If an XML signature includes <RSAKeyValue>, the following exception can occur. System.Security.Cryptography.CryptographicException: Root element must be KeyValue element in namepsace http://www.w3.org/2000/09/xmldsig# at System.Security.Cryptography.Xml.RSAKeyValue.LoadXml(XmlElement value) at System.Security.Cryptography.Xml.KeyInfo.LoadXml(XmlElement value) at System.Security.Cryptography.Xml.Signature.LoadXml(XmlElement value) at System.Security.Cryptography.Xml.SignedXml.LoadXml(XmlElement value) at ComponentSpace.Saml2.XmlSecurity.Signature.XmlSignature.Verify(XmlElement signedElement Typically XML signatures include an <X509Certificate> rather than an <RSAKeyValue> so in most cases this bug isn't triggered. The bug is in System.Security.Cryptography.Xml. The fix is part of the .NET Core 2.1 release. Refer to: https://github.com/dotnet/corefx/issues/22229https://github.com/dotnet/corefx/issues/24375https://github.com/dotnet/corefx/commit/4913a996526cbf79f7bf11ca79928ff7ebd1eade#diff-d817c6a73672cbdddd4ef5f80f4012a0The workaround is to include the following, or a later release, in the application's project file. <PackageReference Include="System.Security.Cryptography.Xml" Version="4.5.0-preview1-25914-04"/>
Regards ComponentSpace Development
|