Re: Using the Public Key embedded in the Assembly?

From: roland (roland.demeester_at_skynet.be)
Date: 10/02/04

  • Next message: roland: "Re: Using the Public Key embedded in the Assembly?" 
    Date: Sat, 2 Oct 2004 15:33:46 +0200

    Nicole,
    Thanks for your reply.
    However, your idea is not workable: you are not signing the license file (or
    the digest) with your public key, but with the private key. The assembly is
    then verifying this signature with the (embedded) public key. So the public
    key in the assembly is of no use at that time. The issue is to retrieve the
    public key in the assembly, by the assembly (for instance in design mode),
    to verify the signature of the license and this happens on the machine of
    the licensee, where no csp container is created before.
    Regards,
    Roland

    "Nicole Calinoiu" <ngcalinoiu REMOVETHIS AT gmail DOT com> wrote in message
    news:OriTVN7pEHA.2864@TK2MSFTNGP12.phx.gbl...
    > Roland,
    >
    > Why are you using a different source (CSP vs assembly signature) for the
    > license signing and verification? Why not read the public key from your
    > control assembly (of which I'm guessing you have a copy <g>) when signing
    > the license file? This would at least give you a consistent value for the
    > key, so any remaining discrepancies would like with your signing and/or
    > verification code instead of the data.
    >
    > HTH,
    > Nicole
    >
    >
    > "roland" <roland.demeester@skynet.be> wrote in message
    > news:%23T1kkd4pEHA.3252@TK2MSFTNGP14.phx.gbl...
    > > L.S.
    > > I want to build-in a license scheme in my controls.
    > > The concept is to have the public key embedded im my assembly; a
    > > licenseprovider then retrieves this public key and uses it to verify the
    > > signature of the license file. The license file is unique to each
    > > licensee,
    > > so if the license file is going astray, I always can trace the source.
    > >
    > > This is how I implemented this:
    > >
    > > I used sn.exe to create an RSA keypair that I refer to in my assembly
    and
    > > I
    > > stored this key pair (via sn. exe -i) in a named csp container. This
    > > embeds
    > > the public key in my assembly. In my license file creation program I use
    > > an
    > > RSACryptographicProvider based on cspParameters from this named
    container.
    > > During execution I retrieve the public key from the assembly through
    > > [Assembly].GetExecutingAssembly().getName.getPublicKey. This gives me a
    > > byte
    > > array, 160 long. The problem is that the methods for verifying the
    > > signature
    > > in a signedXML document are using a RSACryptographicProvider and not
    this
    > > publicKey as a byte array. By browsing the user groups I found (was
    > > 'told')
    > > that I can retrieve the modulus and the exponent from this byte array:
    the
    > > exponent should be equal to the last 3 elements and the modulus should
    be
    > > 128 elements long and starting at 27th element.
    > > This should make it possible to create such a provider and use it to
    > > verify
    > > the signature.
    > > 'Create a new instance of RSACryptoServiceProvider.
    > > Dim _rsa As RSACryptoServiceProvider = New RSACryptoServiceProvider
    > > Dim _RSAKeyInfo As RSAParameters = New RSAParameters
    > > 'Set _RSAKeyInfo to the public key values.
    > > _RSAKeyInfo.Modulus = _modulus '(a byte array extracted from the
    > > publickey
    > > array)
    > > _RSAKeyInfo.Exponent = _exponent '(idem)
    > > 'Import key parameters into the provider.
    > > _rsa.ImportParameters(_RSAKeyInfo)
    > > ...
    > > return signedXml.CheckSignature(_rsa)
    > > But this doesn't work!
    > > When I extract the public key by using ToXMLString(False) in both cases,
    I
    > > get a totally different result for the public key: the modulus of the
    > > public
    > > key retrieved from the csp container is only some 88 characters long,
    > > while
    > > the one retrieved from the embedded public key in the assembly is some
    160
    > > characters long. Also the exponents are totally different (although
    their
    > > length is the same: 3).
    > >
    > > Obviously I am doing something wrong. Can anybody point me to the
    > > solution?
    > > Thanks in advance.
    > >
    > > Roland
    > >
    > >
    >
    >

  • Next message: roland: "Re: Using the Public Key embedded in the Assembly?"

    Relevant Pages

    • Re: About PGP Signing a File.
      ... I have a question regarding signing a file or binary, ... If you do send it to someone, they can check the signature to verify you ... You need to import his public key from a key server somewhere and add it ... IT Services Division, Kilburn Building, Oxford Road, Manchester M13 9PL. ...
      (Ubuntu)
    • Re: About PGP Signing a File.
      ... I have a question regarding signing a file or binary, ... signature to verify you sent it. ... You need to import his public key from a key server somewhere and add ... thorn in cryptographers' sides since cryptography was invented. ...
      (Ubuntu)
    • how to beautify gpg+mutt in freebsd
      ... what other options do i have for signing my messages? ... btw this is a signature right ... ... not the public key? ... unset pgp_autoencrypt ...
      (freebsd-questions)
    • Re: About PGP Signing a File.
      ... I have a question regarding signing a file or binary, ... If you do send it to someone, they can check the signature to verify you ... You need to use gpg to generate a key pair, ... You also need to make your public key available as recipients will need ...
      (Ubuntu)
    • Re: Using the Public Key embedded in the Assembly?
      ... assembly and to embed the public key in the assembly. ... When I send the assembly to a customer (together with the license file), ... and no csp container with such name and content exists on the machine of the ... > ImportCspBlob method on RSACryptoServiceProvider, ...
      (microsoft.public.dotnet.security)