I need to sign a xml file with RSA-SHA1 signing in enveloped mode in
java. and check the signature in .net.
the signature is valid if sign and verification both done in java apache security package. it's also valid if both done in .net.
but verification failed if done in other side.
could some one have any clue on this?
Many thanks!
Jun
.net signature code:
public static void SignDocument(
string xmlFilePath, string keyFilePath, string outputFilePath)
{
try
{
XmlDocument
Doc = new XmlDocument();
Doc.Load(xmlFilePath);
X509Certificate2 cert = new X509Certificate2("abc.pfx", "0123456789");
RSACryptoServiceProvider key = (RSACryptoServiceProvider)cert.PrivateKey;
// Create a SignedXml object.
SignedXml signedXml = new SignedXml(Doc);
// Add the key to the SignedXml document.
signedXml.SigningKey = Key;
// Create a reference to be signed.
Reference reference = new Reference();
reference.Uri = "";
// Add an enveloped transformation to the reference.
XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform();
reference.AddTransform(env);
// Add the reference to the SignedXml object.
signedXml.AddReference(reference);
// Compute the signature.
signedXml.ComputeSignature();
// Get the XML representation of the signature and save
// it to an XmlElement object.
XmlElement xmlDigitalSignature = signedXml.GetXml();
// Append the element to the XML document.
Doc.DocumentElement.AppendChild(Doc.ImportNode(xmlDigitalSignature, true));
Doc.Save(outputFilePath);
}
catch (Exception err)
{
OutputWriter.WriteLine(string.Format("Error : {0}", err.Message));
}
}
//java signature code:
private static void rsaSign() throws Exception{
KeyStore ks = KeyStore.getInstance("PKCS12");
ks.load(new FileInputStream("abc.pfx"), "0123456789".toCharArray());
PrivateKey privKey = (PrivateKey)ks.getKey(“abc”, "0615166328".toCharArray());
DocumentBuilderFactory docFactory = DocumentBuilderFactory.newInstance();
docFactory.setNamespaceAware(true);
DocumentBuilder docBuilder = docFactory.newDocumentBuilder();
Document doc = docBuilder.parse(new FileInputStream("tmp-encrpted.xml"));
Element element = doc.getDocumentElement();
File xmlFile = new File("signed.xml");
String baseURI = xmlFile.toURL().toString();
XMLSignature xmlSig = new XMLSignature(doc, baseURI, XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1);
Element sigElement = xmlSig.getElement();
element.appendChild(sigElement);
Transforms transforms = new Transforms(doc);
transforms.addTransform(Transforms.TRANSFORM_ENVELOPED_SIGNATURE);
//transforms.addTransform(Transforms.TRANSFORM_C14N_WITH_COMMENTS);
xmlSig.addDocument("", transforms, Constants.ALGO_ID_DIGEST_SHA1);
xmlSig.sign(privKey);
FileOutputStream out = new FileOutputStream(xmlFile);
XMLUtils.outputDOMc14nWithComments(doc, out);
out.close();
}