ComponentSpace

Forums



SHA-256 XML signature failing to generate


SHA-256 XML signature failing to generate

Author
Message
brianNPC
brianNPC
New Member
New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)

Group: Forum Members
Posts: 1, Visits: 5
Following the suggestions here:

https://www.componentspace.com/forums/30/sha256-xml-signature-supportSAMLMessageSignature.Generate(
    samlResponseElement,
    x509Certificate.PrivateKey,
    x509Certificate,
    null,
    "http://www.w3.org/2001/04/xmlenc#sha256",
    "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");

Calling the code:
SAMLMessageSignature.Generate(
    samlResponseElement,
    x509Certificate.PrivateKey,
    x509Certificate,
    null,
    "http://www.w3.org/2001/04/xmlenc#sha256",
    "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");


ComponenSpace version is 2.6.0.2

ASP.NET version is 4.6.1 



Getting the following exception:
ComponentSpace.SAML2.Exceptions.SAMLSignatureException
HResult=0x80131600
Message=Failed to generate XML signature.
Source=ComponentSpace.SAML2
StackTrace:
 at ComponentSpace.SAML2.Utility.XmlSignature.Generate(XmlElement xmlElement, String elementId, AsymmetricAlgorithm signingKey, KeyInfo keyInfo, SignedXml signedXml, String inclusiveNamespacesPrefixList, String digestMethod, String signatureMethod)
 at ComponentSpace.SAML2.Utility.XmlSignature.Generate(XmlElement xmlElement, String elementId, AsymmetricAlgorithm signingKey, X509Certificate2Collection x509Certificates, SignedXml signedXml, String inclusiveNamespacesPrefixList, String digestMethod, String signatureMethod)
 at ComponentSpace.SAML2.Utility.XmlSignature.Generate(XmlElement xmlElement, String elementId, AsymmetricAlgorithm signingKey, X509Certificate2 x509Certificate, SignedXml signedXml, String inclusiveNamespacesPrefixList, String digestMethod, String signatureMethod)
 at ComponentSpace.SAML2.Protocols.SAMLMessageSignature.Generate(XmlElement xmlElement, AsymmetricAlgorithm signingKey, X509Certificate2 x509Certificate, String inclusiveNamespacesPrefixList, String digestMethod, String signatureMethod)
 at Resolver.TrySingleSignon() in C:\Code\WebSites\Doculivery External\Resolver.aspx.vb:line 157
 at Resolver.Page_Init(Object sender, EventArgs e) in C:\Code\WebSites\Doculivery External\Resolver.aspx.vb:line 33

Inner Exception 1:
CryptographicException: Invalid algorithm specified.

The certificate appears to support this signature.
 
Properties from the cert:
Version/: V3
Signature Algorithm: sha256RSA
Signature hash algorithm: sha256
Public key: RSA (2048 bits)


Any help troubleshooting please ?



 
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
The best option would be to upgrade to the latest release which currently is v4.8.0. Version 2.6.0.2 is over six years old.

You'll find the release notes at:

https://www.componentspace.com/Forums/8576/Release-Notes

I also suggest moving to .NET framework v4.6.2 or, ideally, .NET 4.8.

As a workaround, try adding the following code to your application start-up. This registers the SHA-256 XML signature and digest algorithms.


using System.Security;
using System.Security.Cryptography;

public class RSAPKCS1SHA256SignatureDescription : SignatureDescription
{
  public RSAPKCS1SHA256SignatureDescription()
  {
   KeyAlgorithm = typeof(RSACryptoServiceProvider).FullName;
   DigestAlgorithm = typeof(SHA256CryptoServiceProvider).FullName;
   FormatterAlgorithm = typeof(RSAPKCS1SignatureFormatter).FullName;
   DeformatterAlgorithm = typeof(RSAPKCS1SignatureDeformatter).FullName;
  }

  public override AsymmetricSignatureDeformatter CreateDeformatter(AsymmetricAlgorithm key)
  {
   if (key == null)
   {
    throw new ArgumentNullException("key");
   }

   RSAPKCS1SignatureDeformatter deformatter = new RSAPKCS1SignatureDeformatter(key);
   deformatter.SetHashAlgorithm("SHA256");
   return deformatter;
  }

  public override AsymmetricSignatureFormatter CreateFormatter(AsymmetricAlgorithm key)
  {
   if (key == null)
   {
    throw new ArgumentNullException("key");
   }

   RSAPKCS1SignatureFormatter formatter = new RSAPKCS1SignatureFormatter(key);
   formatter.SetHashAlgorithm("SHA256");
   return formatter;
  }
}

if (CryptoConfig.CreateFromName("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256") == null)
{
  CryptoConfig.AddAlgorithm(typeof(RSAPKCS1SHA256SignatureDescription),
      "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");
}

if (CryptoConfig.CreateFromName("http://www.w3.org/2001/04/xmlenc#sha256") == null)
{
  CryptoConfig.AddAlgorithm(typeof(SHA256CryptoServiceProvider), "http://www.w3.org/2001/04/xmlenc#sha256");
}




Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 1 query. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Select a Forum....












Forums, Documentation & Knowledge Base - ComponentSpace


Search