如何根据机器存储验证 SignedXml 中的证书
我想根据机器存储中的证书验证 SignedXml 中的签名。此代码用于验证签名:
internal bool VerifySignature(XmlDocument xml)
{
var signedXml = new SignedXml(xml);
var nsMgr = new XmlNamespaceManager(xml.NameTable);
nsMgr.AddNamespace("ds", "http://www.w3.org/2000/09/xmldsig#");
signedXml.LoadXml((XmlElement)xml.SelectSingleNode("//ds:Signature", nsMgr));
return signedXml.CheckSignature();
}
签名验证良好,但仅针对其自身,而不针对计算机上安装的证书。有没有办法根据本地证书存储中的根证书进行检查?
I would like to verify the signature in a SignedXml against the certificates in the machine store. This code is used to verify the signature:
internal bool VerifySignature(XmlDocument xml)
{
var signedXml = new SignedXml(xml);
var nsMgr = new XmlNamespaceManager(xml.NameTable);
nsMgr.AddNamespace("ds", "http://www.w3.org/2000/09/xmldsig#");
signedXml.LoadXml((XmlElement)xml.SelectSingleNode("//ds:Signature", nsMgr));
return signedXml.CheckSignature();
}
The signature verifies fine, but only against itself and not against the certificates installed on the machine. Is there a way to check it against the root certificates in the local certificate store as well?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
如果有人感兴趣,我使用了
CheckSignature(X509Certificate2, Boolean)方法。我从Signature对象获取了证书并按如下方式检查:If anyone is interested, I used the
CheckSignature(X509Certificate2, Boolean)method. I got the certificate from theSignatureobject and checked it like this:您可以使用采用非对称算法的 CheckSignature 方法的重载。
传递您的证书的公钥。您可以通过 X509Store 获取此内容。
You can use the overload of the CheckSignature method which takes an AsymmetricAlgorithm.
Pass along the public key of your certificate. You can fetch this via X509Store.