signedXml.CheckSignature always returns false

Question

I am a little new to cryptography so this could be something really stupid. I am struggling with getting this encryption decryption to work right. I am using this http://www.chaosink.co.uk/files/code/encryptionutils.zip class provided by Wolfwyrd (Thanks!) and following instructions in http://stackoverflow.com/questions/359342/an-effective-method-for-encrypting-a-license-file.

Below is the code in a nut shell

        RSACryptoServiceProvider rsaKey = EncryptionUtils.GetRSAFromSnkFile(@"c\:a.snk");

        XmlDocument xmlDoc = new XmlDocument();
        xmlDoc.PreserveWhitespace = true;
        xmlDoc.LoadXml("<foo />");

        SignXml(xmlDoc, rsaKey); //http://msdn.microsoft.com/en-us/library/ms229745.aspx

        bool result = VerifyXml(xmlDoc, rsaKey); //http://msdn.microsoft.com/en-us/library/ms229950.aspx

        System.Diagnostics.Debug.Write(result); //false

returns false. Note I used the same snk file, and its the same encrypted xml document I am trying to verify, why is it returning false. What am I missing?

Thanks in advance for your help.

Answer 1

Try changing the implementation of GetRSAFromSnkBytes(byte[]) in Wolfwyrd's code to:

private static RSACryptoServiceProvider GetRSAFromSnkBytes(byte[] snkBytes)
{
  if (snkBytes == null)
    throw new ArgumentNullException("snkBytes");

  RSAParameters param = GetRSAParameters(snkBytes);

  RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();
  rsa.ImportParameters(param);
  return rsa;
}

I don't really understand why he first generates a key and then imports the snk-key into the container instead of just starting out with an empty key container.

You might also consider just using .NET to generate your key instead of bothering with the snk-format.

If you change the first line in your example to

RSACryptoServiceProvider rsaKey = new RSACryptoServiceProvider(1024);

your code will also work fine (and you can serialize the resulting key yourself).

Answer 2

Good spot, left over cruft from the project I pulled it from. Library has been updated.

Answer 3

Thank you both for your reply. I ended up just creating a private/public key pair and using that to sign the document, the public key going with the application. If I had seen this early enough I might have used it, but I am sure someone else will find it useful. Thanks again.