public CryptoKey GenerateKey()
{
using (var rsa = RSA.Create())
{
return(new CryptoKey(RSAHelper.ExportToXmlString(rsa, true)));
}
}
public void Sign(XDocument document, CryptoKey privateKey)
{
if (document == null)
{
throw new ArgumentNullException(nameof(document));
}
if (privateKey == null)
{
throw new ArgumentNullException(nameof(privateKey));
}
var signatureElement = GetSignatureElement(document);
if (signatureElement != null)
{
throw new InvalidOperationException("Already signed");
}
var hash = ComputeHash(document);
using (var rsa = RSA.Create())
{
RSAHelper.ImportFromXmlString(rsa, privateKey.Contents);
var signature = rsa.SignHash(hash, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
signatureElement = new XElement(SignatureElementName);
signatureElement.SetAttributeValue(AlgorithmAttributeName, AlgorithmAttributeValue);
signatureElement.SetElementValue(DigestValueElementName, Convert.ToBase64String(hash));
signatureElement.SetElementValue(SignatureValueElementName, Convert.ToBase64String(signature));
document.Root.Add(signatureElement);
}
}
public CryptoKey ExtractPublicKey(CryptoKey privateKey)
{
if (privateKey == null)
{
throw new ArgumentNullException(nameof(privateKey));
}
using (var rsa = RSA.Create())
{
RSAHelper.ImportFromXmlString(rsa, privateKey.Contents);
return(new CryptoKey(RSAHelper.ExportToXmlString(rsa, false)));
}
}
public bool Validate(XDocument document, CryptoKey publicKey)
{
if (document == null)
{
throw new ArgumentNullException(nameof(document));
}
if (publicKey == null)
{
throw new ArgumentNullException(nameof(publicKey));
}
var signatureElement = GetSignatureElement(document);
if (signatureElement == null)
{
return(false);
}
try
{
signatureElement.Remove();
var digestValue = (string)signatureElement.Element(DigestValueElementName);
var hash = ComputeHash(document);
if (digestValue != Convert.ToBase64String(hash))
{
return(false);
}
var signatureValue = (string)signatureElement.Element(SignatureValueElementName);
var signature = Convert.FromBase64String(signatureValue);
using (var rsa = RSA.Create())
{
RSAHelper.ImportFromXmlString(rsa, publicKey.Contents);
return(rsa.VerifyHash(hash, signature, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1));
}
}
finally
{
document.Root.Add(signatureElement);
}
}