Re: Sign with RsaCryptoService Provider Verify with win32 Crypto A

also CryptSignHash (and VerifySignature) generate and take a pkcs1 signature
in little-endian order. .NET creates (and expects) the reverse byte sequence
(big-endian order).
If you are using some of the MSDN documentation for capi, and are signing
string content, are you also signing the terminal null character for the
string?
- Mitch Gallant

"lelteto" <lelteto@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:4F3ACE03-BFEF-4B3E-8D11-4F37AE5E86C8@xxxxxxxxxxxxxxxx
1. Do you use the same hash algo? (eg. SHA-1)
2. What flags are you using in CryptSignHash and CryptVerifySignature (in
your C++ code)? do you set CRYPT_NOHASHOID?
3. Is you data binary? text string? Do you specify the exact LENGTH for
both
C++ and C#?

Laszlo Elteto
SafeNet, Inc.

"Leslie" wrote:

Great. The problem I have encountered is as follows.

I setup a test program in C++ which signs some data using CryptSignHash
and
then verifies the signature of the data using CryptVerifySignature. All
of
this is done using the Win32 Crypto API and works just fine.

Next, I attempt to sign the same data using the RsaCryptoServiceProvider.
The call to RSACryptoServiceProvider.SignData returns the signature byte
array but the bytes returned do not match the signature bytes returned
from
the call to CryptSignHash in the crypto API. As a result, the call to
CryptVerifySignature using the bytes from
RSACryptoServiceProvider.SignData
fails.

Is there something I should be doing differently?

Thanks,

Leslie

Do

"Dominick Baier" wrote:

RSACryptoServiceProvider is just a thin wrapper arounf the native
Crypto
API. so yes.

-----
Dominick Baier (http://www.leastprivilege.com)

Developing More Secure Microsoft ASP.NET 2.0 Applications
(http://www.microsoft.com/mspress/books/9989.asp)

I have a web application written in C# that needs to Sign some data
with private key that can be verified on a c++ client using win32
crypto api. Can this be done?

I would like to avoid using mixed mode on either platform if
possible.

Thanks,

Leslie






.

Relevant Pages

  • Re: How to make PKCS#7 signature using CryptoAPI?
    ... CryptSignHash (and CryptVerifySignature) create and verify pkcs#1 basic ... Also that signature is in little-endian order (so reversed from Java 2 ...
    (microsoft.public.platformsdk.security)
  • Re: Sign with RsaCryptoService Provider Verify with win32 Crypto A
    ... I had read about the reverse byte order regarding encryption but I did not ... RSACryptoServiceProvider signature below. ... Crypto API sign - The contents of the signature buffer. ... If you are using some of the MSDN documentation for capi, and are signing ...
    (microsoft.public.platformsdk.security)
  • Re: Interoperability between CryptoAPI and .NET
    ... Brief survival/sanity guide to more common interop "endian-ness" ... CryptSignHash() generates signature in LITTLE-endian byte order (Java 2 and .Net SignHash ...
    (microsoft.public.platformsdk.security)
  • RE: Compatibility between CryptSignHash and PKCS#7
    ... this function) and CryptSignMessage (the signature value, i.e., the encrypted ... I need to use CryptSignHash and then wrap it in PKCS#7 structure myself to ... using CryptSignHash to sign the hash of the data and creating the PKCS#7 ... signature value (encrypted hash) in both cases comes out different. ...
    (microsoft.public.platformsdk.security)
  • Re: Sign with RsaCryptoService Provider Verify with win32 Crypto A
    ... I am not certain that this is the key that is being used for signing. ... Try to verify that the keypair you are using in .NET is exactlly the same ... which will create the pkcs1 signature as the signature block so you ... Crypto API sign - The contents of the signature buffer. ...
    (microsoft.public.platformsdk.security)