private unsafe int SignCallback(
IntPtr pCertContext,
IntPtr pvExtra,
uint algId,
byte[] pDigestToSign,
uint dwDigestToSign,
ref CRYPTOAPI_BLOB blob
)
{
const int E_INVALIDARG = unchecked ((int)0x80070057);
byte[] digest;
Digest tosign = null;
if (_signingAlgorithm == HashAlgorithmName.SHA256.Name)
{
tosign = new Digest
{
Sha256 = ByteString.CopyFrom(pDigestToSign),
};
}
else if (_signingAlgorithm == HashAlgorithmName.SHA384.Name)
{
tosign = new Digest
{
Sha384 = ByteString.CopyFrom(pDigestToSign),
};
}
else if (_signingAlgorithm == HashAlgorithmName.SHA512.Name)
{
tosign = new Digest
{
Sha512 = ByteString.CopyFrom(pDigestToSign),
};
}
else
{
throw new CryptographicException(_signingAlgorithm + " is not supported!");
}
digest = _client.AsymmetricSign(_ckvn, tosign).Signature.ToByteArray();
var resultPtr = Marshal.AllocHGlobal(digest.Length);
Marshal.Copy(digest, 0, resultPtr, digest.Length);
blob.pbData = resultPtr;
blob.cbData = (uint)digest.Length;
return(0);
}
public byte[] SignAsymmetric(
string projectId = "my-project", string locationId = "us-east1", string keyRingId = "my-key-ring", string keyId = "my-key", string keyVersionId = "123",
string message = "Sample message")
{
// Create the client.
KeyManagementServiceClient client = KeyManagementServiceClient.Create();
// Build the key version name.
CryptoKeyVersionName keyVersionName = new CryptoKeyVersionName(projectId, locationId, keyRingId, keyId, keyVersionId);
// Convert the message into bytes. Cryptographic plaintexts and
// ciphertexts are always byte arrays.
byte[] plaintext = Encoding.UTF8.GetBytes(message);
// Calculate the digest.
SHA256 sha256 = SHA256.Create();
byte[] hash = sha256.ComputeHash(plaintext);
// Build the digest.
//
// Note: Key algorithms will require a varying hash function. For
// example, EC_SIGN_P384_SHA384 requires SHA-384.
Digest digest = new Digest
{
Sha256 = ByteString.CopyFrom(hash),
};
// Call the API.
AsymmetricSignResponse result = client.AsymmetricSign(keyVersionName, digest);
// Get the signature.
byte[] signature = result.Signature.ToByteArray();
// Return the result.
return(signature);
}
public void VerifiesData()
{
var message = "testing1234";
// Calculate the message digest.
var sha256 = SHA256.Create();
var digest = sha256.ComputeHash(Encoding.UTF8.GetBytes(message));
// Sign the data
KeyManagementServiceClient client = KeyManagementServiceClient.Create();
CryptoKeyVersionName keyVersionName = new CryptoKeyVersionName(_fixture.ProjectId, _fixture.LocationId, _fixture.KeyRingId, _fixture.AsymmetricSignRsaKeyId, "1");
var result = client.AsymmetricSign(keyVersionName, new Digest
{
Sha256 = ByteString.CopyFrom(digest),
});
// Run the sample.
var verified = _sample.VerifyAsymmetricSignatureRsa(
projectId: _fixture.ProjectId, locationId: _fixture.LocationId, keyRingId: _fixture.KeyRingId, keyId: _fixture.AsymmetricSignRsaKeyId, keyVersionId: "1",
message: message,
signature: result.Signature.ToByteArray());
Assert.True(verified);
}
