1

I’ve never dealt with cryptography before so my question may be sound trivial. I need to create an app that sends messages as digitally signed XML files. The messages are sent to a CA entity.

According to the instruction I’ve received from the authority, I created a certificate request (CSR file) using OpenSSL which created my key pair (RSA 2048). The private key is inside a .key file. Then I sent the CSR file to the CA and I obtained a certificate (.cer).

Using this certificate, I should now be signing the XML messages. To do this, I follow this procedure:

public string CreateXML()
{

    System.Xml.XmlDocument doc = new System.Xml.XmlDocument();

    //TO DO - Create XML Tree

    // Create a SignedXml object.
    var signedXml = new SignedXml(doc);


    AssetManager assets = this.Assets;
    var bytes = new List<byte>();
    using (StreamReader sr = new StreamReader(assets.Open("certificate25675.cer")))
    {
        int i = 0;
        while (i != -1)
        {
            i = sr.BaseStream.ReadByte();
            if (i != -1)
                bytes.Add(Convert.ToByte(i));
        }
    }

    X509Certificate2 cert = new X509Certificate2(bytes.ToArray());


    signedXml.SigningKey = // ?? What value to put here??

    // Create a reference to be signed.
    Reference reference = new Reference();
    reference.Uri = "";

    // Add an enveloped transformation to the reference.            
    XmlDsigEnvelopedSignatureTransform env =
       new XmlDsigEnvelopedSignatureTransform(true);
    reference.AddTransform(env);

    XmlDsigC14NTransform c14t = new XmlDsigC14NTransform();
    reference.AddTransform(c14t);

    KeyInfo keyInfo = new KeyInfo();
    KeyInfoX509Data keyInfoData = new KeyInfoX509Data(cert);
    keyInfo.AddClause(keyInfoData);
    signedXml.KeyInfo = keyInfo;

    // Add the reference to the SignedXml object.
    signedXml.AddReference(reference);

    // Compute the signature.
    signedXml.ComputeSignature();

    // Get the XML representation of the signature and save 
    // it to an XmlElement object.
    XmlElement xmlDigitalSignature = signedXml.GetXml();

    doc.DocumentElement.AppendChild(
       doc.ImportNode(xmlDigitalSignature, true));

    return doc.OuterXml;
}

My question is related to the "SigningKey" field of the SignedXml object. All the examples that I found, in fact, this field is filled in with the value of the private key in the certificate. Unfortunately, the certificate I received does not contain the private key.

So the question is: what value should I put? Do I have to enter the private key that generated the OpenSSL? In this case, how do I move from a .key file (containing the private key) to an AsymmetricAlgorithm object which is the type of SigningKey?

alecxe
  • 1,515
  • 5
  • 19
  • 34
Paolo
  • 11
  • 5
  • The certificate contains the public key only. The private key is the one you've created yourself and used to create the CSR. How this private key is then used within your program is not a security but a programming question and thus off-topic here and on-topic on stackoverflow.com. – Steffen Ullrich Dec 22 '17 at 19:30
  • Thank you. I will post the programming part of my question on stackoverflow – Paolo Dec 23 '17 at 09:46

0 Answers0