Decrypt signaturevalue from XML c#

Question

I've signed a XML file to send with the proper securities but somehow the service I'm sending detects the file has an invalid signature (X.509 certificate validation it's ok). I've been searching if it's possible, once I have signed an specific XML, to retrieve the XML signed informations back (like a decryption) to verify if I'm using the right nodes to sign the XML. Could anyone help me?

Ps.: I still have public and private certificate key.

This is the code I used to sign the elements "infEvento" of the XML, and after it, the XML element.

public XmlDocument retornaEvtsXMLAssinados(X509Certificate2 cert, string MensagemXML)
{            
    XmlDocument xmlDoc = new XmlDocument();

    xmlDoc.LoadXml(MensagemXML);
    XmlNodeList evtsNode = xmlDoc.GetElementsByTagName("evento");

    foreach (XmlElement evtNode in evtsNode)
    {
        RSACryptoServiceProvider key = new System.Security.Cryptography.RSACryptoServiceProvider();
        System.Security.Cryptography.Xml.SignedXml SignedDocument;
        var keyInfo = new System.Security.Cryptography.Xml.KeyInfo();
        keyInfo.AddClause(new KeyInfoX509Data(cert));
        key = (System.Security.Cryptography.RSACryptoServiceProvider)cert.PrivateKey;
        SignedDocument = new System.Security.Cryptography.Xml.SignedXml(evtNode);
        SignedDocument.SigningKey = key;
        SignedDocument.KeyInfo = keyInfo;
        Reference reference = new System.Security.Cryptography.Xml.Reference();
        reference.Uri = "#" + evtNode["infEvento"].Attributes["Id"].Value;
        reference.AddTransform(new XmlDsigEnvelopedSignatureTransform());
        reference.AddTransform(new XmlDsigC14NTransform(false));
        SignedDocument.AddReference(reference);
        SignedDocument.ComputeSignature();
        XmlElement xmlDigitalSignature = SignedDocument.GetXml();
        XmlNode nodeAss = xmlDoc.ImportNode(xmlDigitalSignature, true);
        evtNode.AppendChild(nodeAss);
    }
    return xmlDoc;
}

And here is the XML element:

<?xml version="1.0" encoding="utf-8"?>
<envEvento xmlns="http://www.portalfiscal.inf.br/nfe" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" versao="1.00">
  <idLote>1</idLote>
  <evento versao="1.00">
    <infEvento Id="ID2102103518064328381100910655001000067942126336601001">
      <cOrgao>91</cOrgao>
      <tpAmb>1</tpAmb>
      <CNPJ>53773073000182</CNPJ>
      <chNFe>35180643283811009106550010000679421263366010</chNFe>
      <dhEvento>2018-07-25T02:47:06-03:00</dhEvento>
      <tpEvento>210210</tpEvento>
      <nSeqEvento>1</nSeqEvento>
      <verEvento>1.00</verEvento>
      <detEvento versao="1.00">
        <descEvento>Ciencia da Operacao</descEvento>
      </detEvento>
    </infEvento>
    <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
      <SignedInfo>
        <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
        <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
        <Reference URI="#ID2102103518064328381100910655001000067942126336601001">
          <Transforms>
            <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
            <Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
          </Transforms>
          <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
          <DigestValue>BahmhJGVCbcRzzZ2a3IdfoGggSY=</DigestValue>
        </Reference>
      </SignedInfo>
      <SignatureValue>01MRXk7YiSo9g8OBqR0H4gmYxXBHCFAfoloKacDOYMZr/1Y4kl0GZcfqOCM6+AyxpNmVUYPh860tMklqdTqwXeJR4eceIafJag9lntCD3BuiXnR/O9uP6jxouPu+aGf2fpuVbsOex6WnKG5gPtOnV02cvZ0nB0pMbyhetFEOptq/F8Mv/+wcYsQGnFAFLD2jqqSD0HGeNJPh8C4M6JGh6jjgC8FOnLtihd+cqydNH/OTjDwSczhtEM/3GyeHULf+RJS4DEfRhLLcpdpJAsV9yzSIhkf1ecnVvdjncc4SZdySEOMYhtJLOhQqU6pTGhZS0D0/BiA3O6E6ZTgB1xPUQw==</SignatureValue>
      <KeyInfo>
        <X509Data>
          <X509Certificate>MIIH6TCCBdGgAwIBAgIIDsPfGUgZG6UwDQYJKoZIhvcNAQELBQAwcTELMAkGA1UEBhMCQlIxEzARBgNVBAoTCklDUC1CcmFzaWwxNjA0BgNVBAsTLVNlY3JldGFyaWEgZGEgUmVjZWl0YSBGZWRlcmFsIGRvIEJyYXNpbCAtIFJGQjEVMBMGA1UEAxMMQUMgVkFMSUQgUkZCMB4XDTE4MDMwMjIwNDQyNloXDTE5MDMwMjIwNDQyNlowgdkxCzAJBgNVBAYTAkJSMQswCQYDVQQIEwJTUDESMBAGA1UEBxMJU0FPIFBBVUxPMRMwEQYDVQQKEwpJQ1AtQnJhc2lsMTYwNAYDVQQLEy1TZWNyZXRhcmlhIGRhIFJlY2VpdGEgRmVkZXJhbCBkbyBCcmFzaWwgLSBSRkIxFjAUBgNVBAsTDVJGQiBlLUNOUEogQTExFDASBgNVBAsTC0FSIFZBTElEIENEMS4wLAYDVQQDEyVTT0ZUSU5HIEFVVE9NQUNBTyBMVERBOjUzNzczMDczMDAwMTgyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/NdAgCCzmx/vhkgkP8ebgIPdXIhAKvgWAZlymWV79/xR2xHkCuYSH8kbTJeHCk4F/GVmrGXKt3Go61FzZ2Nz8gkKZk1Cq6v8c4YYYbmf/OAVX3QmnsAR0Sl6J05UP/ABh0YkiUevUcqRqba+bee3R3MWiGHy8Bqt9z+VRKBUupprlIXKLWDwoJxjQS+QGDn+rukKorOs18+bnC0mRPp4egK13stZs99wDlKBbN5CxR4WgReB/w0Nnvj+h6BeeEBd8ivt7ZwWFkPdUpseha4Z6qHJpztff8xsxhUyBbMG+Oa3Lcxr+Yt+h6LXsUr+GkgQkQRWFfENjmZKd/6UQN3k8QIDAQABo4IDGjCCAxYwgZoGCCsGAQUFBwEBBIGNMIGKMFUGCCsGAQUFBzAChklodHRwOi8vaWNwLWJyYXNpbC52YWxpZGNlcnRpZmljYWRvcmEuY29tLmJyL2FjLXZhbGlkcmZiL2FjLXZhbGlkcmZidjIucDdiMDEGCCsGAQUFBzABhiVodHRwOi8vb2NzcC52YWxpZGNlcnRpZmljYWRvcmEuY29tLmJyMAkGA1UdEwQCMAAwHwYDVR0jBBgwFoAUR7kIWdhC9pL893wVfCaASkWRfp8wbgYDVR0gBGcwZTBjBgZgTAECASUwWTBXBggrBgEFBQcCARZLaHR0cDovL2ljcC1icmFzaWwudmFsaWRjZXJ0aWZpY2Fkb3JhLmNvbS5ici9hYy12YWxpZHJmYi9kcGMtYWMtdmFsaWRyZmIucGRmMIIBAQYDVR0fBIH5MIH2MFOgUaBPhk1odHRwOi8vaWNwLWJyYXNpbC52YWxpZGNlcnRpZmljYWRvcmEuY29tLmJyL2FjLXZhbGlkcmZiL2xjci1hYy12YWxpZHJmYnYyLmNybDBUoFKgUIZOaHR0cDovL2ljcC1icmFzaWwyLnZhbGlkY2VydGlmaWNhZG9yYS5jb20uYnIvYWMtdmFsaWRyZmIvbGNyLWFjLXZhbGlkcmZidjIuY3JsMEmgR6BFhkNodHRwOi8vcmVwb3NpdG9yaW8uaWNwYnJhc2lsLmdvdi5ici9sY3IvVkFMSUQvbGNyLWFjLXZhbGlkcmZidjIuY3JsMA4GA1UdDwEB/wQEAwIF4DAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwgaYGA1UdEQSBnjCBm4EVdGVyZXphQHNvZnRpbmcuY29tLmJyoDgGBWBMAQMEoC8ELTIxMTAxOTUyODc0ODY0MzE4MTUwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMKAUBgVgTAEDAqALBAlUSU5HIFlBTkegGQYFYEwBAwOgEAQONTM3NzMwNzMwMDAxODKgFwYFYEwBAwegDgQMMDAwMDAwMDAwMDAwMA0GCSqGSIb3DQEBCwUAA4ICAQAz9zGz3gT09rIOmkKTF1ZnRt2oGeedEnlqrJ7lqV9vu3xjyzEQoFyqmp2u93YeMuTOi7hjeZ0BYaPnNJbOlJ2I4sJwioJc/PsAqn+VDbb7KVrUC6VXZVYs/9tsFETrNdal7BnGXts5wiZtPa1iRx90RLxFfJeJ0E2Y/0kY4VCagn+vovgyYB76i8F03lkJnW2ScpCeaunva2NurlORRiNfhy9YpBqYdIZA5I0S3qOlgi1BLdrNkNHnlAsv7VO3xzEwsX/pR8g7b97TYtjcxJpnz3zeCLJb2Fawudd6C2aubUUxotbj7W/ER1De8yDDHKd7xt62s8Qarw2EICBMQzaGKKnQXBzddtCmS1Skjbloq5s03dH2Q0NJigG7lodRrSWvndtTkmoksL/IjOVq6z4sBYB36mPr+PqMklnisU6pinHa5/vFbJiIfbbNHdcogp+ndOz9AMRS76EtJubspQ/sSALZzicp1bXtgpnaLdOC+ow8pW1XH/bZOcWDo1vieQCs7Y/T2tPIEw4FBa6BvEwbK4w31VUaoe3aac/Wlhl52f7aydp/4VeH5fzFk2sTMpOw5a8tGyO5Avoem1SCJEinjJBLBu9V3UF/4kJc7M4+8i8MdX50cJA30Go5EpMnuvB4nHe8x9RxgpFyBhoqRWkTLBvHCs84OPlu6jMN0whE2Q==</X509Certificate>
        </X509Data>
      </KeyInfo>
    </Signature>
  </evento>
  <evento versao="1.00">
    <infEvento Id="ID2102103518064328381100910655001000067986126343904601">
      <cOrgao>91</cOrgao>
      <tpAmb>1</tpAmb>
      <CNPJ>53773073000182</CNPJ>
      <chNFe>35180643283811009106550010000679861263439046</chNFe>
      <dhEvento>2018-07-25T02:47:06-03:00</dhEvento>
      <tpEvento>210210</tpEvento>
      <nSeqEvento>1</nSeqEvento>
      <verEvento>1.00</verEvento>
      <detEvento versao="1.00">
        <descEvento>Ciencia da Operacao</descEvento>
      </detEvento>
    </infEvento>
    <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
      <SignedInfo>
        <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
        <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
        <Reference URI="#ID2102103518064328381100910655001000067986126343904601">
          <Transforms>
            <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
            <Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
          </Transforms>
          <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
          <DigestValue>atbTWNxi44DcxulttJidbuNCxQo=</DigestValue>
        </Reference>
      </SignedInfo>
      <SignatureValue>+wxGkr1l7uFnzlcPFhOSnMN675j9syXlPW9L2UupO1lAienG0GQ9Ta786Wh3/RmqLywfhjob6KXXkh2iiVXAUrOVcQU9akRxwlse93auCEJRff5uQChgKryQycu6XigB/nhNPE50ay8xnhFsSR3nHGYjWcWVnKi6uQAnM69Bx6lOQpvTTh+pSNM2/lXD/eC94b3iKzEi4DkE0yfQ1LRUGd7tUnB0/Y8j+Hu+w8pFYh6Nurabmv1GjNRzpDooZUGxcuWkvtVsFd3VshVqIZ7FKIMnGw8fcsN2h+sv3/OQqe7MJ78z98fMoUv/R1FTklWYqV6vUptK1XnyJ61VbHz1XQ==</SignatureValue>
      <KeyInfo>
        <X509Data>
          <X509Certificate>MIIH6TCCBdGgAwIBAgIIDsPfGUgZG6UwDQYJKoZIhvcNAQELBQAwcTELMAkGA1UEBhMCQlIxEzARBgNVBAoTCklDUC1CcmFzaWwxNjA0BgNVBAsTLVNlY3JldGFyaWEgZGEgUmVjZWl0YSBGZWRlcmFsIGRvIEJyYXNpbCAtIFJGQjEVMBMGA1UEAxMMQUMgVkFMSUQgUkZCMB4XDTE4MDMwMjIwNDQyNloXDTE5MDMwMjIwNDQyNlowgdkxCzAJBgNVBAYTAkJSMQswCQYDVQQIEwJTUDESMBAGA1UEBxMJU0FPIFBBVUxPMRMwEQYDVQQKEwpJQ1AtQnJhc2lsMTYwNAYDVQQLEy1TZWNyZXRhcmlhIGRhIFJlY2VpdGEgRmVkZXJhbCBkbyBCcmFzaWwgLSBSRkIxFjAUBgNVBAsTDVJGQiBlLUNOUEogQTExFDASBgNVBAsTC0FSIFZBTElEIENEMS4wLAYDVQQDEyVTT0ZUSU5HIEFVVE9NQUNBTyBMVERBOjUzNzczMDczMDAwMTgyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/NdAgCCzmx/vhkgkP8ebgIPdXIhAKvgWAZlymWV79/xR2xHkCuYSH8kbTJeHCk4F/GVmrGXKt3Go61FzZ2Nz8gkKZk1Cq6v8c4YYYbmf/OAVX3QmnsAR0Sl6J05UP/ABh0YkiUevUcqRqba+bee3R3MWiGHy8Bqt9z+VRKBUupprlIXKLWDwoJxjQS+QGDn+rukKorOs18+bnC0mRPp4egK13stZs99wDlKBbN5CxR4WgReB/w0Nnvj+h6BeeEBd8ivt7ZwWFkPdUpseha4Z6qHJpztff8xsxhUyBbMG+Oa3Lcxr+Yt+h6LXsUr+GkgQkQRWFfENjmZKd/6UQN3k8QIDAQABo4IDGjCCAxYwgZoGCCsGAQUFBwEBBIGNMIGKMFUGCCsGAQUFBzAChklodHRwOi8vaWNwLWJyYXNpbC52YWxpZGNlcnRpZmljYWRvcmEuY29tLmJyL2FjLXZhbGlkcmZiL2FjLXZhbGlkcmZidjIucDdiMDEGCCsGAQUFBzABhiVodHRwOi8vb2NzcC52YWxpZGNlcnRpZmljYWRvcmEuY29tLmJyMAkGA1UdEwQCMAAwHwYDVR0jBBgwFoAUR7kIWdhC9pL893wVfCaASkWRfp8wbgYDVR0gBGcwZTBjBgZgTAECASUwWTBXBggrBgEFBQcCARZLaHR0cDovL2ljcC1icmFzaWwudmFsaWRjZXJ0aWZpY2Fkb3JhLmNvbS5ici9hYy12YWxpZHJmYi9kcGMtYWMtdmFsaWRyZmIucGRmMIIBAQYDVR0fBIH5MIH2MFOgUaBPhk1odHRwOi8vaWNwLWJyYXNpbC52YWxpZGNlcnRpZmljYWRvcmEuY29tLmJyL2FjLXZhbGlkcmZiL2xjci1hYy12YWxpZHJmYnYyLmNybDBUoFKgUIZOaHR0cDovL2ljcC1icmFzaWwyLnZhbGlkY2VydGlmaWNhZG9yYS5jb20uYnIvYWMtdmFsaWRyZmIvbGNyLWFjLXZhbGlkcmZidjIuY3JsMEmgR6BFhkNodHRwOi8vcmVwb3NpdG9yaW8uaWNwYnJhc2lsLmdvdi5ici9sY3IvVkFMSUQvbGNyLWFjLXZhbGlkcmZidjIuY3JsMA4GA1UdDwEB/wQEAwIF4DAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwgaYGA1UdEQSBnjCBm4EVdGVyZXphQHNvZnRpbmcuY29tLmJyoDgGBWBMAQMEoC8ELTIxMTAxOTUyODc0ODY0MzE4MTUwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMKAUBgVgTAEDAqALBAlUSU5HIFlBTkegGQYFYEwBAwOgEAQONTM3NzMwNzMwMDAxODKgFwYFYEwBAwegDgQMMDAwMDAwMDAwMDAwMA0GCSqGSIb3DQEBCwUAA4ICAQAz9zGz3gT09rIOmkKTF1ZnRt2oGeedEnlqrJ7lqV9vu3xjyzEQoFyqmp2u93YeMuTOi7hjeZ0BYaPnNJbOlJ2I4sJwioJc/PsAqn+VDbb7KVrUC6VXZVYs/9tsFETrNdal7BnGXts5wiZtPa1iRx90RLxFfJeJ0E2Y/0kY4VCagn+vovgyYB76i8F03lkJnW2ScpCeaunva2NurlORRiNfhy9YpBqYdIZA5I0S3qOlgi1BLdrNkNHnlAsv7VO3xzEwsX/pR8g7b97TYtjcxJpnz3zeCLJb2Fawudd6C2aubUUxotbj7W/ER1De8yDDHKd7xt62s8Qarw2EICBMQzaGKKnQXBzddtCmS1Skjbloq5s03dH2Q0NJigG7lodRrSWvndtTkmoksL/IjOVq6z4sBYB36mPr+PqMklnisU6pinHa5/vFbJiIfbbNHdcogp+ndOz9AMRS76EtJubspQ/sSALZzicp1bXtgpnaLdOC+ow8pW1XH/bZOcWDo1vieQCs7Y/T2tPIEw4FBa6BvEwbK4w31VUaoe3aac/Wlhl52f7aydp/4VeH5fzFk2sTMpOw5a8tGyO5Avoem1SCJEinjJBLBu9V3UF/4kJc7M4+8i8MdX50cJA30Go5EpMnuvB4nHe8x9RxgpFyBhoqRWkTLBvHCs84OPlu6jMN0whE2Q==</X509Certificate>
        </X509Data>
      </KeyInfo>
    </Signature>
  </evento>
</envEvento>

Thanks for the attention

Answer 1

Here is what I currently use for one of mine. Some like adding an additional element may not be needed in your case but, just in case I left it in there.

private static void SignXml(XmlDocument doc, X509Certificate2 cert)
{
    var signer = new SignedXmlWithId(doc);

    signer.SigningKey = cert.PrivateKey;
    signer.KeyInfo = new KeyInfo();

    var s = new SecurityTokenReference();
    s.Reference = "uuid-639b0-fc-1";
    s.ValueType = "http://Something.com";
    signer.KeyInfo.AddClause(s);

    signer.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl;
    var bodyRef = new Reference("#ID-00008");
    var messageRef = new Reference("#ID-00004");
    var usernameRef = new Reference("#ID-00001");

    bodyRef.AddTransform(new XmlDsigExcC14NTransform());
    messageRef.AddTransform(new XmlDsigExcC14NTransform());
    usernameRef.AddTransform(new XmlDsigExcC14NTransform());

    signer.AddReference(bodyRef);
    signer.AddReference(messageRef);
    signer.AddReference(usernameRef);

    signer.ComputeSignature();

    var signData = signer.GetXml();

    var nsmgr = new XmlNamespaceManager(doc.NameTable);
    nsmgr.AddNamespace("SOAP-ENV", "http://schemas.xmlsoap.org/soap/envelope/");
    nsmgr.AddNamespace("wsee", "http://stuff.to.add");
    nsmgr.AddNamespace("cwsh", "http://more.stuff.to.add");

    var security = doc.SelectSingleNode("/SOAP-ENV:Envelope/SOAP-ENV:Header/wsee:Security", nsmgr);
    security.AppendChild(doc.ImportNode(signData, true));
}

//Subclass to add namespace when signing
public class SignedXmlWithId : SignedXml
{
    public SignedXmlWithId(XmlDocument xml) : base(xml)
    {
    }

    public SignedXmlWithId(XmlElement xmlElement) : base(xmlElement)
    {
    }

    public override XmlElement GetIdElement(XmlDocument doc, string id)
    {
        // check to see if it's a standard ID reference
        var idElem = base.GetIdElement(doc, id);

        if (idElem == null)
        {
            var nsManager = new XmlNamespaceManager(doc.NameTable);
            nsManager.AddNamespace("wsu",
                "http://wsssecurity.location");

            idElem = doc.SelectSingleNode("//*[@wsu:Id=\"" + id + "\"]", nsManager) as XmlElement;
        }

        return idElem;
    }
}