Reputation: 6049
RSASSA-PSS in C#
Does anyone know which signature algorithm is used for RSACryptoServiceProvider.SignHash? I believe it is RSAPKCS1, is that still secure?
Does anyone have an idea of configuring RSASSA-PSS as the signature algorithm for the RSACryptoServiceProvider without using some third-party library like BouncyCastle?
Thanks in advance.
Upvotes: 7
Views: 5028
Answers (1)
Reputation: 33256
RSACryptoServiceProvider can only do PKCS-1 signatures.
In .NET 4.6 a new set of methods was added on the RSA base class which added an RSASignaturePadding parameter. The RSACng class can do RSASSA-PSS via the RSASignaturePadding.Pss value (PSS with MGF-1, MGF digest and PSS digest are both the message digest, and the salt size is the digest size).
.NET 4.6 also added better type-safety to getting keys from certificates, and the new approaches will most likely return RSACng:
using (RSA privateKey = cert.GetRSAPrivateKey())
{
return privateKey.SignHash(hash, HashAlgorithmName.SHA256, RSASignaturePadding.Pss);
}
Upvotes: 2
Related Questions
- RSA signature Java to C#
- validating rsa signature from C# in java
- Signing data with RSA key
- .net RSA sign data error with PSS padding
- RSA Signing with .Net and verifying with OpenSSL command
- Signing and verifying signatures with RSA C#
- Implementing RSA in C#
- Using RSA in C#
- RSA Cryptography in c#
- C# RSA Cryptographic Algorithm