Support for RSA signatures |
|
|
by Dann Daggett [dann at exposim dot com] posted on 2003/11/17 |
|
Hi All,
I can't find anything that shows any data signing functions in this library. I need to RSA sign data using the private key from a certificate loaded from a pfx file. I can sign from a RSACryptoServiceProvider if I let it generate the key pair but I can't seem to import my cert's key information into it to make that work either.
My cert is loaded using Certificate.CreateFromPfxFile().
Does this library support this ability in any fashion?
Thanks,
Dann Daggett |
by Pieter Philippaerts [Pieter at mentalis dot org] posted on 2003/11/17 |
|
Look for the PrivateKey property of the Certificate class. This property returns an RSA instance that is initialized with the private key of the certificate [likewise, the PublicKey property returns an RSA instance that is initialized with the public key].
Once you have those RSA intances, you can use them to initialize a RSAPKCS1SignatureFormatter and/or RSAPKCS1SignatureDeformatter class to generate or verify the desired signatures. |
by Dann Daggett [dann at exposim dot com] posted on 2003/11/17 |
|
Thank you for such a quick response.
I have tried that but I get an error so I figured I'm not doing something right. Here's what I tried.
string p = "xxxxxx";
Certificate CliCert = Certificate.CreateFromPfxFile(@"C:/temp/private/client.pfx", p);
if( !CliCert.HasPrivateKey()) return;
// All runs ok till this statememnt.
RSA myRSA = CliCert.PrivateKey;
RSAPKCS1SignatureFormatter RSAFormatter = new RSAPKCS1SignatureFormatter(myRSA);
However, the RSA myRSA = CliCert.PrivateKey statement throws an exception when executed:
"An unhandled exception of type 'System.NullReferenceException' occurred in DdrmClient.exe
Additional information: Object reference not set to an instance of an object."
I'm sure I've missed a step somewhere right?
Thanks for your help.
Dann Daggett |
by Dann Daggett [dann at exposim dot com] posted on 2003/11/17 |
|
Doh! Forget about that last post, my var was out of scope!
Still testing...
Dann |
by Dann Daggett [dann at exposim dot com] posted on 2003/11/17 |
|
Yes, I found I was indeed hiding the static reference to CliCert, which explains the exception.
The signing process as you described appears to be working ok now.
Thank you so much for your help.
Dann Daggett |
by Glenn Hughes posted on 2003/11/18 |
|
I have had also a war with that.
I first tried to use Certificate.PrivateKey property straight to encrypt stuff, but it doesn't work as Mentalis implementation seem not to include crypt and decrypt functions to the RSA objects implementation available through private and public key properties.
Do something like this and you'll find the way !!! :
MD5 md5 = new MD5CryptoServiceProvider();
byte[] hashed = md5.ComputeHash(data);
//sign the hash
RSAPKCS1SignatureFormatter RSAFormatter = new RSAPKCS1SignatureFormatter(signCert.PrivateKey);
RSAFormatter.SetHashAlgorithm("MD5");
byte[] sig = RSAFormatter.CreateSignature(hashed);
|
by Glenn Hughes posted on 2003/11/18 |
|
I still wanted to continue...
and wanted to thank Mentalis boyz supplying nice basic functionality to link Certificates and RSA functions together. It seems that Microsoft suckers have left the implementation unfinished and all documentation is missing. _Really poor job_ and makes me really mad as I had to work 2 weeks to find a solution to implement simple cryptographic tasks based on public key cryptography and keys delivered with certificates.
Ok, that's it... happy crypting !
GH |
by Pieter Philippaerts [Pieter at mentalis dot org] posted on 2003/11/18 |
|
> but it doesn't work as Mentalis implementation
> seem not to include crypt and decrypt functions
> to the RSA objects implementation available
> through private and public key properties
Note that the RSA object returned by the Certificate class is not ours, but it's a standard RSACryptoServiceProvider that ships with the .NET framework.
Microsoft didn't implement the EncryptValue and DecryptValue methods of the RSACryptoServiceProvider class, simply because the Windows CryptoAPI doesn't support direct RSA encryption/decryption.
If you wish, you can cast the RSA instance returned by our Certificate class to an RSACryptoServiceProvider, but this will be done automatically for you if you use formatters and deformatters. |
by Dann Daggett [dann at exposim dot com] posted on 2003/11/18 |
|
Thanks for your posts they sure helped. I've got the RSA signatures working correctly now where the data is signed by my server (using openssl) and can be verified by my client program (using .net and this lib).
Next project: Figure out how to get ssl between my client and server :)
Thanks again,
Dann Daggett |