Hi,
All we know the cycle of Digital Signature (XML Digital Signature).
We will have following five main steps:
1. A one-way hash of the document is produced.
2. The hash is encrypted with the private key, thereby signing the document.
3. The document and the signed hash are transmitted.
4. The recipient produces a one-way hash of the document.
5. Using the digital signature algorithm, the recipient decrypts the signed hash with the sender's public key.
6. Hash from both the steps 4 and 5 is compared. If found same that means integrity is maintained otherwise no.
Signing
For 1st step (for applying digital signature) i have used C# APIs for example SignedXml.ComputeSignature().
Main classes are used 1. SignedXml, 2. X509Certificate2 3. XmlDocument.
Signing part is done perfectly using C# API's for XML, and digital signature. Now verification part comes into pitcture.
Following tags are attached at the end of my .xml file. (DigestValue and SignatureValue are changed for company policy reason thought it is not required)
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
// CanonicalizationMethod is a required element that specifies the canonicalization algorithm applied to the SignedInfo element prior to performing
// signature calculations.s
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<Reference URI="">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
//
// The digest values are hashes or encoded representations of the contents of the files as they were at the time of signing. A file's digest will
// change if and only if the file itself changes
//
<DigestValue>
WTYBcsWkN/+CC43jlP4P7EhYH4o=
</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>
WddnHPzVRFFR3mMm5NWnCQ+ApOspXFvwi/Tvo2g+dB26FfykweV5/1uzFFR3mMm5NWnXTx8FFR3mMm5NWnsIfUImFFR3mMm5NWng+FvtyGXt49cTRy74nFGr
7VybRcdcBggy5lVEwTLFFFR3mMm5NWnFFR3mMm5NWnnDLKiaN5cjG8yg+ow=
</SignatureValue>
</Signature>
Verifying
Now my requirement is to verifiy that file using windows API/VC++.
Main points to consider are:
1. VC++/Windows APIs (i.e i dont want to use .NET framework for verification)
2. Signing part is done using C# (.Net framework is involve)
3. Can we verify the XML file using VC++ where that file is signed using C# API's.
Because when we signed the xml file we apply hash function then we encrypt using private key. So the has value and signature created in this phase will it be same if we verify using VC++. This is my very important question.
I know that we can verify the digitally signed xml file using C#, but somehow I want to avoid .NET framework at client side. So I want to use VC++/windows APIs.
Thanks and Regards,
Prashant Joseph.
Submit an article or tip