SHA-256 XML signature failing to generate

SAML for ASP.NET
1

Following the suggestions here:

https://www.componentspace.com/forums/30/sha256-xml-signature-supportSAMLMessageSignature.Generate(
samlResponseElement,
x509Certificate.PrivateKey,
x509Certificate,
null,
http://www.w3.org/2001/04/xmlenc#sha256”,
http://www.w3.org/2001/04/xmldsig-more#rsa-sha256”);

Calling the code:
SAMLMessageSignature.Generate(
samlResponseElement,
x509Certificate.PrivateKey,
x509Certificate,
null,
http://www.w3.org/2001/04/xmlenc#sha256”,
http://www.w3.org/2001/04/xmldsig-more#rsa-sha256”);


ComponenSpace version is 2.6.0.2

ASP.NET version is 4.6.1



Getting the following exception:
ComponentSpace.SAML2.Exceptions.SAMLSignatureException
HResult=0x80131600
Message=Failed to generate XML signature.
Source=ComponentSpace.SAML2
StackTrace:
at ComponentSpace.SAML2.Utility.XmlSignature.Generate(XmlElement xmlElement, String elementId, AsymmetricAlgorithm signingKey, KeyInfo keyInfo, SignedXml signedXml, String inclusiveNamespacesPrefixList, String digestMethod, String signatureMethod)
at ComponentSpace.SAML2.Utility.XmlSignature.Generate(XmlElement xmlElement, String elementId, AsymmetricAlgorithm signingKey, X509Certificate2Collection x509Certificates, SignedXml signedXml, String inclusiveNamespacesPrefixList, String digestMethod, String signatureMethod)
at ComponentSpace.SAML2.Utility.XmlSignature.Generate(XmlElement xmlElement, String elementId, AsymmetricAlgorithm signingKey, X509Certificate2 x509Certificate, SignedXml signedXml, String inclusiveNamespacesPrefixList, String digestMethod, String signatureMethod)
at ComponentSpace.SAML2.Protocols.SAMLMessageSignature.Generate(XmlElement xmlElement, AsymmetricAlgorithm signingKey, X509Certificate2 x509Certificate, String inclusiveNamespacesPrefixList, String digestMethod, String signatureMethod)
at Resolver.TrySingleSignon() in C:\Code\WebSites\Doculivery External\Resolver.aspx.vb:line 157
at Resolver.Page_Init(Object sender, EventArgs e) in C:\Code\WebSites\Doculivery External\Resolver.aspx.vb:line 33

Inner Exception 1:
CryptographicException: Invalid algorithm specified.

The certificate appears to support this signature.

Properties from the cert:
Version/: V3
Signature Algorithm: sha256RSA
Signature hash algorithm: sha256
Public key: RSA (2048 bits)


Any help troubleshooting please ?



2

The best option would be to upgrade to the latest release which currently is v4.8.0. Version 2.6.0.2 is over six years old.

You’ll find the release notes at:

https://www.componentspace.com/documentation/saml-for-asp-net/ComponentSpace%20SAML%20for%20ASP.NET%20Release%20Notes.pdf

I also suggest moving to .NET framework v4.6.2 or, ideally, .NET 4.8.

As a workaround, try adding the following code to your application start-up. This registers the SHA-256 XML signature and digest algorithms.


using System.Security;
using System.Security.Cryptography;

public class RSAPKCS1SHA256SignatureDescription : SignatureDescription
{
public RSAPKCS1SHA256SignatureDescription()
{
KeyAlgorithm = typeof(RSACryptoServiceProvider).FullName;
DigestAlgorithm = typeof(SHA256CryptoServiceProvider).FullName;
FormatterAlgorithm = typeof(RSAPKCS1SignatureFormatter).FullName;
DeformatterAlgorithm = typeof(RSAPKCS1SignatureDeformatter).FullName;
}

public override AsymmetricSignatureDeformatter CreateDeformatter(AsymmetricAlgorithm key)
{
if (key == null)
{
throw new ArgumentNullException(“key”);
}

RSAPKCS1SignatureDeformatter deformatter = new RSAPKCS1SignatureDeformatter(key);
deformatter.SetHashAlgorithm(“SHA256”);
return deformatter;
}

public override AsymmetricSignatureFormatter CreateFormatter(AsymmetricAlgorithm key)
{
if (key == null)
{
throw new ArgumentNullException(“key”);
}

RSAPKCS1SignatureFormatter formatter = new RSAPKCS1SignatureFormatter(key);
formatter.SetHashAlgorithm(“SHA256”);
return formatter;
}
}

if (CryptoConfig.CreateFromName("<a href=“http://www.w3.org/2001/04/xmldsig-more#rsa-sha256")">http://www.w3.org/2001/04/xmldsig-more#rsa-sha256”) == null)
{
CryptoConfig.AddAlgorithm(typeof(RSAPKCS1SHA256SignatureDescription),
“<a href=“http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");">http://www.w3.org/2001/04/xmldsig-more#rsa-sha256”);
}

if (CryptoConfig.CreateFromName(”<a href=“http://www.w3.org/2001/04/xmlenc#sha256")">http://www.w3.org/2001/04/xmlenc#sha256”) == null)
{
CryptoConfig.AddAlgorithm(typeof(SHA256CryptoServiceProvider), "<a href=“http://www.w3.org/2001/04/xmlenc#sha256");">http://www.w3.org/2001/04/xmlenc#sha256”);
}