Reputation: 33
Using a pre-existing private key to sign file to create a certificate (C#)
I have read round all the articles on StackOverflow and while a lot of them come close to the solution I want, none appear to work.
I simply want to take an existing private key to create a signature of a piece of data. This then becomes part of a data file which includes a header describing the parameters used. Next comes the signed version of a datafile, lastly the datafile itself (a hex file). Concatentation of files is not the issue, generating a certificate using the private and public key pairs I have is. The keys are of the format ("-----BEGIN PRIVATE KEY-----") I can generate signature files easily enough from scratch, but the software that will read the final file is expecting a 256 bye signature, whereas mine (using RSA-256) is only producing 32 byte signatures. It only has access to the public key for decryption and validation of the file signature.
I have come up across a number of errors such as keysets not being valid, not existing, the ComputeHash function not working and causing a crash. I suspect I need to provide more information to my RSACryptographicService through CSPParameters but am not sure what is necessary and sufficient to do so. I would like to avoid digging into the mathematics behind the algorithm such as manually setting/reading the modulus / P/Q values etc. Can anyone propose a simple way to do this or tell me where I am going wrong? Code is available on request.
Upvotes: 1
Views: 1100
Answers (1)
Reputation: 140
The comments you are getting saying 256-byte signature is too long are absurd. Ignore those.
256 bit (32 bytes) would be a very small signature, that cannot be correct. I believe what you're actually looking for is 2048-bit (256-byte) RSA signatures. Those are more sensible by today's standards (though a step larger doesn't hurt).
In terms of importing your key, and not setting key components manually, you should look into "PEM" format RSA keys. There are several nuget packages out there to handle them. Otherwise you can strip the header/footer and decode the base64 yourself and import the key components with some of the built in X509 classes.
.NET does not natively support PEM format keys, and as such, I recommend using a reputable crypto library such as BouncyCastle, as they support PEM key parsing in their RSA algorithms.
This existing stackoverflow link describes how to import keys in BouncyCastle: Reading PEM RSA Public Key Only using Bouncy Castle
Upvotes: 3
Related Questions
- RSA private key encryption
- How to load the RSA public key from file in C#
- Signing data with RSA key
- Sign document using RSA
- Create RSACryptoServiceProvider object using RSA private key file in C#
- Sign a file with a X509Certificate2 and private key
- Install a cert with a private key
- Using a previously generated RSA public/private key with the .net framework
- Storing RSA private key in file
- Sign a file using a private key in .NET