Forums, Documentation & Knowledge Base - ComponentSpace

SHA-256 XML signature failing to generate


https://componentspace.com/forums/Topic11790.aspx

By brianNPC - 10/5/2021

Following the suggestions here:

https://www.componentspace.com/forums/30/sha256-xml-signature-supportSAMLMessageSignature.Generate(
    samlResponseElement,
    x509Certificate.PrivateKey,
    x509Certificate,
    null,
    "http://www.w3.org/2001/04/xmlenc#sha256",
    "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");

Calling the code:
SAMLMessageSignature.Generate(
    samlResponseElement,
    x509Certificate.PrivateKey,
    x509Certificate,
    null,
    "http://www.w3.org/2001/04/xmlenc#sha256",
    "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");


ComponenSpace version is 2.6.0.2

ASP.NET version is 4.6.1 



Getting the following exception:
ComponentSpace.SAML2.Exceptions.SAMLSignatureException
HResult=0x80131600
Message=Failed to generate XML signature.
Source=ComponentSpace.SAML2
StackTrace:
 at ComponentSpace.SAML2.Utility.XmlSignature.Generate(XmlElement xmlElement, String elementId, AsymmetricAlgorithm signingKey, KeyInfo keyInfo, SignedXml signedXml, String inclusiveNamespacesPrefixList, String digestMethod, String signatureMethod)
 at ComponentSpace.SAML2.Utility.XmlSignature.Generate(XmlElement xmlElement, String elementId, AsymmetricAlgorithm signingKey, X509Certificate2Collection x509Certificates, SignedXml signedXml, String inclusiveNamespacesPrefixList, String digestMethod, String signatureMethod)
 at ComponentSpace.SAML2.Utility.XmlSignature.Generate(XmlElement xmlElement, String elementId, AsymmetricAlgorithm signingKey, X509Certificate2 x509Certificate, SignedXml signedXml, String inclusiveNamespacesPrefixList, String digestMethod, String signatureMethod)
 at ComponentSpace.SAML2.Protocols.SAMLMessageSignature.Generate(XmlElement xmlElement, AsymmetricAlgorithm signingKey, X509Certificate2 x509Certificate, String inclusiveNamespacesPrefixList, String digestMethod, String signatureMethod)
 at Resolver.TrySingleSignon() in C:\Code\WebSites\Doculivery External\Resolver.aspx.vb:line 157
 at Resolver.Page_Init(Object sender, EventArgs e) in C:\Code\WebSites\Doculivery External\Resolver.aspx.vb:line 33

Inner Exception 1:
CryptographicException: Invalid algorithm specified.

The certificate appears to support this signature.
 
Properties from the cert:
Version/: V3
Signature Algorithm: sha256RSA
Signature hash algorithm: sha256
Public key: RSA (2048 bits)


Any help troubleshooting please ?



 
By ComponentSpace - 10/5/2021

The best option would be to upgrade to the latest release which currently is v4.8.0. Version 2.6.0.2 is over six years old.

You'll find the release notes at:

https://www.componentspace.com/Forums/8576/Release-Notes

I also suggest moving to .NET framework v4.6.2 or, ideally, .NET 4.8.

As a workaround, try adding the following code to your application start-up. This registers the SHA-256 XML signature and digest algorithms.


using System.Security;
using System.Security.Cryptography;

public class RSAPKCS1SHA256SignatureDescription : SignatureDescription
{
  public RSAPKCS1SHA256SignatureDescription()
  {
   KeyAlgorithm = typeof(RSACryptoServiceProvider).FullName;
   DigestAlgorithm = typeof(SHA256CryptoServiceProvider).FullName;
   FormatterAlgorithm = typeof(RSAPKCS1SignatureFormatter).FullName;
   DeformatterAlgorithm = typeof(RSAPKCS1SignatureDeformatter).FullName;
  }

  public override AsymmetricSignatureDeformatter CreateDeformatter(AsymmetricAlgorithm key)
  {
   if (key == null)
   {
    throw new ArgumentNullException("key");
   }

   RSAPKCS1SignatureDeformatter deformatter = new RSAPKCS1SignatureDeformatter(key);
   deformatter.SetHashAlgorithm("SHA256");
   return deformatter;
  }

  public override AsymmetricSignatureFormatter CreateFormatter(AsymmetricAlgorithm key)
  {
   if (key == null)
   {
    throw new ArgumentNullException("key");
   }

   RSAPKCS1SignatureFormatter formatter = new RSAPKCS1SignatureFormatter(key);
   formatter.SetHashAlgorithm("SHA256");
   return formatter;
  }
}

if (CryptoConfig.CreateFromName("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256") == null)
{
  CryptoConfig.AddAlgorithm(typeof(RSAPKCS1SHA256SignatureDescription),
      "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");
}

if (CryptoConfig.CreateFromName("http://www.w3.org/2001/04/xmlenc#sha256") == null)
{
  CryptoConfig.AddAlgorithm(typeof(SHA256CryptoServiceProvider), "http://www.w3.org/2001/04/xmlenc#sha256");
}