dotnet: .NET 4.6.2 Break Changing - SignedXml.CheckSignature(X509Certificate2, bool)

As described here: http://www.wiktorzychla.com/2016/08/signedxmlchecksignature-and-dreadful.html

SignedXml.CheckSignature in 4.6.2 doesn’t work as before.

Looking the source code: https://referencesource.microsoft.com/#System.Security/system/security/cryptography/xml/signedxml.cs,b9518cc2212419a2

You can see that it ends up calling : CheckSignature(certificate.GetAnyPublicKey()) - https://referencesource.microsoft.com/#System.Security/system/security/cryptography/xml/signedxml.cs,342

GetAnyPublicKey calls X509Certificate2.GetRSAPublicKey(), which return a System.Security.Cryptography.RSACng.

Whereas that .NET 4.6.1 calls CheckSignature(certificate.PublicKey.Key) working as expected.

As a workaround I am changing my calls from:

SignedXml.CheckSignature(myCert, true)

to:

SignedXml.CheckSignature(myCert.PublicKey.Key)

Simulating what SignedXml.CheckSignature(X509Certificate2, bool) does in 4.6.1

About this issue

  • Original URL
  • State: closed
  • Created 8 years ago
  • Reactions: 4
  • Comments: 28 (15 by maintainers)

Most upvoted comments

We are currently getting this: System.Security.Cryptography.CryptographicException: An internal error occurred. at System.Security.Cryptography.NCryptNative.OpenStorageProvider(String providerName) at System.Security.Cryptography.CngKey.Create(CngAlgorithm algorithm, String keyName, CngKeyCreationParameters creationParameters) at System.Security.Cryptography.RSACng.get_Key() at System.Security.Cryptography.RSACng.Encrypt(Byte[] data, RSAEncryptionPadding padding) at System.Security.Cryptography.RSAPKCS1KeyExchangeFormatter.CreateKeyExchange(Byte[] rgbData) at System.Security.Cryptography.CngLightup.DetectRsaCngSupport() at System.Lazy1.CreateValue() at System.Lazy1.LazyInitValue() at System.Security.Cryptography.CngLightup.GetRSAPublicKey(X509Certificate2 cert) at System.Security.Cryptography.X509Certificates.X509CertificateExtensions.GetAnyPublicKey(X509Certificate2 c) at System.Security.Cryptography.Xml.SignedXml.GetPublicKey() at System.Security.Cryptography.Xml.SignedXml.CheckSignatureReturningKey(AsymmetricAlgorithm& signingKey) at System.Security.Cryptography.Xml.SignedXml.CheckSignature()

+2
hhotham on Feb 14, 2017
Read more comments on GitHub
← dotnet: Microsoft.NETCore.UniversalWindowsPlatform 6.2.8 update error from 6.1.X
dotnet: .NET 4.7 System.Windows.Forms.DataGridView.OnMouseWheel causes induced GC →