public SignHash ( byte hash, Internal.Cryptography.HashAlgorithmName hashAlgorithm, RSASignaturePadding padding ) : byte[] | ||
hash | byte | |
hashAlgorithm | Internal.Cryptography.HashAlgorithmName | |
padding | RSASignaturePadding | |
Résultat | byte[] |
/// <summary> /// Creates a base64 encoded signature for the SHA-256 hash of the specified data. /// </summary> /// <param name="data">The data to hash and sign. Must not be null.</param> /// <returns>The base-64 encoded signature.</returns> public string CreateSignature(byte[] data) { data.ThrowIfNull(nameof(data)); using (var hashAlg = SHA256.Create()) { byte[] assertionHash = hashAlg.ComputeHash(data); #if NETSTANDARD var sigBytes = key.SignHash(assertionHash, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1); #else var sigBytes = key.SignHash(assertionHash, Sha256Oid); #endif return(Convert.ToBase64String(sigBytes)); } }
/// <summary> /// Signs JWT token using the private key and returns the serialized assertion. /// </summary> /// <param name="payload">the JWT payload to sign.</param> private string CreateAssertionFromPayload(JsonWebSignature.Payload payload) { string serializedHeader = CreateSerializedHeader(); string serializedPayload = NewtonsoftJsonSerializer.Instance.Serialize(payload); StringBuilder assertion = new StringBuilder(); assertion.Append(UrlSafeBase64Encode(serializedHeader)) .Append(".") .Append(UrlSafeBase64Encode(serializedPayload)); // Sign the header and the payload. var hashAlg = SHA256.Create(); byte[] assertionHash = hashAlg.ComputeHash(Encoding.ASCII.GetBytes(assertion.ToString())); #if NETSTANDARD var sigBytes = key.SignHash(assertionHash, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1); #else var sigBytes = key.SignHash(assertionHash, Sha256Oig); #endif var signature = UrlSafeBase64Encode(sigBytes); assertion.Append(".").Append(signature); return(assertion.ToString()); }
public void SignHash() { Rsa rsa = GetRsa(); var hash = new byte[32]; hash[0] = 45; #if NETSTANDARD var signature = rsa.SignHash(hash, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1); #else var signature = rsa.SignHash(hash, "2.16.840.1.101.3.4.2.1" /* SHA256 OIG */); #endif var expected = new byte[] { 0x5d, 0xfc, 0x98, 0x59, 0x94, 0x64, 0x8c, 0x18, 0x54, 0x88, 0x8d, 0x65, 0xf3, 0xae, 0xdf, 0x76, 0x66, 0x9c, 0x4d, 0x11, 0x76, 0xf7, 0x16, 0xb8, 0xcb, 0x01, 0xe3, 0x66, 0xf9, 0xc2, 0x1d, 0x96, 0x26, 0x0a, 0x4f, 0x44, 0xf0, 0x55, 0x8e, 0xe9, 0x37, 0x2e, 0xd8, 0x14, 0xbb, 0xb6, 0x28, 0x24, 0xbc, 0x41, 0xbc, 0x60, 0xea, 0xfa, 0x66, 0x32, 0xa2, 0x67, 0x5d, 0xd9, 0x12, 0x10, 0xc4, 0x17, 0x5c, 0x88, 0x21, 0xf7, 0x3a, 0xea, 0xb7, 0x71, 0x14, 0x37, 0xa3, 0xaf, 0x87, 0xa6, 0x5b, 0x80, 0xd0, 0xa3, 0x95, 0xe6, 0xbd, 0xe0, 0xcf, 0x64, 0xd1, 0xad, 0xf8, 0x11, 0x15, 0x41, 0x6c, 0xb7, 0x9d, 0xe0, 0xfb, 0x65, 0x51, 0x03, 0xcf, 0xc9, 0x44, 0x66, 0xe7, 0xf7, 0x43, 0x6f, 0xf7, 0xff, 0x33, 0x44, 0xef, 0x18, 0x18, 0xd1, 0x48, 0xff, 0x0b, 0xc8, 0x93, 0xe9, 0x9f, 0x71, 0x5e, 0xda }; Assert.That(signature, Is.EqualTo(expected)); }
public override byte[] CreateSignature(byte[] rgbHash) { if (rgbHash == null) { throw new ArgumentNullException(nameof(rgbHash)); } if (_algName == null) { throw new CryptographicUnexpectedOperationException(SR.Cryptography_MissingOID); } if (_rsaKey == null) { throw new CryptographicUnexpectedOperationException(SR.Cryptography_MissingKey); } return(_rsaKey.SignHash(rgbHash, new HashAlgorithmName(_algName), RSASignaturePadding.Pkcs1)); }
[System.Security.SecuritySafeCritical] // auto-generated public override byte[] CreateSignature(byte[] rgbHash) { if (rgbHash == null) { throw new ArgumentNullException("rgbHash"); } Contract.EndContractBlock(); if (_strOID == null) { throw new CryptographicUnexpectedOperationException(Environment.GetResourceString("Cryptography_MissingOID")); } if (_rsaKey == null) { throw new CryptographicUnexpectedOperationException(Environment.GetResourceString("Cryptography_MissingKey")); } // Two cases here -- if we are talking to the CSP version or if we are talking to some other RSA provider. if (_rsaKey is RSACryptoServiceProvider) { // This path is kept around for desktop compat: in case someone is using this with a hash algorithm that's known to GetAlgIdFromOid but // not from OidToHashAlgorithmName. int calgHash = X509Utils.GetAlgIdFromOid(_strOID, OidGroup.HashAlgorithm); return(((RSACryptoServiceProvider)_rsaKey).SignHash(rgbHash, calgHash)); } else if (OverridesSignHash) { HashAlgorithmName hashAlgorithmName = Utils.OidToHashAlgorithmName(_strOID); return(_rsaKey.SignHash(rgbHash, hashAlgorithmName, RSASignaturePadding.Pkcs1)); } else { // Fallback compat path for 3rd-party RSA classes that don't override SignHash() byte[] pad = Utils.RsaPkcs1Padding(_rsaKey, CryptoConfig.EncodeOID(_strOID), rgbHash); // Create the signature by applying the private key to the padded buffer we just created. return(_rsaKey.DecryptValue(pad)); } }
public override byte[] SignHash(byte[] hash, HashAlgorithmName hashAlgorithm, RSASignaturePadding padding) => _impl.SignHash(hash, hashAlgorithm, padding);
private static byte[] GetRSAPKCS1SignatureFromSHA1(byte[] hashedData, RSA providerRSA) { // Format the RSACryptoServiceProvider and create the signature. #if CORECLR return providerRSA.SignHash(hashedData, HashAlgorithmName.SHA1, RSASignaturePadding.Pkcs1); #else RSAPKCS1SignatureFormatter rsaFormatter = new RSAPKCS1SignatureFormatter(providerRSA); rsaFormatter.SetHashAlgorithm("SHA1"); return rsaFormatter.CreateSignature(hashedData); #endif }