yogesh s

experimenting with crytography classes.. particlarly digital signing and
verificatino feature.. even though in .NET 1.1 there is no direct way to
derive RSA from X509Certificate class.. so i installed WSE 2.0 SP3 which
provides this feature out-of-box.. but the problem is verification of
signature fails.. i am sure i must be doing something wrong.. here are the
below steps i performed.

1. Created a new Certificate
makecert -sk Test1 -a sha1 -r C:\test.cer -ss YogStore

2. Ran the following code
using System;
using System.Text;
using WSESimpleTCPDLL;
//using Microsoft.Web.Services2.Security.Cryptography;
using Microsoft.Web.Services2.Security.X509;
using System.Security.Cryptography;

namespace SecTest
{
class Class1
{
[STAThread]
static void Main(string[] args)
{

CspParameters param = new CspParameters();
param.KeyContainerName = "Test1";
RSACryptoServiceProvider crypto = new RSACryptoServiceProvider(param);
byte[] text = Encoding.ASCII.GetBytes("Yogesh Shetty");
byte[] signed = crypto.SignData(text,new SHA1CryptoServiceProvider());


X509CertificateStore store =
X509CertificateStore.CurrentUserStore("YogStore");
store.OpenRead();
X509Certificate sender = (X509Certificate)store.Certificates[0];

RSAParameters sender_private = sender.Key.ExportParameters(false);
System.Security.Cryptography.RSACryptoServiceProvi der rsa = new
System.Security.Cryptography.RSACryptoServiceProvi der();
rsa.ImportParameters( sender_private );

byte[] cleartext = ASCIIEncoding.ASCII.GetBytes("Yogesh Shetty");
bool result = rsa.VerifyData(text,new SHA1CryptoServiceProvider(),signed);

}
}
}


Thx for your help..

william stacey mvp

Did some basic diag. Checked both public keys to see if they where the
same. They were not. Then I remembered the two keys stored in a key store
slot - 1 and 2 (Exchange and Signature). Need to use Signature key (i.e.
#2). The key store has been source of much confusion (for me anyway) and is
still not implemented great IMHO. That said, one line should fix this as
below. I did this on 2.0, and don't think I added anything that will not
work on 1.1, but a compile will show it. Also "sender_private" is really a
public key in this case, so I changed to "pubKey". HTH

using System;
using System.Text;
using Microsoft.Web.Services3.Security.X509;
using System.Security.Cryptography;
using System.Security;

namespace SecTest
{
class Class1
{
[STAThread]
static void Main(string[] args)
{
CspParameters param = new CspParameters();
param.KeyContainerName = "Test1";
param.KeyNumber = 2;
RSACryptoServiceProvider crypto = new
RSACryptoServiceProvider(param);
string xml = crypto.ToXmlString(false);
xml = Utils.GetFormattedXML(xml);
Console.WriteLine(xml);

byte[] text = Encoding.ASCII.GetBytes("Yogesh Shetty");
byte[] sig = crypto.SignData(text, new
SHA1CryptoServiceProvider());

X509CertificateStore store =
X509CertificateStore.CurrentUserStore("YogStore");
store.OpenRead();
X509Certificate sender = (X509Certificate)store.Certificates[0];

RSAParameters pubParms = sender.Key.ExportParameters(false);
RSACryptoServiceProvider pubKey = new
RSACryptoServiceProvider();
pubKey.ImportParameters(pubParms);
xml = pubKey.ToXmlString(false);
xml = Utils.GetFormattedXML(xml);
Console.WriteLine();
Console.WriteLine(xml);
byte[] cleartext = ASCIIEncoding.ASCII.GetBytes("Yogesh
Shetty");
bool result = pubKey.VerifyData(text, new
SHA1CryptoServiceProvider(), sig);
if ( result )
Console.WriteLine("Sig Verify Good.");
else
Console.WriteLine("Sig Verify Failed.");
}
}
}

--
William Stacey [MVP]

william stacey mvp

Out of curiousity, I tried a 2.0 version with no wse dlls, using the new
namespaces in 2.0. Here it is.

using System;
using System.Text;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using System.Security;

namespace SecTest
{
class Class1
{
[STAThread]
static void Main(string[] args)
{
//1. Created a new Certificate
//makecert -sk Test1 -a sha1 -r C:\test.cer -ss YogStore

CspParameters param = new CspParameters();
param.KeyContainerName = "Test1";
param.KeyNumber = 2;
RSACryptoServiceProvider crypto = new
RSACryptoServiceProvider(param);
string xml = crypto.ToXmlString(false);
xml = Utils.GetFormattedXML(xml);
Console.WriteLine(xml);

byte[] text = Encoding.ASCII.GetBytes("Yogesh Shetty");
byte[] sig = crypto.SignData(text, new
SHA1CryptoServiceProvider());

X509Store store = new X509Store("YogStore");
store.Open(OpenFlags.ReadOnly);
X509Certificate2 sender =
(X509Certificate2)store.Certificates[0];

RSACryptoServiceProvider pubKey = (RSACryptoServiceProvider)
sender.PublicKey.Key;
xml = pubKey.ToXmlString(false);
xml = Utils.GetFormattedXML(xml);
Console.WriteLine();
Console.WriteLine(xml);
byte[] cleartext = ASCIIEncoding.ASCII.GetBytes("Yogesh
Shetty");
bool result = pubKey.VerifyData(text, new
SHA1CryptoServiceProvider(), sig);
if ( result )
Console.WriteLine("Sig Verify Good.");
else
Console.WriteLine("Sig Verify Failed.");
}
}
}

--
William Stacey [MVP]

yogesh s

Thx William.. works like charm..