I was working on a project using a SAML2 FederationMetadata document. The Xml signature of the document had to be verified. I had some issues out of the box so I thought I'd document them
"SignatureDescription could not be created for the signature algorithm supplied."
First issue was with the signature using the "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" encryption. For some reason it's not included in System.Security.Cryptography.Xml.SignedXml so the following class has to be added
public class RSAPKCS1SHA256SignatureDescription : SignatureDescription
base.KeyAlgorithm = "System.Security.Cryptography.RSACryptoServiceProvider";
base.DigestAlgorithm = "System.Security.Cryptography.SHA256Managed";
base.FormatterAlgorithm = "System.Security.Cryptography.RSAPKCS1SignatureFormatter";
base.DeformatterAlgorithm = "System.Security.Cryptography.RSAPKCS1SignatureDeformatter";
public override AsymmetricSignatureDeformatter CreateDeformatter(AsymmetricAlgorithm key)
AsymmetricSignatureDeformatter asymmetricSignatureDeformatter = (AsymmetricSignatureDeformatter)
Before you create the SignedXml object the Encrytion algorithm has to added to the config
SignedXml signedXml = new SignedXml(metadataXmlDocument);
Net issue I had was the signedXml.CheckSignature(certificate, false) returning false for valid signed files. The issue was that the certificate was not in the trusted root certificate store. Why that matters I'm not sure but the issue went away after I added it.