Re: Reading Public/private key from a Digital certificate
- From: "Mitch Gallant" <jensigner@xxxxxxxxxxxxxxxx>
- Date: Thu, 20 Apr 2006 07:00:30 -0400
If you are talking about a basic PKCS 1 v1.5 signature (the raw signed
hash), then you could use this approach:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/frlrfsystemsecuritycryptographyrsapkcs1signatureformatterclasstopic.asp
where you need to use the certificate information to instantiate that RSA.
In .NET 1.1 you can get the certifcate and associated private key
information using P/Invoke using approaches like this:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dncapi/html/encryptdecrypt2a.asp
Alternately, 3rd party .NET library solutions are available also.
If you want to create a CMS/PKCS #7 signature instead (which encapsulates a
pkcs 1 with extra information, attributes etc.) then in .NET 1.1 you would
need to P/Invoke to the corresponding CryptSignMessage capi fns, or use
BouncyCastle C# port:
http://bouncycastle.org/csharp/index.html
But the best solution would be to upgrade to .NET 2 and use the good support
there for PKCS #7 (signatures, enveloped data etc.)
Cheers,
- Mitch Gallant
MVP Security
"vivek" <vivek@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:73C82DCE-1024-41D3-84A6-BA58E6B023D1@xxxxxxxxxxxxxxxx
Thanks Mitch,
Currenly I am using .NET 1.1,
Can you please tell me how to digitally sign a document with digital
certificate,
digital certificate is stored in any systems repository.
Waiting for reply.
"Mitch Gallant" wrote:
Well unfortunately .NET 2 doesn't (yet) have an overloaded
RSACryptoServiceProvider constructor which takes an X509Certificate so
unless I'm missing something, you need to do a bit of extra work. Some
options are:
(1) find out the keycontainer name and keytype that your installed (in
Microsoft CU MY store say) certificate uses. Then use that information to
create an CspParameters instance. Then use
RSACryptoServiceProvider(CspParameters) to instantiate that RSA and
sign/verify to suite your taste. Here is a .NET 2 tool to help you find
out
the keycontainer name :
http://www.jensign.com/KeyPal
(2) If you have a CryptoAPI PRIVATEKEYBLOB (or PUBLICKEYBLOB if you only
need to verify a signature given a certificate) associated with the
certificate you want to sign with, then you can use RSA.ImportCspBlob
using
the byte[] for that PRIVATEKEYBLOB.
(3) Nastiest approach is somehow get the private key parts (Modulus, E,
D,
P, Q, DP, DQ, IQ), create an RSAParameters instance initialized with
these
byte[] data, and then use
RSACryptoServiceProvider.ImportParameters(RSAParameters).
There are probably other ways too. Would be nice to have a nice
transparent
:
RSACryptoServiceProvider(X509Certificate2 .. )
constructor.
- Mitch Gallant
MVP Security
www.jensign.com
"vivek" <vivek@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:ED040707-A27A-4984-89FE-82963A14CCE8@xxxxxxxxxxxxxxxx
Friends,
How to read the key to digital sign your data and later to validate the
digitally sign data.
for that sake we need to first extract private key and public key from
the
digital certificate.
Please advice how to proceed.
Regards,
Vivek
.
- References:
- Re: Reading Public/private key from a Digital certificate
- From: Mitch Gallant
- Re: Reading Public/private key from a Digital certificate
- Prev by Date: How do I get the current user's VPN identity?
- Next by Date: Re: How to secure a Web Services Application...
- Previous by thread: Re: Reading Public/private key from a Digital certificate
- Next by thread: Permission denied - COM / .NET TS
- Index(es):
Relevant Pages
|
