How to sign xml element using RSA-SHA1 algorithm?

Question

I need to sign (and verify eventually) one of the nodes of an XML document using RSA-SHA1 algorithm. w3.org link

RSA-SHA1 URI:
http://www.w3.org/2000/09/xmldsig#rsa-sha1
Specified in:
section 6.4.2 of [XMLDSIG-CORE2002]

I am following this example, however cannot figure how to change the algorithm to required.

The signature generation happens here:

signedXml.ComputeSignature();

The only override with a parameter expects KeyedHashAlgorithm:

public void ComputeSignature(KeyedHashAlgorithm macAlg); (link)

KeyedHashAlgorithm (link) in turn only allows creating HMAC* and MAC* algorithms and has no RSA-SHA1.

What is the most painless way of signing an XML with RSA-SHA1 in .Net?

Edit:

I'm trying to use a X509 certificate to extract the key. Certificate's signature algorithm property is sha1RSA.

This is how I'm assigning it:

var signedXml = new SignedXml(xmlDoc);
...
signedXml.SigningKey = (RSACryptoServiceProvider)cert.PrivateKey;
...
signedXml.ComputeSignature();

The resulting signature xml format matches expected one, however digest and signature values are invalid.

Answer 1

In .NET Framework 1.1 through .NET Framework 4.7 you get RSA-SHA-1 by simply setting signedXml.SigningKey to an RSA key object.

If .NET 4.7.1 (currently in preview) is installed the default for RSA will change to RSA-SHA-2-256, per https://github.com/Microsoft/dotnet/blob/master/releases/net471/dotnet471-changes.md.

So, if you really want a RSA-SHA-1 signature you need to

a) set signedXml.SigningKey to an RSA key

b) set signedXml.SignedInfo.SignatureMethod = SignedXml.XmlDsigRSASHA1Url

(both before calling signedXml.ComputeSignature())

Conversely, if you want to do something better than RSA-SHA-1 on current versions, set signedXml.SignedInfo.SignatureMethod to SignedXml.XmlDsigSHA256Url or better.

---

Word of warning: SHA-1 is considered broken for cryptographic purposes now that a collision has been found. While it's not generalized enough (at this point) to attack arbitrary XML, it may well grow up to that point. You really shouldn't be using SHA-1 in anything new, and should consider validating that your signature method is something better than SHA-1 based when deciding whether to accept a signed document.