search

Pkcs11Interop / Pkcs11Interop.X509Store

Easy to use PKCS#11 based X.509 certificate store
Apache License 2.0
31 stars 18 forks source link

NotSupportedException thrown when sign xml file from SignedXmlTest #13

Closed Ngotam69 closed 2 years ago

Ngotam69 commented 3 years ago

When run SignedXmlTest on real HSM device, a NotSupportedException thrown at Pkcs11RsaProvider.DecryptValue method

using (var store = new Pkcs11X509Store(Hsm2Manager.LibraryPath, Hsm2Manager.PinProvider))
            {
                // Find signing certificate
                Pkcs11X509Certificate cert = Helper.GetCertificate(store, Hsm2Manager.Token1Label, Hsm2Manager.Token1CertLabel);

                // Get PKCS#11 based private key
                RSA rsaPrivateKey = cert.GetRSAPrivateKey();

                // Get software based public key
                RSA rsaPublicKey = cert.Info.ParsedCertificate.PublicKey.Key as RSA;

                // Sign the XML that was just created and save it in a new file
                SignXmlFile("input.xml", "signed.xml", rsaPrivateKey);

            }

and 

public static void SignXmlFile(string FileName, string SignedFileName, RSA Key)
        {
            // Create a new XML document.
            XmlDocument doc = new XmlDocument();

            // Load the passed XML file using its name.
            doc.Load(new XmlTextReader(FileName));

            // Create a SignedXml object.
            SignedXml signedXml = new SignedXml(doc);

            // Add the key to the SignedXml document. 
            signedXml.SigningKey = Key;

            // Create a reference to be signed.
            Reference reference = new Reference();
            reference.Uri = "";

            // Add an enveloped transformation to the reference.
            XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform();
            reference.AddTransform(env);

            // Add the reference to the SignedXml object.
            signedXml.AddReference(reference);

            // Add an RSAKeyValue KeyInfo (optional; helps recipient find key to validate).
            KeyInfo keyInfo = new KeyInfo();
            keyInfo.AddClause(new RSAKeyValue((RSA)Key));
            signedXml.KeyInfo = keyInfo;

            // Compute the signature.
            signedXml.ComputeSignature();

            // Get the XML representation of the signature and save
            // it to an XmlElement object.
            XmlElement xmlDigitalSignature = signedXml.GetXml();

            // Append the element to the XML document.
            doc.DocumentElement.AppendChild(doc.ImportNode(xmlDigitalSignature, true));

            if (doc.FirstChild is XmlDeclaration)
            {
                doc.RemoveChild(doc.FirstChild);
            }

            // Save the signed XML document to a file specified
            // using the passed string.
            XmlTextWriter xmltw = new XmlTextWriter(SignedFileName, new UTF8Encoding(false));
            doc.WriteTo(xmltw);
            xmltw.Close();
        }
jariq commented 2 years ago

Could you please post the full stacktrace of the exception you are getting?

jariq commented 2 years ago

Closing because of 14+ days without a response.