Skip to content

This is a reference csharp library that demonstrates how customers can digitally sign and verify XML message as per ISO20022 specification

License

Notifications You must be signed in to change notification settings

Mastercard/xmlsignverify-core-csharp

Repository files navigation

Table of Contents

Overview

This library provides reference implementation of ISO 20022 Digital Signature specification to sign and verify XML messages.

Refer to ISO20022 Signed Unsigned Message Examples for understanding the difference between a signed and unsigned message.

In a signed XML payload, you will see three reference nodes:

  • Resource as URI="" - will get resolved to AppHdr
  • Resource with no URI - will get resolved to Document
  • Resource as URI="#id" - will get resolved to element as per that id value

Compatibility

  • Visual Studio 2019+ or JetBrain Rider 2020+
  • Framework NET 5.0

Usage

Signing the Request

XmlSignUtil.Sign(XmlDocument xmlDocument, SignatureInfo signatureInfo, SignatureKeyInfo signatureKeyinfo) signs the XML Document where:

  • xmlDocument - the unsigned payload
  • signatureInfo - signature info which is used in signing the payload
  • signatureKeyInfo - signature key info which holds private key and ski bytes to be set in X509 Data element

Refer to detailed message signing flow.

Verifying the Request

XmlSignUtil.Verify(XmlDocument signedXml, AsymmetricAlgorithm publicKey) verifies the signed payload where:

  • signedXml - the signed payload
  • publicKey - the public key

Refer to detailed message verification flow.

Adding the Classes to Your Project

There are two classes:

  • XmlSignUtil.cs
  • XmlSignUtilTest.cs

XmlSignUtil.cs calls below methods:

  • Sign
  • Verify

XmlSignUtilTest.cs includes 4 test cases:

  • Sign the document and verify it: SignAndVerifyTest()
  • Sign the document and then try to verify with wrong public key and assert failure in verification: SignAndVerifyWithWrongPublicKeyTest()
  • Sign the document and tamper the payload and assert failure in verification: SignAndVerifyWithWhenSignedPayloadTamperedTest()
  • Verify a Java-signed document: JavaSignedVerifyTest()

About

This is a reference csharp library that demonstrates how customers can digitally sign and verify XML message as per ISO20022 specification

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages