C# (CSharp) System.Security.Cryptography.X509Certificates X509Certificate2.SignHash Examples

Programming Language: C# (CSharp)

Namespace/Package Name: System.Security.Cryptography.X509Certificates

Class/Type: X509Certificate2

Method/Function: SignHash

Examples at hotexamples.com: 1

C# (CSharp) System.Security.Cryptography.X509Certificates X509Certificate2.SignHash - 1 examples found. These are the top rated real world C# (CSharp) examples of System.Security.Cryptography.X509Certificates.X509Certificate2.SignHash extracted from open source projects. You can rate examples to help us improve the quality of examples.

Frequently Used Methods

Show Hide

GetCertHash(30)

Export(19)

Equals(10)

ToPem(10)

GetSerialNumber(9)

Reset(8)

GetPublicKey(7)

GetCertContentType(7)

GetPrivateKey(6)

GetNameInfo(6)

GetRSAPrivateKey(6)

CopyWithPrivateKey(5)

Verify(5)

GetKeyAlgorithm(5)

GetCertHashString(5)

GetRawCertData(4)

IsGost_R3410_2012_512(4)

ExportToPem(4)

IsGost_R3410_2001(4)

IsGost_R3410_2012_256(4)

ExtractEmailNameOrName(4)

GetFormattedThumbPrint(3)

GetName(3)

CreateCertContextHandle(3)

GetExpirationDateString(3)

GetEffectiveDateString(3)

CloneCertificateInternal(3)

Load(3)

GetSerialNumberString(3)

Import(3)

Validate(3)

VerifyInAllStores(2)

GetPemPublicKey(2)

BuildChain(2)

MatchEmailNameOrName(2)

IsNotNull(2)

CreateSecurityTokenResolver(2)

IsGost_R3410_94(2)

ThrowIfInvalid(2)

GetECDsaPrivateKey(2)

GetPublicKeyAlgorithm(2)

GetCngPrivateKey(2)

ToX509Certificate(2)

GetCriticalExtensionOIDs(2)

IssuerInfo(1)

LoadFromPemFile(1)

AppendBuffer(1)

MatchDnsOrEmailOrName(1)

MatchName(1)

OrderBy(1)

X509Certificate2 Class Documentation

Example #1

Show file

File: TlsClientStream.cs Project: ArsenShnurkov/npgsql

        HandshakeType SendCertificateVerify(ref int offset)
        {
#if NET45 || NET451
            var key = new X509Certificate2(_clientCertificates[0]).PrivateKey;

            var keyDsa = key as DSACryptoServiceProvider;
            var keyRsa = key as RSACryptoServiceProvider;
#else
            var keyRsa = new X509Certificate2(_clientCertificates[0].Export(X509ContentType.Cert)).GetRSAPrivateKey();
#endif

            byte[] signature = null, hash = null;

#if NET45 || NET451
            if (keyDsa != null)
            {
                if (_pendingConnState.TlsVersion == TlsVersion.TLSv1_2 && !_handshakeData.SupportedSignatureAlgorithms.Contains(Tuple.Create(TLSHashAlgorithm.SHA1, SignatureAlgorithm.DSA)))
                {
                    SendAlertFatal(AlertDescription.HandshakeFailure, "Server does not support client certificate sha1-dsa signatures");
                }
                hash = _handshakeData.CertificateVerifyHash_SHA1.Final();
                signature = keyDsa.SignHash(hash, Utils.HashNameToOID["SHA1"]);

                // Convert to DER
                var r = new byte[21];
                var s = new byte[21];
                Array.Reverse(signature, 0, 20);
                Array.Reverse(signature, 20, 20);
                Buffer.BlockCopy(signature, 0, r, 0, 20);
                Buffer.BlockCopy(signature, 20, s, 0, 20);
                r = new BigInteger(r).ToByteArray();
                s = new BigInteger(s).ToByteArray();
                Array.Reverse(r);
                Array.Reverse(s);

                signature = new byte[r.Length + s.Length + 6];
                signature[0] = 0x30; // SEQUENCE
                signature[1] = (byte)(signature.Length - 2);
                signature[2] = 0x02; // INTEGER
                signature[3] = (byte)r.Length;
                Buffer.BlockCopy(r, 0, signature, 4, r.Length);
                signature[4 + r.Length] = 0x02; // INTEGER
                signature[4 + r.Length + 1] = (byte)s.Length;
                Buffer.BlockCopy(s, 0, signature, 4 + r.Length + 2, s.Length);

                if (_pendingConnState.TlsVersion == TlsVersion.TLSv1_2)
                {
                    _buf[offset++] = (byte)TLSHashAlgorithm.SHA1;
                    _buf[offset++] = (byte)SignatureAlgorithm.DSA;
                }
            }
            else
#endif
            if (keyRsa != null)
            {
                if (_pendingConnState.TlsVersion == TlsVersion.TLSv1_2 && !_handshakeData.SupportedSignatureAlgorithms.Contains(Tuple.Create(TLSHashAlgorithm.SHA1, SignatureAlgorithm.RSA)))
                {
                    SendAlertFatal(AlertDescription.HandshakeFailure, "Server does not support client certificate sha1-rsa signatures");
                }

                hash = _handshakeData.CertificateVerifyHash_SHA1.Final();
                byte[] md5Hash = null;
                if (_handshakeData.CertificateVerifyHash_MD5 != null)
                {
                    md5Hash = _handshakeData.CertificateVerifyHash_MD5.Final();
                }

                // NOTE: It seems problematic to support other hash algorithms than SHA1 since the PrivateKey included in the certificate
                // often uses an old Crypto Service Provider (Microsoft Base Cryptographic Provider v1.0) instead of Microsoft Enhanced RSA and AES Cryptographic Provider.
                // The following out-commented code might work to change CSP.

                //var csp = new RSACryptoServiceProvider().CspKeyContainerInfo;
                //keyRsa = new RSACryptoServiceProvider(new CspParameters(csp.ProviderType, csp.ProviderName, keyRsa.CspKeyContainerInfo.KeyContainerName));

                // TLS 1.0 and 1.1, export private key and calculate md5-sha1 hash and sign manually
                if (_pendingConnState.TlsVersion != TlsVersion.TLSv1_2)
                {
                    var fullHash = new byte[36];
                    Buffer.BlockCopy(md5Hash, 0, fullHash, 0, 16);
                    Buffer.BlockCopy(hash, 0, fullHash, 16, 20);
                    signature = RsaPKCS1.SignRsaPKCS1(keyRsa, fullHash);

                    // BigIntegers have no Dispose/Clear methods, but they contain sensitive data, so force a garbage collection to remove the data.
                    GC.Collect(GC.MaxGeneration, GCCollectionMode.Forced, false);
                }
                else
                {
#if NET45 || NET451
                    signature = keyRsa.SignHash(hash, Utils.HashNameToOID["SHA1"]);
#else
                    signature = keyRsa.SignHash(hash, HashAlgorithmName.SHA1, RSASignaturePadding.Pkcs1);
#endif

                    if (_pendingConnState.TlsVersion == TlsVersion.TLSv1_2)
                    {
                        _buf[offset++] = (byte)TLSHashAlgorithm.SHA1;
                        _buf[offset++] = (byte)SignatureAlgorithm.RSA;
                    }
                }
            }
            else
            {
                SendAlertFatal(AlertDescription.HandshakeFailure);
            }
            _handshakeData.CertificateVerifyHash_SHA1.Dispose();
            _handshakeData.CertificateVerifyHash_SHA1 = null;
            if (_handshakeData.CertificateVerifyHash_MD5 != null)
            {
                _handshakeData.CertificateVerifyHash_MD5.Dispose();
                _handshakeData.CertificateVerifyHash_MD5 = null;
            }

#if NET45 || NET451
            key.Dispose();
#endif

            offset += Utils.WriteUInt16(_buf, offset, (ushort)signature.Length);
            Buffer.BlockCopy(signature, 0, _buf, offset, signature.Length);
            offset += signature.Length;

            return HandshakeType.CertificateVerify;
        }