Re: Sign with RsaCryptoService Provider Verify with win32 Crypto A

In response to your questions:
1. Do you use the same hash algo? (eg. SHA-1)
I am specifying CALG_SHA1 in my call to CryptCreateHash and
SHA1CryptoServiceProvider() in my c# call to SignData.
2. What flags are you using in CryptSignHash and CryptVerifySignature
I specify CRYPT_NOHASHOID in CryptSignHash and CryptVerifySignature
I did not find a place for a corresponding specification in c#.
3. Is you data binary? text string? Do you specify the exact LENGTH for both
C++ and C#?
The data is a unicode text string converted to a byte array. For length
in C++ I
compute the length as: DWORD dwBufferLen = wcslen(pstrDataBuffer) * 2;
In C# I did not find a place to specify length, I just pass the byte
array in the
call to SignData.

Currently some of my C++ calls are as follows:
// Get the handle to Microsoft Enhanced provider and key container.
if(CryptAcquireContext(hCryptProv, CONTAINER_NAME, MS_ENHANCED_PROV,
PROV_RSA_FULL, CRYPT_NEWKEYSET))

CryptSignHash(hHash, AT_SIGNATURE, NULL, CRYPT_NOHASHOID, pbSignature,
&dwSigLen)


Some of my C# calls are as follows:
cspParams.ProviderName = "Microsoft Enhanced Cryptographic Provider v1.0";
cspParams.ProviderType = 1; // 1 = PROV_RSA_FULL
cspParams.KeyContainerName = "Signer";
cspParams.KeyNumber = (int)KeyNumber.Signature;
cspParams.Flags = CspProviderFlags.NoFlags;
RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(cspParams);

byte[] baData = Encoding.Unicode.GetBytes(strData);
byte[] baDataSignature;
baDataSignature = RSASigner.SignData(baData, new SHA1CryptoServiceProvider());

"lelteto" wrote:

1. Do you use the same hash algo? (eg. SHA-1)
2. What flags are you using in CryptSignHash and CryptVerifySignature (in
your C++ code)? do you set CRYPT_NOHASHOID?
3. Is you data binary? text string? Do you specify the exact LENGTH for both
C++ and C#?

Laszlo Elteto
SafeNet, Inc.

"Leslie" wrote:

Great. The problem I have encountered is as follows.

I setup a test program in C++ which signs some data using CryptSignHash and
then verifies the signature of the data using CryptVerifySignature. All of
this is done using the Win32 Crypto API and works just fine.

Next, I attempt to sign the same data using the RsaCryptoServiceProvider.
The call to RSACryptoServiceProvider.SignData returns the signature byte
array but the bytes returned do not match the signature bytes returned from
the call to CryptSignHash in the crypto API. As a result, the call to
CryptVerifySignature using the bytes from RSACryptoServiceProvider.SignData
fails.

Is there something I should be doing differently?

Thanks,

Leslie

Do

"Dominick Baier" wrote:

RSACryptoServiceProvider is just a thin wrapper arounf the native Crypto
API. so yes.

-----
Dominick Baier (http://www.leastprivilege.com)

Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)

I have a web application written in C# that needs to Sign some data
with private key that can be verified on a c++ client using win32
crypto api. Can this be done?

I would like to avoid using mixed mode on either platform if possible.

Thanks,

Leslie




.