News  [SoftwareSite

Latest News
Older News
RSS Feed
 
Complete Projects
Useful Classes
Top Downloads
Message Board
AllAPI.net
 
Send Comments
Software License
Mentalis.org Buttons
Donate
 
Forums -> Security Library Forum
 
Support for RSA signatures  
by Dann Daggett [dann at exposim dot com]
posted on 2003/11/17

Hi All,

I can't find anything that shows any data signing functions in this library. I need to RSA sign data using the private key from a certificate loaded from a pfx file. I can sign from a RSACryptoServiceProvider if I let it generate the key pair but I can't seem to import my cert's key information into it to make that work either.
My cert is loaded using Certificate.CreateFromPfxFile().

Does this library support this ability in any fashion?

Thanks,
Dann Daggett

by Pieter Philippaerts [Pieter at mentalis dot org]
posted on 2003/11/17

Look for the PrivateKey property of the Certificate class. This property returns an RSA instance that is initialized with the private key of the certificate [likewise, the PublicKey property returns an RSA instance that is initialized with the public key].

Once you have those RSA intances, you can use them to initialize a RSAPKCS1SignatureFormatter and/or RSAPKCS1SignatureDeformatter class to generate or verify the desired signatures.

by Dann Daggett [dann at exposim dot com]
posted on 2003/11/17

Thank you for such a quick response.

I have tried that but I get an error so I figured I'm not doing something right. Here's what I tried.

string p = "xxxxxx";
Certificate CliCert = Certificate.CreateFromPfxFile(@"C:/temp/private/client.pfx", p);
if( !CliCert.HasPrivateKey()) return;
// All runs ok till this statememnt.
RSA myRSA = CliCert.PrivateKey;
RSAPKCS1SignatureFormatter RSAFormatter = new RSAPKCS1SignatureFormatter(myRSA);

However, the RSA myRSA = CliCert.PrivateKey statement throws an exception when executed:
"An unhandled exception of type 'System.NullReferenceException' occurred in DdrmClient.exe

Additional information: Object reference not set to an instance of an object."

I'm sure I've missed a step somewhere right?

Thanks for your help.
Dann Daggett

by Dann Daggett [dann at exposim dot com]
posted on 2003/11/17

Doh! Forget about that last post, my var was out of scope!

Still testing...

Dann

by Dann Daggett [dann at exposim dot com]
posted on 2003/11/17

Yes, I found I was indeed hiding the static reference to CliCert, which explains the exception.

The signing process as you described appears to be working ok now.

Thank you so much for your help.
Dann Daggett

by Glenn Hughes
posted on 2003/11/18

I have had also a war with that.

I first tried to use Certificate.PrivateKey property straight to encrypt stuff, but it doesn't work as Mentalis implementation seem not to include crypt and decrypt functions to the RSA objects implementation available through private and public key properties.

Do something like this and you'll find the way !!! :

MD5 md5 = new MD5CryptoServiceProvider();
byte[] hashed = md5.ComputeHash(data);

//sign the hash
RSAPKCS1SignatureFormatter RSAFormatter = new RSAPKCS1SignatureFormatter(signCert.PrivateKey);

RSAFormatter.SetHashAlgorithm("MD5");
byte[] sig = RSAFormatter.CreateSignature(hashed);



by Glenn Hughes
posted on 2003/11/18

I still wanted to continue...

and wanted to thank Mentalis boyz supplying nice basic functionality to link Certificates and RSA functions together. It seems that Microsoft suckers have left the implementation unfinished and all documentation is missing. _Really poor job_ and makes me really mad as I had to work 2 weeks to find a solution to implement simple cryptographic tasks based on public key cryptography and keys delivered with certificates.

Ok, that's it... happy crypting !

GH

by Pieter Philippaerts [Pieter at mentalis dot org]
posted on 2003/11/18

> but it doesn't work as Mentalis implementation
> seem not to include crypt and decrypt functions
> to the RSA objects implementation available
> through private and public key properties

Note that the RSA object returned by the Certificate class is not ours, but it's a standard RSACryptoServiceProvider that ships with the .NET framework.

Microsoft didn't implement the EncryptValue and DecryptValue methods of the RSACryptoServiceProvider class, simply because the Windows CryptoAPI doesn't support direct RSA encryption/decryption.

If you wish, you can cast the RSA instance returned by our Certificate class to an RSACryptoServiceProvider, but this will be done automatically for you if you use formatters and deformatters.

by Dann Daggett [dann at exposim dot com]
posted on 2003/11/18

Thanks for your posts they sure helped. I've got the RSA signatures working correctly now where the data is signed by my server (using openssl) and can be verified by my client program (using .net and this lib).

Next project: Figure out how to get ssl between my client and server :)

Thanks again,
Dann Daggett

 

Copyright © 2002-2007, The Mentalis.org Team. All rights reserved.
This site is located at http://www.mentalis.org/
Send comments to the webmaster.