public virtual BigInteger[] GenerateSignature(byte[] message)
{
var signer = new CertificateSigner.SignerWrapper();
byte[] signature = signer.Sign(message,
_privateKey.CertificateCommonName,
_privateKey.CertificateStoreName,
_privateKey.CertificateStoreLocation);
if (signature == null || signature.Length != 64)
{
throw new Exception($"Invalid signature length, expected 64 but got: {signature?.Length}");
}
/*
* To prevent positive values from being misinterpreted as negative values,
* you can add a zero-byte value to the end of the array.
* END of the array since BigInteger interprets byte array as little-endian:
*
* The individual bytes in the value array should be in little-endian order,
* from lowest-order byte to highest-order byte
*/
BigInteger r = new BigInteger(1, signature, 0, 32);
BigInteger s = new BigInteger(1, signature, 32, 32);
return(new[] { r, s });
}
public void ValidSignShouldSucceed()
{
// wrapper for unmanaged signer
var signer = new CertificateSigner.SignerWrapper();
// example of hash, real hash will be a longer byte array
byte[] hash = { 0x1, 0x2, 0x3, 0x4, 0x5, 0x6, 0x7, 0x8 };
byte[] signature = signer.Sign(
hash,
"L2", // CN (common name) of the certificate in the store that has the associated private key
"CA", // Logical store name, "CA" means Intermediate Certificate Authorities, use "MY" for personal
"LocalMachine" // Store location
);
Assert.IsNotNull(signature);
// // if the certificate's private key is ECDSA SHA-256 we should get the signature that is 64 bit,
// // first 32 bit is R parameter, last 32 bit is S parameter
// Assert.AreEqual(64, signature.Length);
}
