KeyInfo Class
.NET Framework (current version)
 Note |
|---|
The .NET API Reference documentation has a new home. Visit the .NET API Browser on docs.microsoft.com to see the new experience. |
Represents an XML digital signature or XML encryption <KeyInfo> element.
Assembly: System.Security (in System.Security.dll)
| Name | Description | |
|---|---|---|
 | KeyInfo() | Initializes a new instance of the KeyInfo class. |
| Name | Description | |
|---|---|---|
 | Count | Gets the number of KeyInfoClause objects contained in the KeyInfo object. |
| Id | Gets or sets the key information identity. |
| Name | Description | |
|---|---|---|
| AddClause(KeyInfoClause) | Adds a KeyInfoClause that represents a particular type of KeyInfo information to the KeyInfo object. |
| Equals(Object) | Determines whether the specified object is equal to the current object.(Inherited from Object.) |
 | Finalize() | Allows an object to try to free resources and perform other cleanup operations before it is reclaimed by garbage collection.(Inherited from Object.) |
| GetEnumerator() | Returns an enumerator of the KeyInfoClause objects in the KeyInfo object. |
| GetEnumerator(Type) | Returns an enumerator of the KeyInfoClause objects of the specified type in the KeyInfo object. |
| GetHashCode() | Serves as the default hash function. (Inherited from Object.) |
| GetType() | |
| GetXml() | Returns the XML representation of the KeyInfo object. |
| LoadXml(XmlElement) | Loads a KeyInfo state from an XML element. |
| MemberwiseClone() | |
| ToString() | Returns a string that represents the current object.(Inherited from Object.) |
| Name | Description | |
|---|---|---|
| AsParallel() | Overloaded. Enables parallelization of a query.(Defined by ParallelEnumerable.) |
| AsQueryable() | Overloaded. Converts an IEnumerable to an IQueryable.(Defined by Queryable.) |
| Cast<TResult>() | Casts the elements of an IEnumerable to the specified type.(Defined by Enumerable.) |
| OfType<TResult>() | Filters the elements of an IEnumerable based on a specified type.(Defined by Enumerable.) |
The KeyInfo class represents key information in XML digital signing and encryption.
The KeyInfo class enables you to imbed key-related information intended to help identify the key necessary for validating or decrypting the XML document. Multiple types of key-related information can be included within a single KeyInfo; each type of key-related information has an associated class derived from KeyInfoClause.
For more information about the <KeyInfo> element, see the XMLDSIG specification, which is available from the W3C at www.w3.org/TR/xmldsig-core/, or see the XML encryption specification, which is available from the W3C at www.w3.org/TR/xmlenc-core/.
The following code example uses the KeyInfo object when signing a resource represented by a Universal Resource Identifier (URI). This example saves the signature in a new file.
// // This example signs a file specified by a URI // using a detached signature. It then verifies // the signed XML. // using System; using System.Security.Cryptography; using System.Security.Cryptography.Xml; using System.Text; using System.Xml; class XMLDSIGDetached { [STAThread] static void Main(string[] args) { // The URI to sign. string resourceToSign = "http://www.microsoft.com"; // The name of the file to which to save the XML signature. string XmlFileName = "xmldsig.xml"; try { // Generate a signing key. RSACryptoServiceProvider Key = new RSACryptoServiceProvider(); Console.WriteLine("Signing: {0}", resourceToSign); // Sign the detached resourceand save the signature in an XML file. SignDetachedResource(resourceToSign, XmlFileName, Key); Console.WriteLine("XML signature was succesfully computed and saved to {0}.", XmlFileName); // Verify the signature of the signed XML. Console.WriteLine("Verifying signature..."); //Verify the XML signature in the XML file. bool result = VerifyDetachedSignature(XmlFileName); // Display the results of the signature verification to // the console. if(result) { Console.WriteLine("The XML signature is valid."); } else { Console.WriteLine("The XML signature is not valid."); } } catch(CryptographicException e) { Console.WriteLine(e.Message); } } // Sign an XML file and save the signature in a new file. public static void SignDetachedResource(string URIString, string XmlSigFileName, RSA Key) { // Create a SignedXml object. SignedXml signedXml = new SignedXml(); // Assign the key to the SignedXml object. signedXml.SigningKey = Key; // Create a reference to be signed. Reference reference = new Reference(); // Add the passed URI to the reference object. reference.Uri = URIString; // Add the reference to the SignedXml object. signedXml.AddReference(reference); // Add an RSAKeyValue KeyInfo (optional; helps recipient find key to validate). KeyInfo keyInfo = new KeyInfo(); keyInfo.AddClause(new RSAKeyValue((RSA)Key)); signedXml.KeyInfo = keyInfo; // Compute the signature. signedXml.ComputeSignature(); // Get the XML representation of the signature and save // it to an XmlElement object. XmlElement xmlDigitalSignature = signedXml.GetXml(); // Save the signed XML document to a file specified // using the passed string. XmlTextWriter xmltw = new XmlTextWriter(XmlSigFileName, new UTF8Encoding(false)); xmlDigitalSignature.WriteTo(xmltw); xmltw.Close(); } // Verify the signature of an XML file and return the result. public static Boolean VerifyDetachedSignature(string XmlSigFileName) { // Create a new XML document. XmlDocument xmlDocument = new XmlDocument(); // Load the passed XML file into the document. xmlDocument.Load(XmlSigFileName); // Create a new SignedXMl object. SignedXml signedXml = new SignedXml(); // Find the "Signature" node and create a new // XmlNodeList object. XmlNodeList nodeList = xmlDocument.GetElementsByTagName("Signature"); // Load the signature node. signedXml.LoadXml((XmlElement)nodeList[0]); // Check the signature and return the result. return signedXml.CheckSignature(); } }
The following code example uses the KeyInfo object when signing an XML document. This example saves the signature in a new file.
// // This example signs an XML file using an // envelope signature. It then verifies the // signed XML. // using System; using System.Security.Cryptography; using System.Security.Cryptography.X509Certificates; using System.Security.Cryptography.Xml; using System.Text; using System.Xml; public class SignVerifyEnvelope { public static void Main(String[] args) { try { // Generate a signing key. RSACryptoServiceProvider Key = new RSACryptoServiceProvider(); // Create an XML file to sign. CreateSomeXml("Example.xml"); Console.WriteLine("New XML file created."); // Sign the XML that was just created and save it in a // new file. SignXmlFile("Example.xml", "SignedExample.xml", Key); Console.WriteLine("XML file signed."); // Verify the signature of the signed XML. Console.WriteLine("Verifying signature..."); bool result = VerifyXmlFile("SignedExample.xml"); // Display the results of the signature verification to \ // the console. if(result) { Console.WriteLine("The XML signature is valid."); } else { Console.WriteLine("The XML signature is not valid."); } } catch(CryptographicException e) { Console.WriteLine(e.Message); } } // Sign an XML file and save the signature in a new file. public static void SignXmlFile(string FileName, string SignedFileName, RSA Key) { // Create a new XML document. XmlDocument doc = new XmlDocument(); // Format the document to ignore white spaces. doc.PreserveWhitespace = false; // Load the passed XML file using it's name. doc.Load(new XmlTextReader(FileName)); // Create a SignedXml object. SignedXml signedXml = new SignedXml(doc); // Add the key to the SignedXml document. signedXml.SigningKey = Key; // Create a reference to be signed. Reference reference = new Reference(); reference.Uri = ""; // Add an enveloped transformation to the reference. XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform(); reference.AddTransform(env); // Add the reference to the SignedXml object. signedXml.AddReference(reference); // Add an RSAKeyValue KeyInfo (optional; helps recipient find key to validate). KeyInfo keyInfo = new KeyInfo(); keyInfo.AddClause(new RSAKeyValue((RSA)Key)); signedXml.KeyInfo = keyInfo; // Compute the signature. signedXml.ComputeSignature(); // Get the XML representation of the signature and save // it to an XmlElement object. XmlElement xmlDigitalSignature = signedXml.GetXml(); // Append the element to the XML document. doc.DocumentElement.AppendChild(doc.ImportNode(xmlDigitalSignature, true)); if (doc.FirstChild is XmlDeclaration) { doc.RemoveChild(doc.FirstChild); } // Save the signed XML document to a file specified // using the passed string. XmlTextWriter xmltw = new XmlTextWriter(SignedFileName, new UTF8Encoding(false)); doc.WriteTo(xmltw); xmltw.Close(); } // Verify the signature of an XML file and return the result. public static Boolean VerifyXmlFile(String Name) { // Create a new XML document. XmlDocument xmlDocument = new XmlDocument(); // Format using white spaces. xmlDocument.PreserveWhitespace = true; // Load the passed XML file into the document. xmlDocument.Load(Name); // Create a new SignedXml object and pass it // the XML document class. SignedXml signedXml = new SignedXml(xmlDocument); // Find the "Signature" node and create a new // XmlNodeList object. XmlNodeList nodeList = xmlDocument.GetElementsByTagName("Signature"); // Load the signature node. signedXml.LoadXml((XmlElement)nodeList[0]); // Check the signature and return the result. return signedXml.CheckSignature(); } // Create example data to sign. public static void CreateSomeXml(string FileName) { // Create a new XmlDocument object. XmlDocument document = new XmlDocument(); // Create a new XmlNode object. XmlNode node = document.CreateNode(XmlNodeType.Element, "", "MyElement", "samples"); // Add some text to the node. node.InnerText = "Example text to be signed."; // Append the node to the document. document.AppendChild(node); // Save the XML document to the file name specified. XmlTextWriter xmltw = new XmlTextWriter(FileName, new UTF8Encoding(false)); document.WriteTo(xmltw); xmltw.Close(); } }
The following code example uses the KeyInfo object when encrypting an XML document. This example embeds an encrypted key within the encrypted XML document.
using System; using System.Xml; using System.Security.Cryptography; using System.Security.Cryptography.Xml; class Program { static void Main(string[] args) { // Create an XmlDocument object. XmlDocument xmlDoc = new XmlDocument(); // Load an XML file into the XmlDocument object. try { xmlDoc.PreserveWhitespace = true; xmlDoc.Load("test.xml"); } catch (Exception e) { Console.WriteLine(e.Message); return; } // Create a new RSA key. This key will encrypt a symmetric key, // which will then be imbedded in the XML document. RSA rsaKey = new RSACryptoServiceProvider(); try { // Encrypt the "creditcard" element. Encrypt(xmlDoc, "creditcard", rsaKey, "rsaKey"); // Display the encrypted XML to the console. Console.WriteLine("Encrypted XML:"); Console.WriteLine(); Console.WriteLine(xmlDoc.OuterXml); xmlDoc.Save("test.xml"); // Decrypt the "creditcard" element. Decrypt(xmlDoc, rsaKey, "rsaKey"); xmlDoc.Save("test.xml"); // Display the encrypted XML to the console. Console.WriteLine(); Console.WriteLine("Decrypted XML:"); Console.WriteLine(); Console.WriteLine(xmlDoc.OuterXml); } catch (Exception e) { Console.WriteLine(e.Message); } finally { // Clear the RSA key. rsaKey.Clear(); } } public static void Encrypt(XmlDocument Doc, string ElementToEncrypt, RSA Alg, string KeyName) { // Check the arguments. if (Doc == null) throw new ArgumentNullException("Doc"); if (ElementToEncrypt == null) throw new ArgumentNullException("ElementToEncrypt"); if (Alg == null) throw new ArgumentNullException("Alg"); //////////////////////////////////////////////// // Find the specified element in the XmlDocument // object and create a new XmlElemnt object. //////////////////////////////////////////////// XmlElement elementToEncrypt = Doc.GetElementsByTagName(ElementToEncrypt)[0] as XmlElement; // Throw an XmlException if the element was not found. if (elementToEncrypt == null) { throw new XmlException("The specified element was not found"); } ////////////////////////////////////////////////// // Create a new instance of the EncryptedXml class // and use it to encrypt the XmlElement with the // a new random symmetric key. ////////////////////////////////////////////////// // Create a 256 bit Rijndael key. RijndaelManaged sessionKey = new RijndaelManaged(); sessionKey.KeySize = 256; EncryptedXml eXml = new EncryptedXml(); byte[] encryptedElement = eXml.EncryptData(elementToEncrypt, sessionKey, false); //////////////////////////////////////////////// // Construct an EncryptedData object and populate // it with the desired encryption information. //////////////////////////////////////////////// EncryptedData edElement = new EncryptedData(); edElement.Type = EncryptedXml.XmlEncElementUrl; // Create an EncryptionMethod element so that the // receiver knows which algorithm to use for decryption. edElement.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES256Url); // Encrypt the session key and add it to an EncryptedKey element. EncryptedKey ek = new EncryptedKey(); byte[] encryptedKey = EncryptedXml.EncryptKey(sessionKey.Key, Alg, false); ek.CipherData = new CipherData(encryptedKey); ek.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncRSA15Url); // Set the KeyInfo element to specify the // name of the RSA key. // Create a new KeyInfo element. edElement.KeyInfo = new KeyInfo(); // Create a new KeyInfoName element. KeyInfoName kin = new KeyInfoName(); // Specify a name for the key. kin.Value = KeyName; // Add the KeyInfoName element to the // EncryptedKey object. ek.KeyInfo.AddClause(kin); // Add the encrypted key to the // EncryptedData object. edElement.KeyInfo.AddClause(new KeyInfoEncryptedKey(ek)); // Add the encrypted element data to the // EncryptedData object. edElement.CipherData.CipherValue = encryptedElement; //////////////////////////////////////////////////// // Replace the element from the original XmlDocument // object with the EncryptedData element. //////////////////////////////////////////////////// EncryptedXml.ReplaceElement(elementToEncrypt, edElement, false); } public static void Decrypt(XmlDocument Doc, RSA Alg, string KeyName) { // Check the arguments. if (Doc == null) throw new ArgumentNullException("Doc"); if (Alg == null) throw new ArgumentNullException("Alg"); if (KeyName == null) throw new ArgumentNullException("KeyName"); // Create a new EncryptedXml object. EncryptedXml exml = new EncryptedXml(Doc); // Add a key-name mapping. // This method can only decrypt documents // that present the specified key name. exml.AddKeyNameMapping(KeyName, Alg); // Decrypt the element. exml.DecryptDocument(); } }
The following code example uses the KeyInfo object when encrypting an XML document. This example maps a name to a symmetric key to identify it to the decryption method.
using System; using System.Xml; using System.Security.Cryptography; using System.Security.Cryptography.Xml; class Program { static void Main(string[] args) { // Create an XmlDocument object. XmlDocument xmlDoc = new XmlDocument(); // Load an XML file into the XmlDocument object. try { xmlDoc.PreserveWhitespace = true; xmlDoc.Load("test.xml"); } catch (Exception e) { Console.WriteLine(e.Message); return; } // Create a new TripleDES key. TripleDESCryptoServiceProvider tDESkey = new TripleDESCryptoServiceProvider(); try { // Encrypt the "creditcard" element. Encrypt(xmlDoc, "creditcard", tDESkey, "tDESKey"); // Display the encrypted XML to the console. Console.WriteLine("Encrypted XML:"); Console.WriteLine(); Console.WriteLine(xmlDoc.OuterXml); // Decrypt the "creditcard" element. Decrypt(xmlDoc, tDESkey, "tDESKey"); // Display the encrypted XML to the console. Console.WriteLine(); Console.WriteLine("Decrypted XML:"); Console.WriteLine(); Console.WriteLine(xmlDoc.OuterXml); } catch (Exception e) { Console.WriteLine(e.Message); } finally { // Clear the TripleDES key. tDESkey.Clear(); } } public static void Encrypt(XmlDocument Doc, string ElementToEncrypt, SymmetricAlgorithm Alg, string KeyName) { // Check the arguments. if (Doc == null) throw new ArgumentNullException("Doc"); if (ElementToEncrypt == null) throw new ArgumentNullException("ElementToEncrypt"); if (Alg == null) throw new ArgumentNullException("Alg"); //////////////////////////////////////////////// // Find the specified element in the XmlDocument // object and create a new XmlElemnt object. //////////////////////////////////////////////// XmlElement elementToEncrypt = Doc.GetElementsByTagName(ElementToEncrypt)[0] as XmlElement; // Throw an XmlException if the element was not found. if (elementToEncrypt == null) { throw new XmlException("The specified element was not found"); } ////////////////////////////////////////////////// // Create a new instance of the EncryptedXml class // and use it to encrypt the XmlElement with the // symmetric key. ////////////////////////////////////////////////// EncryptedXml eXml = new EncryptedXml(); byte[] encryptedElement = eXml.EncryptData(elementToEncrypt, Alg, false); //////////////////////////////////////////////// // Construct an EncryptedData object and populate // it with the desired encryption information. //////////////////////////////////////////////// EncryptedData edElement = new EncryptedData(); edElement.Type = EncryptedXml.XmlEncElementUrl; // Create an EncryptionMethod element so that the // receiver knows which algorithm to use for decryption. // Determine what kind of algorithm is being used and // supply the appropriate URL to the EncryptionMethod element. string encryptionMethod = null; if (Alg is TripleDES) { encryptionMethod = EncryptedXml.XmlEncTripleDESUrl; } else if (Alg is DES) { encryptionMethod = EncryptedXml.XmlEncDESUrl; } else if (Alg is Rijndael) { switch (Alg.KeySize) { case 128: encryptionMethod = EncryptedXml.XmlEncAES128Url; break; case 192: encryptionMethod = EncryptedXml.XmlEncAES192Url; break; case 256: encryptionMethod = EncryptedXml.XmlEncAES256Url; break; } } else { // Throw an exception if the transform is not in the previous categories throw new CryptographicException("The specified algorithm is not supported for XML Encryption."); } edElement.EncryptionMethod = new EncryptionMethod(encryptionMethod); // Set the KeyInfo element to specify the // name of a key. // Create a new KeyInfo element. edElement.KeyInfo = new KeyInfo(); // Create a new KeyInfoName element. KeyInfoName kin = new KeyInfoName(); // Specify a name for the key. kin.Value = KeyName; // Add the KeyInfoName element. edElement.KeyInfo.AddClause(kin); // Add the encrypted element data to the // EncryptedData object. edElement.CipherData.CipherValue = encryptedElement; //////////////////////////////////////////////////// // Replace the element from the original XmlDocument // object with the EncryptedData element. //////////////////////////////////////////////////// EncryptedXml.ReplaceElement(elementToEncrypt, edElement, false); } public static void Decrypt(XmlDocument Doc, SymmetricAlgorithm Alg, string KeyName) { // Check the arguments. if (Doc == null) throw new ArgumentNullException("Doc"); if (Alg == null) throw new ArgumentNullException("Alg"); if (KeyName == null) throw new ArgumentNullException("KeyName"); // Create a new EncryptedXml object. EncryptedXml exml = new EncryptedXml(Doc); // Add a key-name mapping. // This method can only decrypt documents // that present the specified key name. exml.AddKeyNameMapping(KeyName, Alg); // Decrypt the element. exml.DecryptDocument(); } }
.NET Framework
Available since 1.1
Available since 1.1
Any public static ( Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.
Show: