public static void ThirdPartyProvider_DSA() { using (DSA dsaOther = new DSAOther()) { dsaOther.ImportParameters(TestData.GetDSA1024Params()); X509SignatureGenerator dsaGen = new DSAX509SignatureGenerator(dsaOther); // macOS DSA is limited to FIPS 186-3. HashAlgorithmName hashAlgorithm = HashAlgorithmName.SHA1; CertificateRequest request = new CertificateRequest( new X500DistinguishedName($"CN={nameof(ThirdPartyProvider_DSA)}"), dsaGen.PublicKey, hashAlgorithm); byte[] signature; byte[] data = request.SubjectName.RawData; DateTimeOffset now = DateTimeOffset.UtcNow; using (X509Certificate2 cert = request.Create(request.SubjectName, dsaGen, now, now.AddDays(1), new byte[1])) using (X509Certificate2 certWithPrivateKey = cert.CopyWithPrivateKey(dsaOther)) using (DSA dsa = certWithPrivateKey.GetDSAPrivateKey()) { signature = dsa.SignData(data, hashAlgorithm); } Assert.True(dsaOther.VerifyData(data, signature, hashAlgorithm)); } }
public static void AssociatePersistedKey_CAPIviaCNG_DSA(int provType) { const string KeyName = nameof(AssociatePersistedKey_CAPIviaCNG_DSA); CspParameters cspParameters = new CspParameters(provType) { KeyContainerName = KeyName, Flags = CspProviderFlags.UseNonExportableKey, }; using (DSACryptoServiceProvider dsaCsp = new DSACryptoServiceProvider(cspParameters)) { dsaCsp.PersistKeyInCsp = false; X509SignatureGenerator dsaGen = new DSAX509SignatureGenerator(dsaCsp); // Use SHA-1 because that's all DSACryptoServiceProvider understands. HashAlgorithmName hashAlgorithm = HashAlgorithmName.SHA1; byte[] signature; CertificateRequest request = new CertificateRequest( new X500DistinguishedName($"CN={KeyName}-{provType}"), dsaGen.PublicKey, hashAlgorithm); DateTimeOffset now = DateTimeOffset.UtcNow; using (X509Certificate2 cert = request.Create(request.SubjectName, dsaGen, now, now.AddDays(1), new byte[1])) using (X509Certificate2 certWithPrivateKey = cert.CopyWithPrivateKey(dsaCsp)) using (DSA dsa = certWithPrivateKey.GetDSAPrivateKey()) { // `dsa` will be an DSACng wrapping the CAPI key Assert.IsAssignableFrom <DSACng>(dsa); request = new CertificateRequest( new X500DistinguishedName($"CN={KeyName}-{provType}-again"), dsaGen.PublicKey, hashAlgorithm); using (X509Certificate2 cert2 = request.Create(request.SubjectName, dsaGen, now, now.AddDays(1), new byte[1])) using (X509Certificate2 cert2WithPrivateKey = cert2.CopyWithPrivateKey(dsa)) using (DSA dsa2 = cert2WithPrivateKey.GetDSAPrivateKey()) { signature = dsa2.SignData(Array.Empty <byte>(), hashAlgorithm); Assert.True(dsaCsp.VerifyData(Array.Empty <byte>(), signature, hashAlgorithm)); } } // Some certs have disposed, did they delete the key? cspParameters.Flags = CspProviderFlags.UseExistingKey; using (var stillPersistedKey = new DSACryptoServiceProvider(cspParameters)) { stillPersistedKey.SignData(Array.Empty <byte>(), hashAlgorithm); } } }
public static void AssociatePersistedKey_CNG_DSA() { const string KeyName = nameof(AssociatePersistedKey_CNG_DSA); CngKey cngKey = null; HashAlgorithmName hashAlgorithm = HashAlgorithmName.SHA256; byte[] signature; try { CngKeyCreationParameters creationParameters = new CngKeyCreationParameters() { ExportPolicy = CngExportPolicies.None, Provider = CngProvider.MicrosoftSoftwareKeyStorageProvider, KeyCreationOptions = CngKeyCreationOptions.OverwriteExistingKey, Parameters = { new CngProperty("Length", BitConverter.GetBytes(1024), CngPropertyOptions.None), } }; cngKey = CngKey.Create(new CngAlgorithm("DSA"), KeyName, creationParameters); using (DSACng dsaCng = new DSACng(cngKey)) { X509SignatureGenerator dsaGen = new DSAX509SignatureGenerator(dsaCng); CertificateRequest request = new CertificateRequest( new X500DistinguishedName($"CN={KeyName}"), dsaGen.PublicKey, HashAlgorithmName.SHA256); DateTimeOffset now = DateTimeOffset.UtcNow; using (X509Certificate2 cert = request.Create(request.SubjectName, dsaGen, now, now.AddDays(1), new byte[1])) using (X509Certificate2 certWithPrivateKey = cert.CopyWithPrivateKey(dsaCng)) using (DSA dsa = certWithPrivateKey.GetDSAPrivateKey()) { signature = dsa.SignData(Array.Empty <byte>(), hashAlgorithm); Assert.True(dsaCng.VerifyData(Array.Empty <byte>(), signature, hashAlgorithm)); } } // Some certs have disposed, did they delete the key? using (CngKey stillPersistedKey = CngKey.Open(KeyName, CngProvider.MicrosoftSoftwareKeyStorageProvider)) using (DSACng dsaCng = new DSACng(stillPersistedKey)) { dsaCng.SignData(Array.Empty <byte>(), hashAlgorithm); } } finally { cngKey?.Delete(); } }