0

我有这个代码来签署安全令牌

public static XmlElement SignDoc(XmlDocument doc, X509Certificate2 cert2, string referenceId, string referenceValue)
{
    SamlSignedXml sig = new SamlSignedXml(doc, referenceId);
    sig.SigningKey = cert2.PrivateKey;

    Reference reference = new Reference();
    reference.Uri = String.Empty;
    reference.Uri = "#" + referenceValue;

    XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform();
    XmlDsigC14NTransform env2 = new XmlDsigC14NTransform();

    reference.AddTransform(env);
    reference.AddTransform(env2);

    sig.AddReference(reference);

    KeyInfo keyInfo = new KeyInfo();
    KeyInfoX509Data keyData = new KeyInfoX509Data(cert2);

    keyInfo.AddClause(keyData);

    sig.KeyInfo = keyInfo;
    sig.ComputeSignature();

    XmlElement xmlDigitalSignature = sig.GetXml();

    return xmlDigitalSignature;
}

这给出了以下输出:

<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
  <SignedInfo>
    <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
    <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
    <Reference URI="#_5a57c7d5-3a15-45a4-8d66-c963357450ea">
      <Transforms>
        <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
        <Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
      </Transforms>
      <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
      <DigestValue>sql/Wucg3rSaKeLU8QQgQVqktK8=</DigestValue>
    </Reference>
  </SignedInfo>
  <SignatureValue>GG3rRZzLgH9MNTXKv3Xx+o9SarLXmk9Y6QfiMB/q/dqDFLO6us03Gutb81aRY9ceW5FoXO7FsENXvS7Q5gALyJRD5FzpaI5oxUsFvLVZKWwv+DmzEHLyxuCYZwjs12gAH8dJ9TiMocRIT9FBblTRreubR3hv70V56ZtZgm10DaA=</SignatureValue>
  <KeyInfo>
    <X509Data>
      <X509Certificate>MIIFtzCCBJ+gAwIBAgIERcSAVzANBgkqhkiG9w0BAQUFADAxMQswCQYDVQQGEwJESzEMMAoGA1UEChMDVERDMRQwEgYDVQQDEwtUREMgT0NFUyBDQTAeFw0xMjA1MjMwOTE1NTVaFw0xNDA1MjMwOTQ1NTVaMIGqMQswCQYDVQQGEwJESzE+MDwGA1UEChQ1VmVqbGUgT3BsYW5kcyBTdHL4bWZvcnN5bmluZyBBLm0uYi5hLiAvLyBDVlI6MjYwNDk5MDMxWzAgBgNVBAUTGUNWUjoyNjA0OTkwMy1VSUQ6NzI1MTc1NzgwNwYDVQQDFDBWZWpsZSBPcGxhbmRzIFN0cvhtZm9yc3luaW5nIEEubS5iLmEuIC0gVk9TIEFtYmEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM38QtJ+0vW/wyYPcie0HAIRuBzs4FfJd07TSeLQE2pr+gBLb3iFrVu3irTjk9ZW/lt8wBIPMercIzJtdGFRdpfH8suqpv8ctIjtZJXUVyhOXRqfoCw1g+sm0+M7W4OGJSmhz5IpReX4wmrYHKm2K8jXbY5PNi4Nz2jqkGiO7/3dAgMBAAGjggLfMIIC2zAOBgNVHQ8BAf8EBAMCA7gwKwYDVR0QBCQwIoAPMjAxMjA1MjMwOTE1NTVagQ8yMDE0MDUyMzA5NDU1NVowggE3BgNVHSAEggEuMIIBKjCCASYGCiqBUIEpAQEBAwMwggEWMC8GCCsGAQUFBwIBFiNodHRwOi8vd3d3LmNlcnRpZmlrYXQuZGsvcmVwb3NpdG9yeTCB4gYIKwYBBQUHAgIwgdUwChYDVERDMAMCAQEagcZGb3IgYW52ZW5kZWxzZSBhZiBjZXJ0aWZpa2F0ZXQgZ+ZsZGVyIE9DRVMgdmlsa+VyLCBDUFMgb2cgT0NFUyBDUCwgZGVyIGthbiBoZW50ZXMgZnJhIHd3dy5jZXJ0aWZpa2F0LmRrL3JlcG9zaXRvcnkuIEJlbeZyaywgYXQgVERDIGVmdGVyIHZpbGvlcmVuZSBoYXIgZXQgYmVncuZuc2V0IGFuc3ZhciBpZnQuIHByb2Zlc3Npb25lbGxlIHBhcnRlci4wQQYIKwYBBQUHAQEENTAzMDEGCCsGAQUFBzABhiVodHRwOi8vb2NzcC5jZXJ0aWZpa2F0LmRrL29jc3Avc3RhdHVzMDEGA1UdJQQqMCgGCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwMGCCsGAQUFBwMEMIGEBgNVHR8EfTB7MEugSaBHpEUwQzELMAkGA1UEBhMCREsxDDAKBgNVBAoTA1REQzEUMBIGA1UEAxMLVERDIE9DRVMgQ0ExEDAOBgNVBAMTB0NSTDYxMTcwLKAqoCiGJmh0dHA6Ly9jcmwub2Nlcy5jZXJ0aWZpa2F0LmRrL29jZXMuY3JsMB8GA1UdIwQYMBaAFGC1hexWZH4SGSdnHVAVS3OuO/kSMB0GA1UdDgQWBBTSebqvOVQaqvWySI9HseingRaTtTAJBgNVHRMEAjAAMBkGCSqGSIb2fQdBAAQMMAobBFY3LjEDAgOoMA0GCSqGSIb3DQEBBQUAA4IBAQBhG6V7V/Fro6HxQYeXLzxGaqmfV1cmQ9wu38RU10iMIf8AJveOPFF/rd2ezhqgzK4z4QKC37PV5/UT/wtfoud03576q+qwNXO41fARBMhJFfrjSxSrq0iXOhLSVoTyk8W/Y8LP1mGD8qaJtrJ2ZNnWHrqhW2EvChLe1+aYGOkwylJUeJIWLdGLjA9OZ1hiA1yEhmYwhlfstV421sKKgUwVYcRBzwerQ1M+Yy438oR2+Aaa2zgteLA1wXeiE1U4K7yvbP2TgVrIeLC56K3EENkLCahpUPRzbLoQMFq2RacBuy2SFTXlXa0Bgj5ToerOH+Tnm10sFeIDjPISx978z73w</X509Certificate>
    </X509Data>
  </KeyInfo>
</Signature>

但正如您所看到的,这是使用 sha1 签名的,我需要使用 sha256 对其进行签名。有人能告诉我我能做些什么来使这项工作与 sha256 一起工作吗?

4

1 回答 1

1

您不会在任何地方设置 SHA-256。

你应该使用类似的东西:

 CryptoConfig.AddAlgorithm(typeof(RSAPKCS1SHA256SignatureDescription), @"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");

但是,这仅适用于 RSA 证书。对于 DSA 证书,根据 DSA 证书参数选择散列算法(很可能是 SHA-1)。

于 2013-01-11T09:42:59.467 回答