Decrypt my World

Cryptography, Security, Debugging and more!

How to Sign and Verify the signature with .NET and a certificate (C#)

How to Sign and Verify the signature with .NET and a certificate (C#)

  • Comments 21

Hi all,

Today I'm posting a sample which shows how to sign a text with a certificate in my Personal store (this cert will have public and private key associated to it) and how to verify that signature with a .cer file (for i.e. WinForms) applications or a client certificate (for i.e. ASP.NET) (both will only have public key associated to them).

using System;
using System.Collections.Generic;
using System.Text;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;

namespace ConsoleApplication1
{
    class Program
    {
        static byte[] Sign(string text, string certSubject)
        {
            // Access Personal (MY) certificate store of current user
            X509Store my = new X509Store(StoreName.My, StoreLocation.CurrentUser);
            my.Open(OpenFlags.ReadOnly);

            // Find the certificate we'll use to sign            
            RSACryptoServiceProvider csp = null;
            foreach (X509Certificate2 cert in my.Certificates)
            {
                if (cert.Subject.Contains(certSubject))
                {
                    // We found it. 
                    // Get its associated CSP and private key
                    csp = (RSACryptoServiceProvider)cert.PrivateKey;
                }
            }
            if (csp == null)
            {
                throw new Exception("No valid cert was found");
            }

            // Hash the data
            SHA1Managed sha1 = new SHA1Managed();
            UnicodeEncoding encoding = new UnicodeEncoding();
            byte[] data = encoding.GetBytes(text);
            byte[] hash = sha1.ComputeHash(data);

            // Sign the hash
            return csp.SignHash(hash, CryptoConfig.MapNameToOID("SHA1"));            
        }

        static bool Verify(string text, byte[] signature, string certPath)
        {
            // Load the certificate we'll use to verify the signature from a file 
            X509Certificate2 cert = new X509Certificate2(certPath);
            // Note: 
            // If we want to use the client cert in an ASP.NET app, we may use something like this instead:
            // X509Certificate2 cert = new X509Certificate2(Request.ClientCertificate.Certificate);

            // Get its associated CSP and public key
            RSACryptoServiceProvider csp = (RSACryptoServiceProvider)cert.PublicKey.Key;

            // Hash the data
            SHA1Managed sha1 = new SHA1Managed();
            UnicodeEncoding encoding = new UnicodeEncoding();
            byte[] data = encoding.GetBytes(text);
            byte[] hash = sha1.ComputeHash(data);

            // Verify the signature with the hash
            return csp.VerifyHash(hash, CryptoConfig.MapNameToOID("SHA1"), signature);
        }

        static void Main(string[] args)
        {
            // Usage sample
            try
            {
                // Sign text
                byte[] signature = Sign("Test", "cn=my cert subject");

                // Verify signature. Testcert.cer corresponds to "cn=my cert subject"
                if (Verify("Test", signature, @"C:\testcert.cer"))
                {
                    Console.WriteLine("Signature verified");
                }
                else
                {
                    Console.WriteLine("ERROR: Signature not valid!");
                }
            }
            catch (Exception ex)
            {
                Console.WriteLine("EXCEPTION: " + ex.Message);
            }
            Console.ReadKey();
        }
    }
}

I hope this helps.

Cheers,

 

Alex (Alejandro Campos Magencio)

  • i want a C++ script to develop user name 'n password frame interface could u help me plzzz

    my email is hashim.zied@hotmail.com

  • I'm sorry. I can't attend those kind of specific requests.

  • Thank you for the posting.

    There was no finding practical example of digital signature, and this posting helped me a lot.

  • How to include public key with this signed hash and then verify the signed hash with that public key.

    Pls help.

  • I'm sorry. I can't attend requests for custom samples. But if you contact MS Technical Support we can assist you to create one.

    Cheers,

    Alex

  • Hi.. I need help for implementing digital signature in Web Application using ASP.Net. My requirement is like.. client has digital signature on their machine, so how can i implement it in on-line form and how can i verify certificate of client's digital signature? How can i store it on server? Please help.. Thanks

  • Hi Alex!

    I've create my own cer with Office tool for VBA and I can see it in storage, but with 'csp = (RSACryptoServiceProvider)cert.PrivateKey;'(Sign process)

    I get nothing, it generates empty field...

    What's wrong, where am I the idiot?:)

  • Sorry my bad, wrong spaces after "CN_=_"

  • My main aim is to provide capabilility to server to access client and logout  the running application(s).

    I need to have following support in certificate.

    I need to generate the Certificate at runtime at the time of installation from the 3rd Party CA and install them to local machine where  my application running.

    Client Config need to be updated with the certificate generated. Client also hold the server certificate without its private key, So that Server and client can communicate in reverse mode scenario.

    Server Certificate also need to be in the trusted people store

    I am using WCF.

    Please Guide me.

  • Thanks man,

    i tried so many ways to verify signature but i am getting.

    ur code is outstanding,its working fine......

    thanks once again......

    my mail-id:prabhugtec@gmail.com

  • I'm studying how to create and verify a digital signature, but I have a problem in create and use a certificate. I don't know why it can not get the information in certificate store. I use makecert.exe to create the certificate. Can you help me how to create a certificate use for this example? Thank in advance.

  • nice 1

  • Nice artical, but can you please tell me how to get certificate from CurrentUser Store. I am able to get it in ASPNET server but not in IIS Server. Thanks.

  • Hi ,

    I understand your code but the problem is that i want to sign the contents at client side instand or server side, your code is showing seems its doing on server side, can you have an example where can we sign the contents to client side using javascript and will verify at server side code using C#.

    please mail me if you have solution : my  Mail id :hiren.sojitra@gmail.com

  • Thanks a  lot for ur valuable post.

    I want to add the digital signature to my file. This i want to do this by programming not using MS  office.

    I am using c#. Can any one help me in any  way.

Page 1 of 2 (21 items) 12
Leave a Comment
  • Please add 8 and 7 and type the answer here:
  • Post
Translate This Page