Thank you for your appreciation.
Unfortunately, we don't have API for signing/encrypting XML.
However, I have done this in my private project. I have got inspired by blogpost of Rick Strahl (or just source code on GitHub).
I needed to sign a XML using RSA SHA-2
certificate. I am not sure whether SignedXml
class is capable of RSASSA-PSS
. If not, Rebex component can probably help.
Signing data using Rebex certificate API looks like this:
var cert = Certificate.LoadPfx(@"c:\data\cert.pfx", "password");
var parameters = new SignatureParameters();
parameters.PaddingScheme = SignaturePaddingScheme.Pss;
parameters.HashAlgorithm = HashingAlgorithmId.SHA384;
// sign a message (data)
var signature = cert.SignMessage(messageBytes, parameters);
// or sign already computed hash of the message (data)
// this method is not currently public (please let us know if you need it)
var signature = cert.SignHash(hashBytes, parameters);
The easiest way to sign XML using RSASSA-PSS
(if SignedXml
doesn't support it natively) seems to be:
- Use Rick Strahl's code to create
RSA SHA-1
signed XML
- Compute
RSASSA-PSS
signature using Rebex certificate API based on generated hash (digest)
- Replace necessary data (
SignatureMethod
, SignatureValue
) with correct values
I didn't try it, but it can work.