RE: Encrypt string using SHA1withDSA and X509 certificate
- From: stcheng@xxxxxxxxxxxxxxxxxxxx (Steven Cheng[MSFT])
- Date: Fri, 19 Jan 2007 05:57:26 GMT
Hello Michel,
From your description, you're wondering hwo to use .net framework code tocreate digital signature through SHA1-DSA algorithm, and you want to use
the security keys from a X509certificate, correct?
Based on my research, for the task you want to finish, you need to follow
these steps:
1. Make sure your x509 certificate's signature algorithm is the correct
one(DSA-SHA1)
2. make sure the X509 certificate is installed in a certain certificate
store on your machine and contains the private key.
In your .net code, if you're using .net 2.0, simply use the X509Store class
to locate the certificate and use its PrivateKey(the DSAcrypto provider) to
perform the digital signing. Here is a test codesnippet:
=============================
private void btnSign_Click(object sender, EventArgs e)
{
string tp;
tp = "00 56 30 74 da 19 c6 4b 20 c9 76 98 6c 72 8b f2 49 e2 c2
bb"; //Thumbprint of the certificate
X509Store store = new X509Store(StoreName.My,
StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly);
X509Certificate2Collection certs =
store.Certificates.Find(X509FindType.FindByThumbprint, tp, false);
X509Certificate2 dsauser = certs[0];
store.Close();
DSACryptoServiceProvider dsa = dsauser.PrivateKey as
DSACryptoServiceProvider;
if (dsa != null)
{
string plaintext = "123456";
byte[] hashedtext =
SHA1.Create().ComputeHash(Encoding.UTF8.GetBytes(plaintext));
byte[] signature = dsa.CreateSignature(hashedtext);
MessageBox.Show("signature: " +
Convert.ToBase64String(signature));
MessageBox.Show("Signature Isvalid: " +
dsa.VerifySignature(hashedtext, signature));
}
}
==============================
#My test certificate is created through windows certificate services.
Hope this helps.
Sincerely,
Steven Cheng
Microsoft MSDN Online Support Lead
==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.
Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
.
- Follow-Ups:
- RE: Encrypt string using SHA1withDSA and X509 certificate
- From: Michel Smit
- RE: Encrypt string using SHA1withDSA and X509 certificate
- Prev by Date: Web Service Security
- Next by Date: Re: RedirectFromLoginPage wont redirect
- Previous by thread: Web Service Security
- Next by thread: RE: Encrypt string using SHA1withDSA and X509 certificate
- Index(es):
Relevant Pages
|
