Home/ Questions/Q 6754543
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-26T13:17:35+00:00

I have c# code to sign an xml that is very similar to this

  • 0

I have c# code to sign an xml that is very similar to this post:
Java equivalent of C# XML signing method

Specifically, I am interested in this section:

// embed public key information for signature validation purposes
KeyInfo keyInfo = new KeyInfo();
KeyInfoX509Data keyInfoX509Data = new KeyInfoX509Data(certificate, X509IncludeOption.ExcludeRoot);
keyInfo.AddClause(keyInfoX509Data);
signedXml.KeyInfo = keyInfo;

My question is, does this code embed any private key information in the xml file? The comment of the code implies that it does not, which is good. I do not want to be embedding private key data in my xml file. But I am rather new to signing and it would be very bad if I did include private key data so I thought I would ask here. I tried first checking the microsoft doc on KeyInfoX509Data here: http://msdn.microsoft.com/en-us/library/t95xse03.aspx ,but that did not answer my question.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Certificates usually only hold the public key, though there’s a possibility the private key is in there if the certificate started in PKCS#12 format. If ‘certificate’ is an X509Certificate2 object, you can always look up the property HasPrivateKey to know for sure if there’s any private key info in that certificate.

    • 0