XML Digital Signature Verification with Unknown URI Schemes

A few years back, there was a discussion thread on one of my XML digital signature posts about verifying an XML digital signature which had references to a URI prefixed with cid:.  Recently Mattias Lindberg ran into this problem as well, and devised a clever solution to it. Mattias realized that SignedXml uses WebRequest.Create to help…

0

Adding SignatureProperties to SignedXml

One of the optional portions of the W3C XML digital signature specification allows for a set of SignatureProperties to be assigned to a signature.  SignatureProperties allow the signer to place some metadata into the signature itself, such as the time the signature was created and the name of the person creating the signature.  Since the…

3

Hitting the Mailbag

I’ve gotten quite a few questions from this blog over the past several months.  And although I can’t answer all of them, here’s some quick answers to some of the more common ones.  If you do have more questions, its usually best to post them in the comments here or in the microsoft.public.dotnet.security newsgroup.  That way if…

2

I’m Published!

The November 2004 issue of MSDN magazine is available online now, and it includes the first article I’ve ever had published.  I co-authored this month’s Trustworthy Code article, Exchange Data More Securely with XML Digital Signatures and Encryption with Mike Downen, the CLR Security PM.  Time to head out to the local bookstore and pick…

4

.NET 1.0 SP 3 and .NET 1.1 SP 1 Released

Today we pushed .NET 1.0 SP3 and .NET 1.1 SP1 onto Windows Update as a Critical Update.  You can also download the service packs from the MSDN download center.  Here’s a brief review of what’s new for security in each service pack: .NET 1.0 SP3 (v1.0.3705.6018) [download | complete changelist] 323683: NTLM authentication is lost…

23

Using DecryptDocument with Super-Encrypted Data

The EncryptedXml class comes with a nice utility method called DecryptDocument (For more information about using DecryptDocument check out my previous post introducing XML Encryption).  This method will decrypt all the EncryptedData elements it finds, assuming that it is able to figure out what key to use to perform the decryption with.  However, what happens if…

2

Using the XSLT Transform with XML Signatures

One of the transforms that ships with the .Net framework is the XmlDsigXsltTransform, which implements the XSLT transform specified in the W3C recommendation. A few people have asked me to write a bit on how to use this transform, so here’s a brief explanation and some sample code. This transform basically applies an XSL transform…

5

xml:id and SignedXml

A few weeks back, I posted about customizing how SignedXml searches for XML elements identified by a reference to an ID.  By default, SignedXml searches for elements with an attribute named Id that has the given value. Recently, the W3C has come up with a working draft for xml:id version 1.0.  xml:id is meant to be a…

4

Using XPath to Sign Specific XML

In my last posting, I promised to write about a more general purpose way of selecting specific XML to sign. Although the technique I presented in the last post will work, it requires a custom class derived from SignedXml, and will not work unless both the signer and the verifier have access to, and use,…

13

Searching for Custom ID Tags With Signed XML

Last week, I blogged about using references to sign only specific parts of an XML document. The biggest limitation with doing this is that you must refer to the nodes that are being signed by ID, which for v1.1 and 1.0 of the framework was given by an attribute named “Id”. The problem there is…

16