNVBAoTCklDUC1CcmFzaWwxFTATBgNVBAsTDEFDIFNPTFVUSSB2NTEeMBwGA1UEAxMVQUMgU09MVVRJIE11bHRpcGxhIHY1MB4XDTIxMDEyOTE5MDIwMFoXDTI0MDEyOTE5MDIwMFowgdUxCzAJBgNVBAYTAkJSMRMwEQYDVqqKEwpJQ1AtQnJhc2lsMQswCQYDVqqIEwJNRzEOMAwGA1UEBxMFQXJheGExHjAcBgNVBAsTFUFDIFNPTFVUSSBNdWx0aXBsYSB2NTEXMBUGA1UECxMOMjMyNTA3MTMwMDAxMDkxEzARBgNVBAsTClByZXNlbmNpYWwxGjAYBgNVBAsTEUNlcnRpZmljYWRvIFBKIEEzMSowKAYDVqqDEyFNVU5JQ0lQSU8gREUgQVJBWEE6MTgxNDA3NTYwMDAxMDAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8PxV35xgH3YmA1nro15l5BFrdV8IwE7+77wQRspzwRpthQRpU4Cr9Vt68Uno1d8Z5Tihzl3yOJ8Ghi76CrP+8bhXPxMZHPP1j1anx36qMEcAPoUoqzh10sYfgQ5w+MPdMmiohKx9viiNSvEiPtd/iLEH2m57aa73bW5t4F9phO05A33yQoxF3edYz7xI6lL/e6K08uqqpC+s6muK3T3BNx8PC3lVIOPxbqEo9MfwnT5htuwCxIxFJL3W0k4I5bLzSmnPDrhMwOLF1kUK8gYc2BqqRCR83hczlGBP//1o76fvcHNT45E2MBIxFMMWdRTyob1Xt0czpFE/A5Da8uH6tAgMBAAGjggJ8MIICeDAJBgNVHRMEAjAAMB8GA1UdIwQYMBaAFMVS7SWACd+cgsifR8bdtF8x3bmxMFQGCCsGAQUFBwEBBEgwrjbEBggrBgEFBQcwAoY4aHR0cDovL2NjZC5hY3NvbHV0aS5jb20uYnIvbGNyL2FjLXNvbHV0aS1tdWx0aXBsYS12NS5wN2IwgbcGA1UdEQSBrzCBrIEZY29tcHJhczAyQGFyYXhhLm1nlmdvdi5icqAhBgVgTAEDAqAYExZSVUJFTlMgTUFHRUxBIERBIFNJTFZBoBkGBWBMAQMDoBATDjE4MTQwNzU2MDAwMTAwoDgGBWBMAQMEoC8TLTEwMDcxOTc2MDAyNzI1MTk2OTMwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMKAXBgVgTAEDB6AOEwwwMDAwMDAwMDAwMDAwXQYDVR0gBFYwVDBSBgZgTAECAyUwSDBGBggrBgEFBQcCARY6aHR0cDovL2NjZC5hY3NvbHV0aS5jb20uYnIvZG9jcy9kcGMtYWMtc29sdXRpLW11bHRpcGxhLnBkZjAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwgYwGA1UdHwSBhDCBgTA+oDygOoY4aHR0cDovL2NjZC5hY3NvbHV0aS5jb20uYnIvbGNyL2FjLXNvbHV0aS1tdWx0aXBsYS12NS5jcmwwP6A9oDuGOWh0dHA6Ly9jY2QyLmFjc29sdXRpLmNvbS5ici9sY3IvYWMtc29sdXRpLW11bHRpcGxhLXY1LmNybdadBgNVHQ4EFgQUWExPuMdRv2TFOTNp4wsKDUS208QwDgYDVR0PAQH/BAQDAgXgMA0GCSqGSIb3DQEBCwUAA4ICAQAp6CnOE23aR09+QkraciMocbpGBDqb3AOZGqvkXv4WJEQv7b93sXqFzEuuJ1EXw+mxvCGLWPgPUDkCIrJPvVcy1MXzTF1TmlxqteELKW93j55szdJqyvL04rP0Tfo792hf1Zr+B5D/gFWkBuwahHwa2Oi73xGUmCN4nN8qgJmNE8youtcTDifteq6UhqzARpESQK6NknL5TOk/Loga7L71U/uZDo7V0FOzEx+AGt2CflLCqpcrooH/MHozFZ959PjdYlAkCMDV1pVLJ1qCj+W660UrbtjSUA0zfA5Wc+nRAPn8vSLm2oq3N2ZNDwiHo5l70oFGJDJXv6GaBrer5nloQ2XtKOr5Bb3jC4mgX78NDmW22yIte+u6MM/4riCF9sp4CMv46Uvdx+bqq1JK6ijKlYJ1RIhTWxxuunFJE3AnKUa4o0A8nrFf0s6uQr6GyaNG/wEHgJnW6eczem7JQVcI35R7ApxoH4hEVDlRsS/bbuI0IhsFc1IhBEbTZw/cv0kiBaFfr5HDR/b6Xjj20EY4DvAk6Gj45+aOKkhxZRr++4VIzVv4XBHo0IYW17I2re2ehfJZHlt1Xyom5gHtFLjx6gsbnpMBzQ+DWbRWco2l45VqcQs6uwssnjOgg0+Qtn6xn95t9V7y9wXqvSS6hH6FW+M1l52vd9FPTkdRM6m0cw==</X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
我有一个密钥大小为 2048 位的证书,并且在 web 服务文档中要求使用 1024 位,但我认为这不会有什么坏处。 有人可以帮我吗???