Re: Use my your own HashAlgorithm Class

From: Shawn Farkas (shawnfa_at_online.microsoft.com)
Date: 03/23/04


Date: Tue, 23 Mar 2004 20:47:23 GMT

I see what you're trying to do. Rather than use the EncryptValue / DecryptValue methods (which RSACryptoServiceProvider doesn't support), use
the Encrypt and Decrypt methods.

For instance:

byte[] data = new byte[] { 0, 1, 2, 3, 4, 5 };
RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();
byte[] encrypted = rsa.Encrypt(data, false);

byte[] decrypted = rsa.Decrypt(encrypted, false);

-Shawn
http://blogs.msdn.com/shawnfa

-- 
This posting is provided "AS IS" with no warranties, and confers no rights.
Note:  For the benefit of the community-at-large, all responses to this message are best directed to the newsgroup/thread from which they 
originated.  
--------------------
>Date: Tue, 23 Mar 2004 16:46:13 +0100
>From: meno abels <meno.abels@adviser.com>
>User-Agent: Mozilla Thunderbird 0.5 (Windows/20040207)
>X-Accept-Language: en-us, en
>MIME-Version: 1.0
>Subject: Re: Use my your own HashAlgorithm Class
>References: <OvJn7Y$DEHA.3412@TK2MSFTNGP10.phx.gbl> <dZzONeHEEHA.756@cpmsftngxa06.phx.gbl>
>In-Reply-To: <dZzONeHEEHA.756@cpmsftngxa06.phx.gbl>
>Content-Type: text/plain; charset=us-ascii; format=flowed
>Content-Transfer-Encoding: 7bit
>Message-ID: <umOd23OEEHA.2640@TK2MSFTNGP09.phx.gbl>
>Newsgroups: microsoft.public.dotnet.security
>NNTP-Posting-Host: p213.54.80.1.tisdip.tiscali.de 213.54.80.1
>Lines: 1         
>Path: cpmsftngxa06.phx.gbl!TK2MSFTNGXS01.phx.gbl!TK2MSFTNGXA05.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP09.phx.gbl
>Xref: cpmsftngxa06.phx.gbl microsoft.public.dotnet.security:5506
>X-Tomcat-NG: microsoft.public.dotnet.security
>
>Hi Shawn,
>
>thanks for your answer it sounds like a hard way to reach the target. My idea to
>provide an very simple HashAlogrithm was that i want use the private key to encrypt
>a small amount of data which i can only decrypt with the publickey. Implicit this
>is done by SignHash, but I can't control the data which is encrypt by signhash it
>is every time a hash value but i want to put something different in it. With openssl
>there is no problem to encrypt any small data with the private key.
>I tried first to provide the private key to EncryptData and use the public key for
>DecryptData but this didn't worked. Is there an other possiblity to get any small data
>encrypted with the private key?
>
>Meno
>> Hi Meno,
>> 
>> 	Since you've gotten as far as the OID exception, I assume you already figured out how to setup machine.config so that the Crypto APIs 
>> recognize your algorithm.  You may have even figured out how to map new OIDs in machine.config.  However, the problem is a little deeper 
than 
>> that.  The RSACryptoServiceProvider class provides a thin wrapper around the RSA implementation provided by the crypto service provider 
>> (CSP) built into Windows.  Almost every method call you make to RSACryptoServiceProvider will translate into a call into Windows crypto API 
>> (CAPI), which results in a call into the CSP to do the actual work.
>> 	SignHash is one of those wrappers.  It doesn't actually do the work, CAPI does.  Since machine.config only affects .NET crypto, CAPI 
>> doesn't know about your new algorithm.  Assuming that you set up the OID mapping for your algorithm properly, RSACryptoServiceProvider 
gets 
>> as far as mapping your algorithm name into whichever OID you specify.  But CAPI doesn't work with OIDs directly, instead it works with algorithm 
>> identifiers.  Since CAPI will be doing the actual signing, RSACryptoServiceProvider goes ahead and asks CAPI for the algorithm identifier for 
the 
>> OID it got for your algorithm.  CAPI has no idea what this algorithm is, so it returns an error code, resulting in the exception you just mentioned.
>> 	CAPI does provide a way for you to extend its built in algorithms however.  You can call CryptRegisterOIDInfo (and CryptUnregisterOIDInfo 
>> to get rid of the mapping), to register an OID with CAPI.  Once you accomplish this, you're going to have to provide an algorithm id for this OID to 
>> map to.  Providing a new algorithm ID involves writing a custom CSP and plugging it into CAPI.
>> 	All in all there's quite a bit of work to get a custom hash algorithm to work with the CryptoServiceProvider classes.  If you're still interested in 
>> trying this all out, I'd start by looking up information on writing a custom CSP on MSDN.
>>  
>> -Shawn
>> http://blogs.msdn.com/shawnfa
>> 
>