Re: Use my your own HashAlgorithm Class
From: Shawn Farkas (shawnfa_at_online.microsoft.com)
Date: 03/23/04
- Next message: Joe Kaplan \(MVP - ADSI\): "Re: Windows Auth -- double hop issue??"
- Previous message: Shawn Farkas: "RE: How to display Network login Window ???"
- In reply to: meno abels: "Re: Use my your own HashAlgorithm Class"
- Next in thread: meno abels: "Re: Use my your own HashAlgorithm Class"
- Reply: meno abels: "Re: Use my your own HashAlgorithm Class"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 23 Mar 2004 20:47:23 GMT
I see what you're trying to do. Rather than use the EncryptValue / DecryptValue methods (which RSACryptoServiceProvider doesn't support), use
the Encrypt and Decrypt methods.
For instance:
byte[] data = new byte[] { 0, 1, 2, 3, 4, 5 };
RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();
byte[] encrypted = rsa.Encrypt(data, false);
byte[] decrypted = rsa.Decrypt(encrypted, false);
-Shawn
http://blogs.msdn.com/shawnfa
-- This posting is provided "AS IS" with no warranties, and confers no rights. Note: For the benefit of the community-at-large, all responses to this message are best directed to the newsgroup/thread from which they originated. -------------------- >Date: Tue, 23 Mar 2004 16:46:13 +0100 >From: meno abels <meno.abels@adviser.com> >User-Agent: Mozilla Thunderbird 0.5 (Windows/20040207) >X-Accept-Language: en-us, en >MIME-Version: 1.0 >Subject: Re: Use my your own HashAlgorithm Class >References: <OvJn7Y$DEHA.3412@TK2MSFTNGP10.phx.gbl> <dZzONeHEEHA.756@cpmsftngxa06.phx.gbl> >In-Reply-To: <dZzONeHEEHA.756@cpmsftngxa06.phx.gbl> >Content-Type: text/plain; charset=us-ascii; format=flowed >Content-Transfer-Encoding: 7bit >Message-ID: <umOd23OEEHA.2640@TK2MSFTNGP09.phx.gbl> >Newsgroups: microsoft.public.dotnet.security >NNTP-Posting-Host: p213.54.80.1.tisdip.tiscali.de 213.54.80.1 >Lines: 1 >Path: cpmsftngxa06.phx.gbl!TK2MSFTNGXS01.phx.gbl!TK2MSFTNGXA05.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP09.phx.gbl >Xref: cpmsftngxa06.phx.gbl microsoft.public.dotnet.security:5506 >X-Tomcat-NG: microsoft.public.dotnet.security > >Hi Shawn, > >thanks for your answer it sounds like a hard way to reach the target. My idea to >provide an very simple HashAlogrithm was that i want use the private key to encrypt >a small amount of data which i can only decrypt with the publickey. Implicit this >is done by SignHash, but I can't control the data which is encrypt by signhash it >is every time a hash value but i want to put something different in it. With openssl >there is no problem to encrypt any small data with the private key. >I tried first to provide the private key to EncryptData and use the public key for >DecryptData but this didn't worked. Is there an other possiblity to get any small data >encrypted with the private key? > >Meno >> Hi Meno, >> >> Since you've gotten as far as the OID exception, I assume you already figured out how to setup machine.config so that the Crypto APIs >> recognize your algorithm. You may have even figured out how to map new OIDs in machine.config. However, the problem is a little deeper than >> that. The RSACryptoServiceProvider class provides a thin wrapper around the RSA implementation provided by the crypto service provider >> (CSP) built into Windows. Almost every method call you make to RSACryptoServiceProvider will translate into a call into Windows crypto API >> (CAPI), which results in a call into the CSP to do the actual work. >> SignHash is one of those wrappers. It doesn't actually do the work, CAPI does. Since machine.config only affects .NET crypto, CAPI >> doesn't know about your new algorithm. Assuming that you set up the OID mapping for your algorithm properly, RSACryptoServiceProvider gets >> as far as mapping your algorithm name into whichever OID you specify. But CAPI doesn't work with OIDs directly, instead it works with algorithm >> identifiers. Since CAPI will be doing the actual signing, RSACryptoServiceProvider goes ahead and asks CAPI for the algorithm identifier for the >> OID it got for your algorithm. CAPI has no idea what this algorithm is, so it returns an error code, resulting in the exception you just mentioned. >> CAPI does provide a way for you to extend its built in algorithms however. You can call CryptRegisterOIDInfo (and CryptUnregisterOIDInfo >> to get rid of the mapping), to register an OID with CAPI. Once you accomplish this, you're going to have to provide an algorithm id for this OID to >> map to. Providing a new algorithm ID involves writing a custom CSP and plugging it into CAPI. >> All in all there's quite a bit of work to get a custom hash algorithm to work with the CryptoServiceProvider classes. If you're still interested in >> trying this all out, I'd start by looking up information on writing a custom CSP on MSDN. >> >> -Shawn >> http://blogs.msdn.com/shawnfa >> >
- Next message: Joe Kaplan \(MVP - ADSI\): "Re: Windows Auth -- double hop issue??"
- Previous message: Shawn Farkas: "RE: How to display Network login Window ???"
- In reply to: meno abels: "Re: Use my your own HashAlgorithm Class"
- Next in thread: meno abels: "Re: Use my your own HashAlgorithm Class"
- Reply: meno abels: "Re: Use my your own HashAlgorithm Class"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
