Understanding SignedXml.LoadXml (system.Security.Cryptography.Xml)

Enkhbold Munkhbold 136 Reputation points


I'm using digital signature as a subscription License on my program and am trying to read a part of the XML file to check if my program will work or not.

I dug around MSDN and found this for an explanation: https://learn.microsoft.com/en-us/dotnet/api/system.security.cryptography.xml.signedxml.loadxml?view=dotnet-plat-ext-3.1.

I understand that this is checking if the "Signature" found on the XML and verifying but I just can't understand how Loading(LoadXml) it onto the signed XML file again is checking it. By my logic, loading it onto the XML should add another "Signature" field. So can you explain to me how exactly LoadXml is working?

I have no problem running the code but I just can't understand it.

Best regards.

Windows Presentation Foundation
Windows Presentation Foundation
A part of the .NET Framework that provides a unified programming model for building line-of-business desktop applications on Windows.
2,710 questions
0 comments No comments
{count} votes

Accepted answer
  1. DaisyTian-1203 11,621 Reputation points

    I will give my understanding of the method in the link which you provide. .The aim of VerifyDetachedSignature is to determine whether the Signature property verifies using the public key in the signature.

    1. Use xmlDocument.Load() to convert the file to xml. If it is failed with the error CryptographicException, it means the value parameter does not contain a valid SignatureValue/SignedInfo property.If it success, it must include the element Signature.
    2. Then find the "Signature" node to create a new XmlNodeList object.
    3. Load XmlNodeList object into signedXml
    4. Finally to check the Signature whether use the the public key in the signature
    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. Enkhbold Munkhbold 136 Reputation points

    Hi @DaisyTian-MSFT,

    Thanks for the detailed description. And I think I understand most of it but I still don't understand this line particularly:
    "signedXml.LoadXml((XmlElement)nodeList[0]);" in the 'VerifyXml' method
    It seems like the 3rd point you made. But to me, it looks like its adding in the "Signature" node on top of the XML that already had it.
    and then
    "signedXml.CheckSignature(key);" on the return statement is checking if the signature matches or not.
    But I'm trying to understand "How" it is doing so not so much what it is doing. Because it just looks like it is adding another signature on to the XML, like signing it again kind of deal.

    Thanks again.