Reputation: 123
SignedData giving Invalid algorithm specified.exception
I tried to sign and valid my signed data using myCert.pfx file private and public key. But while signing the data I am getting " Invalid algorithm specified." exception
.Net framework we are using is 4.5 and the code is as below
public static void CallMainMethod()
{
string str = "Sign and verify the data";
X509Certificate2 certificate = LoadPrivateKey();
byte[] hashBytes = GetDataHash(str);
byte[] signature = GetDigitalSignature(hashBytes);
}
private static X509Certificate2 LoadPrivateKey()
{
return new X509Certificate2(@"d:\Keys\myCert.pfx", "Pass#@123");
}
private static byte[] GetDataHash(string sampleData)
{
//choose any hash algorithm
SHA256Managed managedHash = new SHA256Managed();
return managedHash.ComputeHash(Encoding.Unicode.GetBytes(sampleData));
}
private static byte[] GetDigitalSignature(byte[] data)
{
X509Certificate2 certificate = LoadPrivateKey();
RSACryptoServiceProvider provider = (RSACryptoServiceProvider)certificate.PrivateKey;
return provider.SignHash(data, "SHA256");
}
Upvotes: 1
Views: 1376
Answers (2)
Reputation: 33178
While @Crypt32 gave the best answer (upgrade to .NET Framework 4.6 or better and use GetRSAPrivateKey() and the better version of SignData -- it's been out over 4 years at this point), if you really need to stay on net45, your easiest answer is to open the PFX with X509KeyStorageFlags.Exportable and copy the key into a better provider.
return new X509Certificate2(@"d:\Keys\myCert.pfx", "Pass#@123", X509KeyStorageFlags.Exportable);
...
RSA legacyProv = (RSA)certificate.PrivateKey;
RSACryptoServiceProvider provider = new RSACryptoServiceProvider();
provider.ImportParameters(legacyProv.ExportParameters(true));
return provider.SignHash(data, "SHA256");
Upvotes: 0
Reputation: 13974
I believe that legacy RSACryptoServiceProvider doesn't support SHA2 algorithms. Rewrite last method as follows:
private static byte[] GetDigitalSignature(byte[] data)
{
X509Certificate2 certificate = LoadPrivateKey();
RSA provider = certificate.GetRSAPrivateKey();
return provider.SignHash(data, "SHA256", RSASignaturePadding.Pkcs1);
}
This style is preferred as of .NET Framework 4.6 and above (@bartonjs, please correct me if I'm wrong in regards to .NET version).
Upvotes: 1
Related Questions
- error Keyset does not exist when I want to Use for sign data in c#
- Why does self signed PFX X509Certificate2 private key raise a NotSupportedException?
- X509Certificate2 with Private Key signing data using SHA256withRSA
- Unable to sign data in .Net Core 2.1 - exception "Could not determine signature algorithm for the signer certificate" appears
- Invalid algorithm while creating rsa-sha512 signature
- IDX10634: Unable to create the SignatureProvider SignatureAlgorithm: 'SHA256',
- AccessDeniedException X509Certificates C#
- Signing data using a p12 / pfx file in .Net - An internal certificate chaining error has occurred
- Verifying Signature - What is causing the "Signature not valid" error?
- Cannot validate the signature with X509Certificate2