public void VerifyExtendedSignatureUsingPublicationsFile()
{
KSI.Ksi ksi = GetKsi();
// Read the existing signature, assume it is extended
IKsiSignature signature = LoadExtendedSignature();
// We need to compute the hash from the original data, to make sure it
// matches the one in the signature and has not been changed
// Use the same algorithm as the input hash in the signature
IDataHasher dataHasher = new DataHasher(signature.GetAggregationHashChains()[0].InputHash.Algorithm);
dataHasher.AddData(File.ReadAllBytes("Resources/infile.txt"));
// Do the verification and check the result
VerificationPolicy policy = new PublicationBasedVerificationPolicy();
VerificationContext context = new VerificationContext(signature)
{
DocumentHash = dataHasher.GetHash(),
PublicationsFile = ksi.GetPublicationsFile(),
};
VerificationResult verificationResult = policy.Verify(context);
if (verificationResult.ResultCode == VerificationResultCode.Ok)
{
Console.WriteLine("VerifyExtendedSignatureUsingPublicationsFile > signature valid");
}
else
{
Console.WriteLine("VerifyExtendedSignatureUsingPublicationsFile > verification failed with error > " + verificationResult.VerificationError);
}
}
public void VerifyExtendedSignatureUsingDefaultPolicy()
{
// Create simple wrapper.
KSI.Ksi ksi = GetKsi();
// Read the existing signature, assume it is extended
IKsiSignature signature = LoadExtendedSignature();
DataHash documentHash = KsiProvider.CreateDataHasher(signature.InputHash.Algorithm)
.AddData(File.ReadAllBytes("Resources/infile.txt"))
.GetHash();
// Do the verification and check the result.
// The signature is verified against given document hash and publications file (publications file is automatically downloaded by simple wrapper).
VerificationResult verificationResult = ksi.Verify(signature, documentHash);
if (verificationResult.ResultCode == VerificationResultCode.Ok)
{
Console.WriteLine("VerifyExtendedSignatureUsingDefaultPolicy > signature valid");
}
else
{
Console.WriteLine("VerifyExtendedSignatureUsingDefaultPolicy > verification failed with error > " + verificationResult.VerificationError);
}
}
public void VerifyKeyBased()
{
KSI.Ksi ksi = GetKsi();
// Read signature, assume to be not extended
IKsiSignature signature = LoadUnextendedSignature();
IDataHasher dataHasher = new DataHasher(signature.GetAggregationHashChains()[0].InputHash.Algorithm);
dataHasher.AddData(File.ReadAllBytes("Resources/infile.txt"));
VerificationPolicy policy = new KeyBasedVerificationPolicy(new X509Store(StoreName.Root), GetCertificateSubjectRdnSelector());
VerificationContext context = new VerificationContext(signature)
{
DocumentHash = dataHasher.GetHash(),
PublicationsFile = ksi.GetPublicationsFile(),
};
VerificationResult verificationResult = policy.Verify(context);
if (verificationResult.ResultCode == VerificationResultCode.Ok)
{
Console.WriteLine("VerifyKeyBased > signature valid");
}
else
{
Console.WriteLine("VerifyKeyBased > signature verification failed with error > " + verificationResult.VerificationError);
}
}
public void SignHashDirectly()
{
KSI.Ksi ksi = GetKsi();
// Compute the hash first, use the input stream to provide the data to save memory for
// hashing very large documents
// In this example we simply use an input stream from an array of bytes but in practice it
// could be file input stream from a very large file (several GB)
IDataHasher dataHasher = KsiProvider.CreateDataHasher();
using (MemoryStream stream = new MemoryStream())
{
byte[] data = Encoding.UTF8.GetBytes("Imagine this is a large file");
stream.Write(data, 0, data.Length);
stream.Seek(0, SeekOrigin.Begin);
dataHasher.AddData(stream);
}
// Provide the signing method with the computed hash instead of document itself
IKsiSignature signature = ksi.Sign(dataHasher.GetHash());
// Persist signature to file
//using (FileStream stream = File.OpenRead("sample-file-for-signing.txt.ksig"))
//{
// signature.WriteTo(stream);
//}
}
public void VerifyExtendedSignatureUsingPublicationsFile()
{
KSI.Ksi ksi = GetKsi();
// Read the existing signature, assume it is extended
IKsiSignature signature = LoadExtendedSignature();
DataHash documentHash = KsiProvider.CreateDataHasher(signature.InputHash.Algorithm)
.AddData(File.ReadAllBytes("Resources/infile.txt"))
.GetHash();
// Do the verification and check the result
VerificationPolicy policy = new PublicationBasedVerificationPolicy();
VerificationContext context = new VerificationContext(signature)
{
DocumentHash = documentHash,
PublicationsFile = ksi.GetPublicationsFile(),
};
VerificationResult verificationResult = policy.Verify(context);
if (verificationResult.ResultCode == VerificationResultCode.Ok)
{
Console.WriteLine("VerifyExtendedSignatureUsingPublicationsFile > signature valid");
}
else
{
Console.WriteLine("VerifyExtendedSignatureUsingPublicationsFile > verification failed with error > " + verificationResult.VerificationError);
}
}
public void VerifyUnextendedSignatureUsingDefaultPolicy()
{
// Create simple wrapper.
KSI.Ksi ksi = GetKsi();
// Read signature, assume to be not extended
IKsiSignature signature = LoadUnextendedSignature();
// We need to compute the hash from the original data, to make sure it
// matches the one in the signature and has not been changed
// Use the same algorithm as the input hash in the signature
DataHash documentHash = KsiProvider.CreateDataHasher(signature.InputHash.Algorithm)
.AddData(File.ReadAllBytes("Resources/infile.txt"))
.GetHash();
// Do the verification and check the result.
// At first KSI signature is verified against given document hash.
// Then the signature is extended. If extending succeeds then the signature is verified
// against publications file (publications file is automatically downloaded by simple wrapper).
// If extending is not yet possible then key based verification is done.
VerificationResult verificationResult = ksi.Verify(signature, documentHash);
if (verificationResult.ResultCode == VerificationResultCode.Ok)
{
Console.WriteLine("VerifyUnextendedSignatureUsingDefaultPolicy > signature valid");
}
else
{
Console.WriteLine("VerifyUnextendedSignatureUsingDefaultPolicy > verification failed with error > " + verificationResult.VerificationError);
}
}
public void ExtendToClosestPublication()
{
KSI.Ksi ksi = GetKsi();
// Read an existing signature from file, assume it to be not extended
IKsiSignature signature = LoadUnextendedSignature();
// Extends the signature to the closest publication found in the publications file
// Assumes signature is not extended and at least one publication after
// the signature obtained
IKsiSignature extendedSignature = ksi.Extend(signature);
// Double check if signature was extended
if (extendedSignature.IsExtended)
{
Console.WriteLine("ExtendToClosestPublication > extended to publication > " +
Util.ConvertUnixTimeToDateTime(extendedSignature.PublicationRecord.PublicationData.PublicationTime));
}
else
{
Console.WriteLine("ExtendToClosestPublication > signature not extended");
}
// Store the extended signature
//using (FileStream stream = File.Create("sample-file-for-signing.txt.extended.ksig"))
//{
// extendedSignature.WriteTo(stream);
//}
}
public void ExtendToGivenPublicationDate()
{
KSI.Ksi ksi = GetKsi();
IKsiSignature signature = LoadUnextendedSignature();
PublicationRecordInPublicationFile publicationRecord = ksi.GetPublicationsFile().GetNearestPublicationRecord(new DateTime(2016, 2, 15));
if (publicationRecord == null)
{
Console.WriteLine("ExtendToGivenPublicationDate > no suitable publication yet. signature not extended");
return;
}
Console.WriteLine("ExtendToGivenPublicationDate > trying to extend signature to publication > "
+ Util.ConvertUnixTimeToDateTime(publicationRecord.PublicationData.PublicationTime));
IKsiSignature extendedSignature = ksi.Extend(signature, publicationRecord);
if (extendedSignature.IsExtended)
{
Console.WriteLine("ExtendToGivenPublicationDate > signature extended to publication > "
+ Util.ConvertUnixTimeToDateTime(extendedSignature.PublicationRecord.PublicationData.PublicationTime));
// Store the extended signature
// ...
}
else
{
Console.WriteLine("ExtendToGivenPublicationDate > signature not extended");
}
}
public void PrintPublicationInfo()
{
KSI.Ksi ksi = GetKsi();
PublicationRecord publicationRecord = ksi.GetPublicationsFile().GetNearestPublicationRecord(new DateTime(2016, 2, 1));
foreach (string s in publicationRecord.PublicationReferences)
{
Console.WriteLine("PrintPublicationInfo > publication reference > " + s);
}
}
public void SignSampleByteArray()
{
KSI.Ksi ksi = GetKsi();
// Whenever signing text data, make sure you control and know what the character set
// (encoding) was otherwise you may have trouble in the verification later.
byte[] document = Encoding.UTF8.GetBytes("This is my document");
// Sign it, the hash of the document is computed implicitly by the sign method
IKsiSignature signature = ksi.Sign(document);
// Persist signature to file
//using (FileStream stream = File.OpenRead("sample-file-for-signing.txt.ksig"))
//{
// signature.WriteTo(stream);
//}
}
static KsiSamples()
{
// The end point URL of the Aggregation service, needed for signing, e.g. http://host.net:8080/gt-signingservice.
string signingServiceUrl = Settings.Default.HttpSigningServiceUrl;
// The end point URL of the Extender service, needed for extending signature, e.g. *http://host.net:8081/gt-extendingservice
string extendingServiceUrl = Settings.Default.HttpExtendingServiceUrl;
// The publications file URL, needed for signature verification, e.g. http://verify.guardtime.com/ksi-publications.bin
string publicationsFileUrl = Settings.Default.HttpPublicationsFileUrl;
// The credentials to access the KSI signing service
ServiceCredentials signingServiceCredentials =
new ServiceCredentials(Settings.Default.HttpSigningServiceUser, Settings.Default.HttpSigningServicePass);
// The credentials to access the KSI extending service
ServiceCredentials extendingServiceCredentials =
new ServiceCredentials(Settings.Default.HttpExtendingServiceUser, Settings.Default.HttpExtendingServicePass);
HttpKsiServiceProtocol ksiServiceProtocol = new HttpKsiServiceProtocol(signingServiceUrl,
extendingServiceUrl, publicationsFileUrl);
// Certificate selector, used to filter which certificates are trusted when verifying the RSA signature.
// We only trust certificates, that have issued to the particular e-mail address
CertificateSubjectRdnSelector = new CertificateSubjectRdnSelector("[email protected]");
// This is the KSI context which holds the references to the Aggregation service, Extender
// service and other configuration data to perform the various operations.
KsiService =
new KsiService(
ksiServiceProtocol,
signingServiceCredentials,
ksiServiceProtocol,
extendingServiceCredentials,
ksiServiceProtocol,
new PublicationsFileFactory(new PkiTrustStoreProvider(new X509Store(StoreName.Root), CertificateSubjectRdnSelector)));
Ksi = new KSI.Ksi(GetKsiService());
// Set crypto provider to be used. Currently MicrosoftCryptoProvider and BouncyCastleCryptoProvider are available.
KsiProvider.SetCryptoProvider(new MicrosoftCryptoProvider());
}
public void ExtendToLatestPublication()
{
KSI.Ksi ksi = GetKsi();
IKsiSignature signature = LoadUnextendedSignature();
PublicationRecordInPublicationFile latestPublicationRecord = ksi.GetPublicationsFile().GetLatestPublication();
if (!signature.IsExtended || signature.PublicationRecord.PublicationData.PublicationTime < latestPublicationRecord.PublicationData.PublicationTime)
{
IKsiSignature extendedSignature = ksi.Extend(signature, latestPublicationRecord);
if (extendedSignature.IsExtended)
{
Console.WriteLine("ExtendToLatestPublication > signature extended to publication > " +
Util.ConvertUnixTimeToDateTime(extendedSignature.PublicationRecord.PublicationData.PublicationTime));
// Store the extended signature
// ...
}
}
}
public void ExtendToGivenPublicationCode()
{
KSI.Ksi ksi = GetKsi();
IKsiSignature signature = LoadUnextendedSignature();
PublicationData publicationData = new PublicationData("AAAAAA-CWYEKQ-AAIYPA-UJ4GRT-HXMFBE-OTB4AB-XH3PT3-KNIKGV-PYCJXU-HL2TN4-RG6SCC-3ZGSBM");
IKsiSignature extendedSignature = ksi.Extend(signature, publicationData);
if (extendedSignature.IsExtended)
{
Console.WriteLine("ExtendToGivenPublicationCode > signature extended to publication > "
+ Util.ConvertUnixTimeToDateTime(extendedSignature.PublicationRecord.PublicationData.PublicationTime));
// Store the extended signature
// ...
}
else
{
Console.WriteLine("ExtendToGivenPublicationCode > signature not extended");
}
}
public void CreateAndSignSampleFile()
{
KSI.Ksi ksi = GetKsi();
// Let's create a file to be singed
string inputFileName = "sample-file-for-signing.txt";
File.WriteAllText(inputFileName, "Sample file, generated for signing!");
IKsiSignature signature;
using (FileStream stream = File.OpenRead(inputFileName))
{
// Sign it, the hash of the document is computed implicitly by the sign method
signature = ksi.Sign(stream);
}
// Persist signature to file
using (FileStream stream = File.Create("sample-file-for-signing.txt.ksig"))
{
signature.WriteTo(stream);
}
}
