public static void ThirdPartyProvider_DSA()
{
using (DSA dsaOther = new DSAOther())
{
dsaOther.ImportParameters(TestData.GetDSA1024Params());
X509SignatureGenerator dsaGen = new DSAX509SignatureGenerator(dsaOther);
// macOS DSA is limited to FIPS 186-3.
HashAlgorithmName hashAlgorithm = HashAlgorithmName.SHA1;
CertificateRequest request = new CertificateRequest(
new X500DistinguishedName($"CN={nameof(ThirdPartyProvider_DSA)}"),
dsaGen.PublicKey,
hashAlgorithm);
byte[] signature;
byte[] data = request.SubjectName.RawData;
DateTimeOffset now = DateTimeOffset.UtcNow;
using (X509Certificate2 cert = request.Create(request.SubjectName, dsaGen, now, now.AddDays(1), new byte[1]))
using (X509Certificate2 certWithPrivateKey = cert.CopyWithPrivateKey(dsaOther))
using (DSA dsa = certWithPrivateKey.GetDSAPrivateKey())
{
signature = dsa.SignData(data, hashAlgorithm);
}
Assert.True(dsaOther.VerifyData(data, signature, hashAlgorithm));
}
}
public static void AssociatePersistedKey_CAPIviaCNG_DSA(int provType)
{
const string KeyName = nameof(AssociatePersistedKey_CAPIviaCNG_DSA);
CspParameters cspParameters = new CspParameters(provType)
{
KeyContainerName = KeyName,
Flags = CspProviderFlags.UseNonExportableKey,
};
using (DSACryptoServiceProvider dsaCsp = new DSACryptoServiceProvider(cspParameters))
{
dsaCsp.PersistKeyInCsp = false;
X509SignatureGenerator dsaGen = new DSAX509SignatureGenerator(dsaCsp);
// Use SHA-1 because that's all DSACryptoServiceProvider understands.
HashAlgorithmName hashAlgorithm = HashAlgorithmName.SHA1;
byte[] signature;
CertificateRequest request = new CertificateRequest(
new X500DistinguishedName($"CN={KeyName}-{provType}"),
dsaGen.PublicKey,
hashAlgorithm);
DateTimeOffset now = DateTimeOffset.UtcNow;
using (X509Certificate2 cert = request.Create(request.SubjectName, dsaGen, now, now.AddDays(1), new byte[1]))
using (X509Certificate2 certWithPrivateKey = cert.CopyWithPrivateKey(dsaCsp))
using (DSA dsa = certWithPrivateKey.GetDSAPrivateKey())
{
// `dsa` will be an DSACng wrapping the CAPI key
Assert.IsAssignableFrom <DSACng>(dsa);
request = new CertificateRequest(
new X500DistinguishedName($"CN={KeyName}-{provType}-again"),
dsaGen.PublicKey,
hashAlgorithm);
using (X509Certificate2 cert2 = request.Create(request.SubjectName, dsaGen, now, now.AddDays(1), new byte[1]))
using (X509Certificate2 cert2WithPrivateKey = cert2.CopyWithPrivateKey(dsa))
using (DSA dsa2 = cert2WithPrivateKey.GetDSAPrivateKey())
{
signature = dsa2.SignData(Array.Empty <byte>(), hashAlgorithm);
Assert.True(dsaCsp.VerifyData(Array.Empty <byte>(), signature, hashAlgorithm));
}
}
// Some certs have disposed, did they delete the key?
cspParameters.Flags = CspProviderFlags.UseExistingKey;
using (var stillPersistedKey = new DSACryptoServiceProvider(cspParameters))
{
stillPersistedKey.SignData(Array.Empty <byte>(), hashAlgorithm);
}
}
}
public static void AssociatePersistedKey_CNG_DSA()
{
const string KeyName = nameof(AssociatePersistedKey_CNG_DSA);
CngKey cngKey = null;
HashAlgorithmName hashAlgorithm = HashAlgorithmName.SHA256;
byte[] signature;
try
{
CngKeyCreationParameters creationParameters = new CngKeyCreationParameters()
{
ExportPolicy = CngExportPolicies.None,
Provider = CngProvider.MicrosoftSoftwareKeyStorageProvider,
KeyCreationOptions = CngKeyCreationOptions.OverwriteExistingKey,
Parameters =
{
new CngProperty("Length", BitConverter.GetBytes(1024), CngPropertyOptions.None),
}
};
cngKey = CngKey.Create(new CngAlgorithm("DSA"), KeyName, creationParameters);
using (DSACng dsaCng = new DSACng(cngKey))
{
X509SignatureGenerator dsaGen = new DSAX509SignatureGenerator(dsaCng);
CertificateRequest request = new CertificateRequest(
new X500DistinguishedName($"CN={KeyName}"),
dsaGen.PublicKey,
HashAlgorithmName.SHA256);
DateTimeOffset now = DateTimeOffset.UtcNow;
using (X509Certificate2 cert = request.Create(request.SubjectName, dsaGen, now, now.AddDays(1), new byte[1]))
using (X509Certificate2 certWithPrivateKey = cert.CopyWithPrivateKey(dsaCng))
using (DSA dsa = certWithPrivateKey.GetDSAPrivateKey())
{
signature = dsa.SignData(Array.Empty <byte>(), hashAlgorithm);
Assert.True(dsaCng.VerifyData(Array.Empty <byte>(), signature, hashAlgorithm));
}
}
// Some certs have disposed, did they delete the key?
using (CngKey stillPersistedKey = CngKey.Open(KeyName, CngProvider.MicrosoftSoftwareKeyStorageProvider))
using (DSACng dsaCng = new DSACng(stillPersistedKey))
{
dsaCng.SignData(Array.Empty <byte>(), hashAlgorithm);
}
}
finally
{
cngKey?.Delete();
}
}
