Digital Sign XML via Key stored in HSM

[jigic...@gmail.com]

I am trying to sign data using PKCS11 Interop dll.
It is working with sample code for string.
But signature of Xml document is giving Garbage data
Can someone provide sample Code for doing the same.

[Jaroslav Imrich]

Hello Jignesh,

On Fri, May 22, 2015 at 3:10 PM, <jigic...@gmail.com> wrote:

I am trying to sign data using PKCS11 Interop dll.
It is working with sample code for string.

But signature of Xml document is giving Garbage data

Could you please be more specific? Which sample code do you mean?

Regards, Jaroslav

[jigic...@gmail.com]

Thanks for your reply Jaroslav.
I had used you sample example for signing and verify for signing and verifying.


using (Pkcs11 pkcs11 = new Pkcs11(Settings.Pkcs11LibraryPath, false))
{
// Find first slot with token present
Slot slot = Helpers.GetUsableSlot(pkcs11);

// Open RW session
using (Session session = slot.OpenSession(false))
{
// Login as normal user
session.Login(CKU.CKU_USER, Settings.NormalUserPin);

// Generate key pair
ObjectHandle publicKey = null;
ObjectHandle privateKey = null;
Helpers.GenerateKeyPair(session, out publicKey, out privateKey);

// Specify signing mechanism
Mechanism mechanism = new Mechanism(CKM.CKM_SHA1_RSA_PKCS);

byte[] sourceData = ConvertUtils.Utf8StringToBytes("Hello world");
// Sign data
byte[] signature = session.Sign(mechanism, privateKey, sourceData);
// Do something interesting with signature
// Verify signature
bool isValid = false;
session.Verify(mechanism, publicKey, sourceData, signature, out isValid);
session.DestroyObject(privateKey);
session.DestroyObject(publicKey);
session.Logout();
}
}


I want to do digital signing for XML using the same but the signature I am getting is not like the ones we get from XML signed data using X509 Digital certificate with Signature tag including tags of SignedInfo, SignatureMethod , SignatureValue, KeyInfo etc.......
I am getting unreadable data


Is there any other sample for signing XML data.

[Jaroslav Imrich]

Hello Jignesh,

This sample creates low level PKCS#1 v1.5 RSA signature which is a basic building block for other high level signature types (i.e. CAdES, XAdES, PAdES etc.) but it is still far far away from a complete solution for XML signing.

I want to do digital signing for XML using the same but the signature I am getting is not like the ones we get from XML signed data using X509 Digital certificate with Signature tag including tags of SignedInfo, SignatureMethod , SignatureValue, KeyInfo etc.......
I am getting unreadable data

By taking a quick look at System.Security.Cryptography.Xml.SignedXml [0] class I would say that if you want to use Pkcs11Interop to create xmldsig signature with built-in .NET types then you need to implement custom class inherited from System.Security.Cryptography.RSA [1] class and use it as a SigningKey [2].

[0] https://msdn.microsoft.com/en-us/library/system.security.cryptography.xml.signedxml%28v=vs.80%29.aspx
[1] https://msdn.microsoft.com/en-us/library/03h9zcez%28v=vs.80%29.aspx
[2] https://msdn.microsoft.com/en-us/library/system.security.cryptography.xml.signedxml.signingkey%28v=vs.80%29.aspx

Is there any other sample for signing XML data.

We currently provide only samples for CMS [3] and PDF [4] signatures.

[3] https://github.com/jariq/Pkcs7SignatureGenerator
[4] https://github.com/jariq/Pkcs11Interop.PDF

Regards, Jaroslav

[jigic...@gmail.com]

Thanks for your reply Jaroslav.

Can anyone else who have implemented the same using .NET share/guide for the same.
I am also trying to integrate Java dlls in .NET