/// <summary>Demonstrates signing and verifying based on PEM textual public/private key.</summary> protected static void TestPEM(byte[] dataToSign) { Console.WriteLine("Testing PEM...\n"); // -----BEGIN PUBLIC KEY-----...-----END PUBLIC KEY----- string sPublicKeyPEM = Encoding.ASCII.GetString(RSACryptoServiceProviderExtensionDemo.GetDataFromResource("RSACryptoServiceProviderExtensionPublicKey.pem")); // -----BEGIN RSA PRIVATE KEY-----...-----END RSA PRIVATE KEY----- string sPrivateKeyPEM = Encoding.ASCII.GetString(RSACryptoServiceProviderExtensionDemo.GetDataFromResource("RSACryptoServiceProviderExtensionPrivateKey.pem")); Console.WriteLine("Public key:\n{0}", sPublicKeyPEM); Console.WriteLine("Private key:\n{0}", sPrivateKeyPEM); byte[] signature; bool bVerifyResultOriginal; bool bVerifyResultModified; using (RSACryptoServiceProvider rsa = new RSACryptoServiceProvider()) { rsa.PersistKeyInCsp = false; rsa.LoadPrivateKeyPEM(sPrivateKeyPEM); using (SHA1CryptoServiceProvider sha1 = new SHA1CryptoServiceProvider()) signature = rsa.SignData(dataToSign, sha1); } using (RSACryptoServiceProvider rsa = new RSACryptoServiceProvider()) { rsa.PersistKeyInCsp = false; rsa.LoadPublicKeyPEM(sPublicKeyPEM); using (SHA1CryptoServiceProvider sha1 = new SHA1CryptoServiceProvider()) bVerifyResultOriginal = rsa.VerifyData(dataToSign, sha1, signature); // invalidate signature so the next check must fail signature[signature.Length - 1] ^= 0xFF; using (SHA1CryptoServiceProvider sha1 = new SHA1CryptoServiceProvider()) bVerifyResultModified = rsa.VerifyData(dataToSign, sha1, signature); } Console.WriteLine("PEM: original signature is {0}valid.", bVerifyResultOriginal ? String.Empty : "in"); Console.WriteLine("PEM: tampered signature is {0}valid.", bVerifyResultModified ? String.Empty : "in"); Console.WriteLine("\nDone testing PEM.\n"); }
/// <summary>Demonstrates signing and verifying based on DER binary public/private key.</summary> protected static void TestDER(byte[] dataToSign) { Console.WriteLine("Testing DER...\n"); byte[] publicKeyDER = RSACryptoServiceProviderExtensionDemo.GetDataFromResource("RSACryptoServiceProviderExtensionPublicKey.der"); byte[] privateKeyDER = RSACryptoServiceProviderExtensionDemo.GetDataFromResource("RSACryptoServiceProviderExtensionPrivateKey.der"); Console.WriteLine("Public key:\n{0}\n", BitConverter.ToString(publicKeyDER).Replace("-", "")); Console.WriteLine("Private key:\n{0}\n", BitConverter.ToString(privateKeyDER).Replace("-", "")); byte[] signature; bool bVerifyResultOriginal; bool bVerifyResultModified; using (RSACryptoServiceProvider rsa = new RSACryptoServiceProvider()) { rsa.PersistKeyInCsp = false; rsa.LoadPrivateKeyDER(privateKeyDER); using (SHA1CryptoServiceProvider sha1 = new SHA1CryptoServiceProvider()) signature = rsa.SignData(dataToSign, sha1); } using (RSACryptoServiceProvider rsa = new RSACryptoServiceProvider()) { rsa.PersistKeyInCsp = false; rsa.LoadPublicKeyDER(publicKeyDER); using (SHA1CryptoServiceProvider sha1 = new SHA1CryptoServiceProvider()) bVerifyResultOriginal = rsa.VerifyData(dataToSign, sha1, signature); // invalidate signature so the next check must fail signature[signature.Length - 1] ^= 0xFF; using (SHA1CryptoServiceProvider sha1 = new SHA1CryptoServiceProvider()) bVerifyResultModified = rsa.VerifyData(dataToSign, sha1, signature); } Console.WriteLine("DER: original signature is {0}valid.", bVerifyResultOriginal ? String.Empty : "in"); Console.WriteLine("DER: tampered signature is {0}valid.", bVerifyResultModified ? String.Empty : "in"); Console.WriteLine("\nDone testing DER.\n"); }