Reputation: 24450
How do I digitally sign an HTTPS request in .net?
Is there a built in procedure to digitally sign an HTTPS request with client's SSL private key in .net? Also, is there a built in procedure to verify the digital signature against an SSL certificate? Or do I have to roll my own? Or is there a third party library?
The data that I want to sign is normal HTTP form request. For example I'm providing this address to deduct balance of a card:
https://myserver/deduction
The client will post an HTTP form to that address with data like card=1234567890123456, currency=1, amount=1000, etc. This data is the one I want my client to sign.
I need the request to be digitally signed because the client manipulates money, so I want to be sure that the request really comes from the client and that nobody tampers with the content of the request.
I'm also considering using SSL client certificate, but it can only provide confidentiality and authentication, but not data integrity.
Upvotes: 2
Views: 3188
Answers (1)
Reputation: 6916
There seems to be a whole example here with code how to do basic Digital Signature Implementation in C# http://tutorial.visualstudioteamsystem.com/details.aspx?item=134
var MySigner = new DSACryptoServiceProvider();
string publicKey;
using (var file = new FileStream(args[0], FileMode.Open, FileAccess.Read))
{
using (var reader = new BinaryReader(file))
{
var data = reader.ReadBytes((int)file.Length);
var signature = MySigner.SignData(data);
publicKey = MySigner.ToXmlString(false);
Console.WriteLine("Signature: " + Convert.ToBase64String(signature));
}
}
var verifier = new DSACryptoServiceProvider();
verifier.FromXmlString(publicKey);
using (var file = new FileStream(args[0], FileMode.Open, FileAccess.Read))
{
using (var reader = new BinaryReader(file))
{
byte[] data = reader.ReadBytes((int)file .Length);
if (verifier.VerifyData(data, signature))
Console.WriteLine("Signature");
else
Console.WriteLine("Signature is not verified");
}
}
Upvotes: 2
Related Questions
- Generate and Sign Certificate Request using pure .net Framework
- Signing data with private key in c#
- Digitally sign using client certificate in ASP.Net
- How to verify digital signature in C#
- Digital Signature in asp.net page
- verifying digital signature in c#
- How to get digital signature of the request (in two-way SSL)?
- Sign data in ASPX on client side
- C# Validate Signature
- Authenticating a Server with Digital Signatures