stackoom
  简体   繁体   中英

Sign string with private key X509 certificate

 原文  2018-02-08 15:20:40       javascript/ c#/ rsa/ digital-signature/ sha256

Question

I have an X509 certificate in current user storage (Windows 10). What is the simplest approach to verifying a signature in JavaScript which was generated by RSACryptoServiceProvider in C# / .NET? I already have the C# method:

public static string GetSign(string data, AsymmetricAlgorithm privateKey)
 {
            var rsa = (RSACryptoServiceProvider)privateKey;            
            TextWriter textWriter = new StringWriter();
            CertifycateKeyHelper.ExportPrivateKey(rsa, textWriter);
            RSACryptoServiceProvider rsaClear = new RSACryptoServiceProvider();
            rsaClear.ImportParameters(rsa.ExportParameters(true));
            var signature = rsaClear.SignData(Encoding.UTF8.GetBytes(data), 
               new SHA256CryptoServiceProvider());
            return BytesToHex(signature);
 }

Also, how can I go the other direction, generate an RSA SHA256 signature javascript and verify it in C# with an instance of RSACryptoServiceProvider ?

1 answers

solution1
 2 ACCPTED  2018-02-11 16:31:09

First of all, you need a library to parse an X.509 certificate. Then you need a way to validate and verify the certificate or to trust it explicitly (certificate pinning). If you cannot trust the certificate and the public key within it then verifying the signature is moot; it won't enable you to trust the data signed with it.

Parsing, validating and verifying an X.509 certificate is not an easy task, which means that you cannot do without a library. If you can pin the certificate then you can get away with just retrieving the public key from it. You could also extract the public key using different means and pin (ie store) the public key itself.

After you've trusted the certificate you can extract the public key from it and perform the signature verification. Note that the M$ documentation sucks and doesn't specify the signature generation algorithm. It uses PKCS#1 v1.5 padding.

For signature generation, you need to transfer the private key in a secure fashion, parse the private key and then perform the signature generation.

StackOverflow is not here to do the work for you so I just provided the steps you need to follow.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Extract public key from certificate x509 NodeJS validate that a private key matches a X.509 certificate Verifying Docusign Connect Signature with X509 Certificate Call a WCF webservice with wsHttpbinding and x509 certificate with javascript or Jquery Using browser's certificate (private key) to sign some string in javascript x509 public key to JWK in web-workers environment Cannot Verify JWT Using x5c (x509) public Certificate Meteor.js connection to Mongo using X509 certificate auth How to use Javascript/JQuery make REST request with X509 certificate? How do I access the raw (or full) X509 Certificate in a Node.js web app
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM