Hi all,
Today I'm posting a sample which shows how to sign a text with a certificate in my Personal store (this cert will have public and private key associated to it) and how to verify that signature with a .cer file (for i.e. WinForms) applications or a client certificate (for i.e. ASP.NET) (both will only have public key associated to them).
using System; using System.Collections.Generic; using System.Text; using System.Security.Cryptography; using System.Security.Cryptography.X509Certificates; namespace ConsoleApplication1 { class Program { static byte[] Sign(string text, string certSubject) { // Access Personal (MY) certificate store of current user X509Store my = new X509Store(StoreName.My, StoreLocation.CurrentUser); my.Open(OpenFlags.ReadOnly); // Find the certificate we'll use to sign RSACryptoServiceProvider csp = null; foreach (X509Certificate2 cert in my.Certificates) { if (cert.Subject.Contains(certSubject)) { // We found it. // Get its associated CSP and private key csp = (RSACryptoServiceProvider)cert.PrivateKey; } } if (csp == null) { throw new Exception("No valid cert was found"); } // Hash the data SHA1Managed sha1 = new SHA1Managed(); UnicodeEncoding encoding = new UnicodeEncoding(); byte[] data = encoding.GetBytes(text); byte[] hash = sha1.ComputeHash(data); // Sign the hash return csp.SignHash(hash, CryptoConfig.MapNameToOID("SHA1")); } static bool Verify(string text, byte[] signature, string certPath) { // Load the certificate we'll use to verify the signature from a file X509Certificate2 cert = new X509Certificate2(certPath); // Note: // If we want to use the client cert in an ASP.NET app, we may use something like this instead: // X509Certificate2 cert = new X509Certificate2(Request.ClientCertificate.Certificate); // Get its associated CSP and public key RSACryptoServiceProvider csp = (RSACryptoServiceProvider)cert.PublicKey.Key; // Hash the data SHA1Managed sha1 = new SHA1Managed(); UnicodeEncoding encoding = new UnicodeEncoding(); byte[] data = encoding.GetBytes(text); byte[] hash = sha1.ComputeHash(data); // Verify the signature with the hash return csp.VerifyHash(hash, CryptoConfig.MapNameToOID("SHA1"), signature); } static void Main(string[] args) { // Usage sample try { // Sign text byte[] signature = Sign("Test", "cn=my cert subject"); // Verify signature. Testcert.cer corresponds to "cn=my cert subject" if (Verify("Test", signature, @"C:\testcert.cer")) { Console.WriteLine("Signature verified"); } else { Console.WriteLine("ERROR: Signature not valid!"); } } catch (Exception ex) { Console.WriteLine("EXCEPTION: " + ex.Message); } Console.ReadKey(); } } }
I hope this helps.
Cheers,
Alex (Alejandro Campos Magencio)
i want a C++ script to develop user name 'n password frame interface could u help me plzzz
my email is hashim.zied@hotmail.com
I'm sorry. I can't attend those kind of specific requests.
Thank you for the posting.
There was no finding practical example of digital signature, and this posting helped me a lot.
How to include public key with this signed hash and then verify the signed hash with that public key.
Pls help.
I'm sorry. I can't attend requests for custom samples. But if you contact MS Technical Support we can assist you to create one.
Alex
Hi.. I need help for implementing digital signature in Web Application using ASP.Net. My requirement is like.. client has digital signature on their machine, so how can i implement it in on-line form and how can i verify certificate of client's digital signature? How can i store it on server? Please help.. Thanks
Hi Alex!
I've create my own cer with Office tool for VBA and I can see it in storage, but with 'csp = (RSACryptoServiceProvider)cert.PrivateKey;'(Sign process)
I get nothing, it generates empty field...
What's wrong, where am I the idiot?:)
Sorry my bad, wrong spaces after "CN_=_"
My main aim is to provide capabilility to server to access client and logout the running application(s).
I need to have following support in certificate.
I need to generate the Certificate at runtime at the time of installation from the 3rd Party CA and install them to local machine where my application running.
Client Config need to be updated with the certificate generated. Client also hold the server certificate without its private key, So that Server and client can communicate in reverse mode scenario.
Server Certificate also need to be in the trusted people store
I am using WCF.
Please Guide me.
Thanks man,
i tried so many ways to verify signature but i am getting.
ur code is outstanding,its working fine......
thanks once again......
my mail-id:prabhugtec@gmail.com
I'm studying how to create and verify a digital signature, but I have a problem in create and use a certificate. I don't know why it can not get the information in certificate store. I use makecert.exe to create the certificate. Can you help me how to create a certificate use for this example? Thank in advance.
nice 1
Nice artical, but can you please tell me how to get certificate from CurrentUser Store. I am able to get it in ASPNET server but not in IIS Server. Thanks.