1
Good morning, everyone,
I have an application developed in C#, installed in several clients.
I developed the code snippet below for SHA256 signature and works perfectly in the most modern . NET FRAMEWORKS:
class Assinatura
{
public string AssinarSHA256(Int32 lnEvento,
string arqXMLAssinar,
string tagAssinatura,
string tagAtributoId,
X509Certificate2 x509Cert,
string lxURI)
{
try
{
string xmlString;
xmlString = arqXMLAssinar;
XmlDocument doc = new XmlDocument();
// Format the document to ignore white spaces.
doc.PreserveWhitespace = false;
doc.LoadXml(xmlString);
XmlElement xmlDigitalSignature = null;
// Load the passed XML file using it’s name.
if (doc.GetElementsByTagName(tagAssinatura).Count == 0)
{
throw new Exception("A tag de assinatura " + tagAssinatura.Trim() + " não existe no XML. (Código do Erro: 5)");
}
else if (doc.GetElementsByTagName(tagAtributoId).Count == 0)
{
throw new Exception("A tag de assinatura " + tagAtributoId.Trim() + " não existe no XML. (Código do Erro: 4)");
}
// Existe mais de uma tag a ser assinada
else
{
XmlNodeList lists = doc.GetElementsByTagName(tagAssinatura);
if (lists.Count != 1)
{
MessageBox.Show("Existe mais de uma TAG definida como tag da assinatura");
throw new Exception("Existe mais de uma tag de assinatura " + tagAtributoId.Trim() + " não existe no XML. (Código do Erro: 6)");
}
#region assinatura sha256 funcionando
foreach (XmlNode nodes in lists)
{
foreach (XmlNode childNodes in nodes.ChildNodes)
{
if (!childNodes.Name.Equals(tagAtributoId))
continue;
// Create a reference to be signed
Reference reference = new Reference();
reference.Uri = lxURI;
// Create a SignedXml object.
SignedXml signedXml = new SignedXml(doc);
signedXml.SigningKey = x509Cert.GetRSAPrivateKey();
signedXml.SignedInfo.SignatureMethod = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";
// Add an enveloped transformation to the reference.
XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform();
reference.AddTransform(env);
XmlDsigC14NTransform c14 = new XmlDsigC14NTransform();
reference.AddTransform(c14);
reference.DigestMethod = "http://www.w3.org/2001/04/xmlenc#sha256";
// Add the reference to the SignedXml object.
signedXml.AddReference(reference);
// Create a new KeyInfo object
KeyInfo keyInfo = new KeyInfo();
// Load the certificate into a KeyInfoX509Data object
// and add it to the KeyInfo object.
keyInfo.AddClause(new KeyInfoX509Data(x509Cert));
// Add the KeyInfo object to the SignedXml object.
signedXml.KeyInfo = keyInfo;
signedXml.ComputeSignature();
// Get the XML representation of the signature and save
// it to an XmlElement object.
xmlDigitalSignature = signedXml.GetXml();
// Gravar o elemento no documento XML
nodes.AppendChild(doc.ImportNode(xmlDigitalSignature, true));
}
}
#endregion
// Atualizar a string do XML já assinada
return doc.OuterXml;
}
}
catch (System.Security.Cryptography.CryptographicException ex)
{
throw new Exception("Mensagem:" + ex.Message + "\n" +
"Trace:" + ex.StackTrace + "\n" +
"Dados" + ex.Data + "\n" +
ex.ToString());// #12342 concatenar com a mensagem original
}
finally
{
}
}
}
My problem is that some clients have Windows XP OS, which limits usage only to Frameworks. NET previous or equal to 4.6 and could not find anything similar to replace the function :
signedXml.SigningKey = x509Cert.GetRSAPrivateKey();
Only present in the most current versions of the . net framework
Could someone help me with this?!
You can upgrade the operating system and solve it easily :) Using XP today is suicide, until I understand there is legacy, but at least should not put anything new in it. I would say take the class fonts and bring them to your application, but I’m pretty sure that this method specifically depends directly on the operating system and will not solve. Try Mono, but I think the solution will be complicated.
– Maniero
I understand, but these clients are prefectures which makes everything more difficult. At this point the updating of the systems is something unthinkable by them.
– Heitor Magaldi
Prefectures should be the first to use compliant products. If who has to watch over the proper functioning of society does not do it with itself, we are so sorry. I’m sorry you are involved in something so ill.
– Maniero
@Heitormagaldi can no longer escape. Since last week the public IT itself 'obsoled' old cryptographic schemes. If you really need this, you’ll have to write your own compatibility layer. (SEFAZ even adopted in Nfe 4 new encryption standards, which does not support XP. detail: was delayed because of this resistance - but this trend is not limited to Nfe systems only)
– Bacco