private unsafe int SignCallback( IntPtr pCertContext, IntPtr pvExtra, uint algId, byte[] pDigestToSign, uint dwDigestToSign, ref CRYPTOAPI_BLOB blob ) { const int E_INVALIDARG = unchecked ((int)0x80070057); byte[] digest; Digest tosign = null; if (_signingAlgorithm == HashAlgorithmName.SHA256.Name) { tosign = new Digest { Sha256 = ByteString.CopyFrom(pDigestToSign), }; } else if (_signingAlgorithm == HashAlgorithmName.SHA384.Name) { tosign = new Digest { Sha384 = ByteString.CopyFrom(pDigestToSign), }; } else if (_signingAlgorithm == HashAlgorithmName.SHA512.Name) { tosign = new Digest { Sha512 = ByteString.CopyFrom(pDigestToSign), }; } else { throw new CryptographicException(_signingAlgorithm + " is not supported!"); } digest = _client.AsymmetricSign(_ckvn, tosign).Signature.ToByteArray(); var resultPtr = Marshal.AllocHGlobal(digest.Length); Marshal.Copy(digest, 0, resultPtr, digest.Length); blob.pbData = resultPtr; blob.cbData = (uint)digest.Length; return(0); }
public byte[] SignAsymmetric( string projectId = "my-project", string locationId = "us-east1", string keyRingId = "my-key-ring", string keyId = "my-key", string keyVersionId = "123", string message = "Sample message") { // Create the client. KeyManagementServiceClient client = KeyManagementServiceClient.Create(); // Build the key version name. CryptoKeyVersionName keyVersionName = new CryptoKeyVersionName(projectId, locationId, keyRingId, keyId, keyVersionId); // Convert the message into bytes. Cryptographic plaintexts and // ciphertexts are always byte arrays. byte[] plaintext = Encoding.UTF8.GetBytes(message); // Calculate the digest. SHA256 sha256 = SHA256.Create(); byte[] hash = sha256.ComputeHash(plaintext); // Build the digest. // // Note: Key algorithms will require a varying hash function. For // example, EC_SIGN_P384_SHA384 requires SHA-384. Digest digest = new Digest { Sha256 = ByteString.CopyFrom(hash), }; // Call the API. AsymmetricSignResponse result = client.AsymmetricSign(keyVersionName, digest); // Get the signature. byte[] signature = result.Signature.ToByteArray(); // Return the result. return(signature); }
public void VerifiesData() { var message = "testing1234"; // Calculate the message digest. var sha256 = SHA256.Create(); var digest = sha256.ComputeHash(Encoding.UTF8.GetBytes(message)); // Sign the data KeyManagementServiceClient client = KeyManagementServiceClient.Create(); CryptoKeyVersionName keyVersionName = new CryptoKeyVersionName(_fixture.ProjectId, _fixture.LocationId, _fixture.KeyRingId, _fixture.AsymmetricSignRsaKeyId, "1"); var result = client.AsymmetricSign(keyVersionName, new Digest { Sha256 = ByteString.CopyFrom(digest), }); // Run the sample. var verified = _sample.VerifyAsymmetricSignatureRsa( projectId: _fixture.ProjectId, locationId: _fixture.LocationId, keyRingId: _fixture.KeyRingId, keyId: _fixture.AsymmetricSignRsaKeyId, keyVersionId: "1", message: message, signature: result.Signature.ToByteArray()); Assert.True(verified); }