Re: Using private keys to sign hash

From: Erick Daniel Tinajero (etinajero_at_quimera.org)
Date: 11/26/04

  • Next message: Nicole Calinoiu: "Re: Using private keys to sign hash" 
    Date: Fri, 26 Nov 2004 07:17:30 -0600

    I am currently trying to do this:

    Dim store As Microsoft.Web.Services2.Security.X509.X509CertificateStore =
    Microsoft.Web.Services2.Security.X509.X509CertificateStore.CurrentUserStore(Microsoft.Web.Services2.Security.X509.X509CertificateStore.MyStore)

    store.Open()

    Dim cert As Microsoft.Web.Services2.Security.X509.X509Certificate =
    store.Certificates(0)

    Dim RSA As System.Security.Cryptography.RSA = cert.Key

    Dim Crypt As New
    System.Security.Cryptography.RSAPKCS1SignatureFormatter(RSA)

    Dim hash As New System.Security.Cryptography.MD5CryptoServiceProvider()

    Dim hashed As Byte()

    Dim Cypher As Byte()

    Dim enc As System.Text.Encoding

    hashed = hash.ComputeHash(enc.ASCII.GetBytes("Hi"))

    Crypt.SetHashAlgorithm("MD5")

    Cypher = Crypt.CreateSignature(hashed)

    Everything goes fine until the last line, when it throws an 'DecryptValue'
    not supported exception. Any clues? Thank you.

    "Erick Daniel Tinajero" <etinajero@quimera.org> wrote in message
    news:ONdMmhz0EHA.2196@TK2MSFTNGP14.phx.gbl...
    > Thanks for the answer, Nicole:
    >
    > I need to do a PKCS#1 RSA sign to a MD5 hash. That's all. To accomplish
    > it, I have a certificate and private key generated by a tool that I didn't
    > develop, using OpenSSL functions. I was told that a private key without
    > the CRYPT_EXPORTABLE property cannot be used for such procedure in .NET,
    > but I didn't make it work with a private key generated with that property
    > (made by me) either.
    >
    > I already figured it out that I need to assign the private key to the
    > RSACryptoServiceProvider without "extracting" it, because then the
    > exception is raised. But I don't know how to accomplish it. This is my
    > scenario:
    >
    > .PFX File --> Certificate Store -- > X509CertificateStore -->
    > X509Certificate
    > --> RSA --> RSACryptoServiceProvider.Sign
    >
    > Either from the file or from the Certificate Store, I need to retrieve the
    > private key and then do the sign. I don't find it very complicated but I
    > don't know how to make it work in the code. Any ideas would be greatly
    > appreciated.
    >
    > "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> escribió en el
    > mensaje news:eCOC99x0EHA.2824@TK2MSFTNGP09.phx.gbl...
    >> Erick,
    >>
    >> The
    >> Microsoft.Web.Services2.Security.Cryptography.RSACryptoServiceProvider.ExportParameters()
    >> method does not allow export of the private key, regardless of what the
    >> documentation and the presence of the includePrivateParameters argument
    >> might lead you to believe. You'll need to some other approach to use the
    >> certificate private information to generate the desired signature.
    >> Someone may be able to help with this if you provide more complete
    >> details concerning your signing scenario.
    >>
    >> HTH,
    >> Nicole
    >>
    >>
    >>
    >> "Erick Daniel Tinajero" <etinajero@quimera.org> wrote in message
    >> news:OKZs$sP0EHA.392@TK2MSFTNGP12.phx.gbl...
    >>>
    >>> Hi there:
    >>>
    >>> I am trying to export (use) a private key from the certificate store to
    >>> sign a
    >>> hash. But I am getting the error:
    >>> Export of private parameters is not supported
    >>>
    >>> I have this:
    >>>
    >>> Dim store =
    >>> Microsoft.Web.Services2.Security.X509.X509CertificateStore.LocalMachineStore(Microsoft.Web.Services2.Security.X509.X509CertificateStore.MyStore)
    >>> store.OpenRead
    >>> Dim cert as Microsoft.Web.Services2.Security.X509.X509Certificate =
    >>> store.Certificates(0)
    >>> Dim RSA as RSA = Cert.Key
    >>> Dim RSAParams as RSAParameters = Cert.Key.ExportParameters(True)
    >>>
    >>> The exception happens when the last line executes. I guess its a
    >>> permission
    >>> problem, but I can't figure it out the solution. Can anyone help me?
    >>> Thanks.
    >>>
    >>>
    >>>
    >>>
    >>
    >>
    >
    >

  • Next message: Nicole Calinoiu: "Re: Using private keys to sign hash"

    Relevant Pages

    • Re: LDAP and SASL
      ... Getting client certficates to work under ASP.NET is a bit of PITA because ... The private key needs to be ... What I would suggest doing would be to export the certificate and private ... >>> Dim searcherLdap As New DirectorySearcher ...
      (microsoft.public.dotnet.framework.aspnet.security)
    • ECDsaCng elliptic curve class exception on import of private key
      ... I was playing around with the new ECDsaCng elliptic curve class of the ... importing a previously exported private key. ... Dim bSignature() As Byte ...
      (microsoft.public.dotnet.security)
    • Re: Sign hash with public key
      ... You can encrypt with public key and decrypt with private. ... You can sign with private key and verify with public. ... Dim AlgHash As HashAlgorithm = HashAlgorithm.Create ...
      (microsoft.public.dotnet.security)
    • Re: 512 bit encryption with RSACryptoServiceProvider results in "Bad Key"
      ... Both these tests will get a Machine Certificate and then Encrypt and Decrypt ... "Private Key" to encrypt and "Public Key" to decrypt, ... Dim CAPI_Store As New CAPICOM.Store ...
      (microsoft.public.dotnet.security)
    • private key crypto on form post data
      ... I need to find a way to encode a form post element with a private key, ... then can be decoded using that same private key using ASP. ... get back the encoded data as well as being able to pass in the encoded data ... DIM myData, X ...
      (microsoft.public.inetserver.asp.general)