stackoom
  简体   繁体   中英

How to verify data against signature with public key that uses sha1ecdsa?

 原文  2015-05-07 11:08:19       c#/ .net/ c#-4.0/ cryptography/ ecdsa

Question

Knowing little about cryptography I have great problems with what seems to be a simple task.

I have .pem certificate, bytes of data, and signature of that data. I want to check if someone changed the data by matching it against signature.

My try: 

private bool VerifySignature(byte[] data, byte[] signature)
{
  try
  {
    X509Certificate certificate = new X509Certificate("cert_filename.pem");
    if (certificate == null)
      return false;

    DSACryptoServiceProvider dsa = (DSACryptoServiceProvider)certificate.PublicKey.Key;

    return dsa.VerifyData(data, signatureData);
  }
  catch
  {
    return false;
  }
}

But it gives me an error

'Algorithm of certificates key is not supported' (System.NotSupportedException).

Looking into loaded certificate it says that the signature algorithm is 'sha1ecdsa'.

I am trying only to verify data against signature. What am I missing here? I would like to do it without any external solutions as it seems to be really trivial task.

Update: I am trying to achieve same functionality as in below Java code: 

private boolean verify(byte[] data, byte[] signature)
{
  boolean isLicenseCorrect = false;

  Signature sig = Signature.getInstance("SHA1WithECDSA");
  sig.initVerify(certificate.getPublicKey());
  sig.update(data);

  return sig.verify(signature);
}

2 answers

solution1
 6  2015-05-09 21:41:22

Although DSA and ECDSA are related, they are not the same. Why not try ECDsaCryptoServiceProvider ? Note that the ECDSA support for Elliptic Curves only includes NIST named curves.

solution2
 0  2016-07-01 01:06:07

.NET 4.6.1 added improved support for ECDSA. While I'm not a fan of your catch-everything-and-return-false, I'll keep it here for comparison: 

private bool VerifySignature(byte[] data, byte[] signature)
{
    try
    {
        // new cannot return null, so no point in a null check. It would have thrown.

        using (X509Certificate certificate = new X509Certificate("cert_filename.pem"))
        using (ECDsa ecdsa = certificate.GetECDsaPublicKey())
        using (RSA rsa = certificate.GetRSAPublicKey())
        // Improved DSA is 4.6.2
        {
            // You said the cert was ECDSA-SHA1, but that doesn't mean the original data was.
            // I assumed it was.
            if (ecdsa != null)
                return ecdsa.VerifyData(data, signature, HashAlgorithmName.SHA1);

            if (rsa != null)
                return rsa.VerifyData(data, signature, HashAlgorithmName.SHA1, RSASignaturePadding.Pkcs1);

            return false;
        }
    }
    catch
    {
        return false;
    }
}

Note that in .NET 4.6 the RSA base class has the Sign/Verify methods defined, and in 4.6.1 the ECDsa base class got a similar treatment. New code shouldn't talk about the *CryptoServiceProvider types unless loading pre-existing named keys.

It's also worth noting that the Get[Algorithm]PublicKey methods return null when the public key isn't of that algorithm type, so a null-check is warranted.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to sign and verify an ECDSA with SHA256 signature in C# How to verify ECDSA signature in ASN.1 format and public key in DER using BouncyCastle? ECDSA Verify Signature in C# using public key and signature from Java In C# How to verify JWT using ECDSA public key which was signed with ECDSA private key How to Verify Signature, Loading PUBLIC KEY From PEM file? How to verify a signature with a public key provided in .pem File? How to Verify Signature, Loading PUBLIC KEY From CRT file? Verify signature with public key only (C#) How to pair a ECDSA public key to it's private key Verify BouncyCastle ECDsa signature with .NET libraries ECDsaCng
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM