iText 9.0.0 API
iText.Signatures.AsymmetricAlgorithmSignature Class Reference

This class allows you to sign with either an RSACryptoServiceProvider/DSACryptoServiceProvider from a X509Certificate2, or from manually created RSACryptoServiceProvider/DSACryptoServiceProvider. Depending on the certificate's CSP, sometimes you will not be able to sign with SHA-256/SHA-512 hash algorithm with RSACryptoServiceProvider taken directly from the certificate. This class allows you to use a workaround in this case and sign with certificate's private key and SHA-256/SHA-512 anyway. More...

Inheritance diagram for iText.Signatures.AsymmetricAlgorithmSignature:
iText.Signatures.IExternalSignature

Public Member Functions

  AsymmetricAlgorithmSignature (RSACryptoServiceProvider algorithm, String digestAlgorithm)
 
  AsymmetricAlgorithmSignature (DSACryptoServiceProvider algorithm)
 
ISignatureMechanismParams  GetSignatureMechanismParameters ()
  Return the algorithm parameters that need to be encoded together with the signature mechanism identifier. More...
 
byte[]  Sign (byte[] message)
  Signs the given message using the encryption algorithm in combination with the hash algorithm. More...
 
string  GetDigestAlgorithmName ()
  Returns the digest algorithm. More...
 
string  GetSignatureAlgorithmName ()
  Returns the signature algorithm used for signing, disregarding the digest function. More...
 

Detailed Description

This class allows you to sign with either an RSACryptoServiceProvider/DSACryptoServiceProvider from a X509Certificate2, or from manually created RSACryptoServiceProvider/DSACryptoServiceProvider. Depending on the certificate's CSP, sometimes you will not be able to sign with SHA-256/SHA-512 hash algorithm with RSACryptoServiceProvider taken directly from the certificate. This class allows you to use a workaround in this case and sign with certificate's private key and SHA-256/SHA-512 anyway.

An example of a workaround for CSP that does not support SHA-256/SHA-512: if (certificate.PrivateKey is RSACryptoServiceProvider) {
RSACryptoServiceProvider rsa = (RSACryptoServiceProvider)certificate.PrivateKey;

// Modified by J. Arturo // Workaround for SHA-256 and SHA-512

if (rsa.CspKeyContainerInfo.ProviderName == "Microsoft Strong Cryptographic Provider" || rsa.CspKeyContainerInfo.ProviderName == "Microsoft Enhanced Cryptographic Provider v1.0" || rsa.CspKeyContainerInfo.ProviderName == "Microsoft Base Cryptographic Provider v1.0") { string providerName = "Microsoft Enhanced RSA and AES Cryptographic Provider"; int providerType = 24;

Type CspKeyContainerInfo_Type = typeof(CspKeyContainerInfo);

FieldInfo CspKeyContainerInfo_m_parameters = CspKeyContainerInfo_Type.GetField("m_parameters", BindingFlags.NonPublic | BindingFlags.Instance); CspParameters parameters = (CspParameters)CspKeyContainerInfo_m_parameters.GetValue(rsa.CspKeyContainerInfo);

var cspparams = new CspParameters(providerType, providerName, rsa.CspKeyContainerInfo.KeyContainerName); cspparams.Flags = parameters.Flags;

using (var rsaKey = new RSACryptoServiceProvider(cspparams)) { // use rsaKey now } } else { // Use rsa directly } }

https://blogs.msdn.microsoft.com/shawnfa/2008/08/25/using-rsacryptoserviceprovider-for-rsa-sha256-signatures/ http://stackoverflow.com/questions/7444586/how-can-i-sign-a-file-using-rsa-and-sha256-with-net http://stackoverflow.com/questions/5113498/can-rsacryptoserviceprovider-nets-rsa-use-sha256-for-encryption-not-signing http://stackoverflow.com/questions/31553523/how-can-i-properly-verify-a-file-using-rsa-and-sha256-with-net

Member Function Documentation

◆ GetDigestAlgorithmName()

string iText.Signatures.AsymmetricAlgorithmSignature.GetDigestAlgorithmName ( )
inline

Returns the digest algorithm.

Returns
The digest algorithm (e.g. "SHA-1", "SHA-256,...").

Implements iText.Signatures.IExternalSignature.

◆ GetSignatureAlgorithmName()

string iText.Signatures.AsymmetricAlgorithmSignature.GetSignatureAlgorithmName ( )
inline

Returns the signature algorithm used for signing, disregarding the digest function.

Returns
The signature algorithm ("RSA", "DSA", "ECDSA", "Ed25519" or "Ed448").

Implements iText.Signatures.IExternalSignature.

◆ GetSignatureMechanismParameters()

ISignatureMechanismParams iText.Signatures.AsymmetricAlgorithmSignature.GetSignatureMechanismParameters ( )
inline

Return the algorithm parameters that need to be encoded together with the signature mechanism identifier.

Return the algorithm parameters that need to be encoded together with the signature mechanism identifier. If there are no parameters, return null. A non-null value is required for RSASSA-PSS; see RSASSAPSSMechanismParams.

Returns
algorithm parameters

Implements iText.Signatures.IExternalSignature.

◆ Sign()

byte [] iText.Signatures.AsymmetricAlgorithmSignature.Sign ( byte[]  message )
inline

Signs the given message using the encryption algorithm in combination with the hash algorithm.

Parameters
message The message you want to be hashed and signed.
Returns
A signed message digest.

Implements iText.Signatures.IExternalSignature.