This class allows you to sign with either an RSACryptoServiceProvider/DSACryptoServiceProvider from a X509Certificate2, or from manually created RSACryptoServiceProvider/DSACryptoServiceProvider. Depending on the certificate's CSP, sometimes you will not be able to sign with SHA-256/SHA-512 hash algorithm with RSACryptoServiceProvider taken directly from the certificate. This class allows you to use a workaround in this case and sign with certificate's private key and SHA-256/SHA-512 anyway. More...
Public Member Functions |
|
| AsymmetricAlgorithmSignature (RSACryptoServiceProvider algorithm, String digestAlgorithm) | |
| AsymmetricAlgorithmSignature (DSACryptoServiceProvider algorithm) | |
| ISignatureMechanismParams | GetSignatureMechanismParameters () |
| Return the algorithm parameters that need to be encoded together with the signature mechanism identifier. More... |
|
| byte[] | Sign (byte[] message) |
| Signs the given message using the encryption algorithm in combination with the hash algorithm. More... |
|
| string | GetDigestAlgorithmName () |
| Returns the digest algorithm. More... |
|
| string | GetSignatureAlgorithmName () |
| Returns the signature algorithm used for signing, disregarding the digest function. More... |
|
Detailed Description
This class allows you to sign with either an RSACryptoServiceProvider/DSACryptoServiceProvider from a X509Certificate2, or from manually created RSACryptoServiceProvider/DSACryptoServiceProvider. Depending on the certificate's CSP, sometimes you will not be able to sign with SHA-256/SHA-512 hash algorithm with RSACryptoServiceProvider taken directly from the certificate. This class allows you to use a workaround in this case and sign with certificate's private key and SHA-256/SHA-512 anyway.
An example of a workaround for CSP that does not support SHA-256/SHA-512: if (certificate.PrivateKey is RSACryptoServiceProvider) {
RSACryptoServiceProvider rsa = (RSACryptoServiceProvider)certificate.PrivateKey;
// Modified by J. Arturo // Workaround for SHA-256 and SHA-512
if (rsa.CspKeyContainerInfo.ProviderName == "Microsoft Strong Cryptographic Provider" || rsa.CspKeyContainerInfo.ProviderName == "Microsoft Enhanced Cryptographic Provider v1.0" || rsa.CspKeyContainerInfo.ProviderName == "Microsoft Base Cryptographic Provider v1.0") { string providerName = "Microsoft Enhanced RSA and AES Cryptographic Provider"; int providerType = 24;
Type CspKeyContainerInfo_Type = typeof(CspKeyContainerInfo);
FieldInfo CspKeyContainerInfo_m_parameters = CspKeyContainerInfo_Type.GetField("m_parameters", BindingFlags.NonPublic | BindingFlags.Instance); CspParameters parameters = (CspParameters)CspKeyContainerInfo_m_parameters.GetValue(rsa.CspKeyContainerInfo);
var cspparams = new CspParameters(providerType, providerName, rsa.CspKeyContainerInfo.KeyContainerName); cspparams.Flags = parameters.Flags;
using (var rsaKey = new RSACryptoServiceProvider(cspparams)) { // use rsaKey now } } else { // Use rsa directly } }
https://blogs.msdn.microsoft.com/shawnfa/2008/08/25/using-rsacryptoserviceprovider-for-rsa-sha256-signatures/ http://stackoverflow.com/questions/7444586/how-can-i-sign-a-file-using-rsa-and-sha256-with-net http://stackoverflow.com/questions/5113498/can-rsacryptoserviceprovider-nets-rsa-use-sha256-for-encryption-not-signing http://stackoverflow.com/questions/31553523/how-can-i-properly-verify-a-file-using-rsa-and-sha256-with-net
Member Function Documentation
◆ GetDigestAlgorithmName()
|
inline |
Returns the digest algorithm.
- Returns
- The digest algorithm (e.g. "SHA-1", "SHA-256,...").
Implements iText.Signatures.IExternalSignature.
◆ GetSignatureAlgorithmName()
|
inline |
Returns the signature algorithm used for signing, disregarding the digest function.
- Returns
- The signature algorithm ("RSA", "DSA", "ECDSA", "Ed25519" or "Ed448").
Implements iText.Signatures.IExternalSignature.
◆ GetSignatureMechanismParameters()
|
inline |
Return the algorithm parameters that need to be encoded together with the signature mechanism identifier.
Return the algorithm parameters that need to be encoded together with the signature mechanism identifier. If there are no parameters, return null. A non-null value is required for RSASSA-PSS; see RSASSAPSSMechanismParams.
- Returns
- algorithm parameters
Implements iText.Signatures.IExternalSignature.
◆ Sign()
|
inline |
Signs the given message using the encryption algorithm in combination with the hash algorithm.
- Parameters
-
message The message you want to be hashed and signed.
- Returns
- A signed message digest.
Implements iText.Signatures.IExternalSignature.
