Decrypt DSA signature

davetunnicliff_at_gmail.com
Date: 07/14/05 

Date: 14 Jul 2005 01:39:06 -0700

Hi,

Any help on this would be gratefully received as I just don't seem to
be getting anywhere with it!!

I am developing an Asp.Net c# email application that runs alongside a
Java application. The Java application passes the email application a
query string containing all the necessary contact information the email
needs. The Java application passes a signature on the end of the query
string of the url which needs to be verified when the c# email app
receives the information to ensure it has come from the correct source
(i.e. stop spamming and unauthorised use of the email app).

The url appears as:
http://www.address.here/appname/page.aspx?key1=value1&key2=value2&sig=digitalsighere

where the signature has been created to sign the
key1=value1&key2=value2 section of the url.

The Java app uses DSA/SHA1 to create the signature and then base64 for
character encoding when passing it across. A certificate was also
created by the java guys which hold the public key.

So I receive the query string and strip it down so I have the digital
signature and the key value pairs which the signature is signing. I
install the certificate and then i have adopted a P/Invoke method to
retrieve the public key out of the certificate. I then take the
signature and put it in a byte array after converting it from base64. I
then take the key1=value1&key2=value2 section of the url and convert it
into bytes, then hash it using sha1. (If this is incorrect up to this
stage please someone point out my errors :o) )

A lot of examples of this seem to say:
"Upon receiving the message and signature, the receiver decrypts the
signature using the sender's public key to recover the message digest
and hashes the message using the same hash algorithm that the sender
used"
^-taken from msdn library DSACryptoServiceProvider Class

My question is, how to i decrypt the signature using the public key in
DSA? I can't seem to find any help or examples on how to do this using
DSA anywhere..

Thanks for any help in advance
Dave Tunnicliff

Relevant Pages

  • Re: Can java.util.Properties store binary data
    ... that the entries should be in order, ... also be able to store binary data(ie public key and digital signature). ... Java comes with a key store for digital signatures. ...
    (comp.lang.java.programmer)
  • Re: Soft signatures
    ... now, digital signature, typically just represents that you (in ... For some time there were arguments that if a certificate contained the ... certificate with your public key and the non-repudiation flag in it. ... for a number of different business purposes. ...
    (sci.crypt)
  • Re: PGPsigs: the Choice of Con Artists
    ... They can insist whatever they want to insist but if I trust none of them ... You seem to have two problems: one is that you don't like the PGP signature ... signature or break public key encryption. ...
    (comp.os.linux.misc)
  • [PATCH 5/6] MODSIGN: Module signature checker and key manager
    ... given a signature and crypto_hash of the data that was signed. ... new file mode 100644 ... * GNU General Public License for more details. ... * handle a public key element parsed from the keyring blob ...
    (Linux-Kernel)
  • Re: HMAC-MD5 shown not compromized by MD5 collisions
    ... If the signature scheme first enters ... other one with neither signature changed, as in practice MD5 and SHA1 ... PGP seems to hash the public key as submitted. ... If the attacker is to inject meaningful data where the messages ...
    (sci.crypt)