/// <summary> /// /// </summary> /// <param name="message"> a message/text to be digitally signed </param> /// <param name="hashAlgorithm"> an arbitrary hash algorithm </param> /// <param name="certificate"> certificate of a user who creates a signature </param> /// <returns> byte array representing a digital signature for the given message </returns> public static byte[] Create(string message, HashAlgorithm hashAlgorithm, X509Certificate2 certificate) { RSACryptoServiceProvider csp = null; /// Looks for the certificate's private key to sign a message csp = (RSACryptoServiceProvider)certificate.PrivateKey; if (csp == null) { throw new Exception("Valid certificate was not found"); } UnicodeEncoding encoding = new UnicodeEncoding(); byte[] data = encoding.GetBytes(message); byte[] hash = null; if (hashAlgorithm.Equals(HashAlgorithm.SHA1)) { SHA1Managed sha1 = new SHA1Managed(); hash = sha1.ComputeHash(data); } else if (hashAlgorithm.Equals(HashAlgorithm.SHA256)) { SHA256Managed sha1 = new SHA256Managed(); hash = sha1.ComputeHash(data); } /// Use RSACryptoServiceProvider support to create a signature using a previously created hash value byte[] signature = csp.SignHash(hash, CryptoConfig.MapNameToOID(hashAlgorithm.ToString())); return(signature); }
/// <summary> /// Checks the conditions to throw a <see cref="InsecureOperationException"/>. /// </summary> /// <exception cref="InsecureOperationException"></exception> /// <remarks> /// Salt size should be at least 8 Bytes, and the Hash size not greater than the output of the used HMAC. /// Hash size should not be smaller than the Salt size and the minimum hash iterations of 10 000 should not get undercutted. /// Also MD5 should never be used as the HMAC. /// </remarks> private void CheckConditions() { string message = null; if (HashAlgorithm.Equals(HashAlgorithmName.MD5)) { message = InsecureMessages.INSECURE_HMAC(HashAlgorithm.Name); } if (SaltSize < 8) { message = InsecureMessages.SALT_TO_SHORT; } if (HashSize > GetHmacSize()) { message = InsecureMessages.HASH_SIZE_TO_BIG; } if (HashSize < SaltSize) { message = InsecureMessages.HASH_SIZE_TO_SMALL; } if (HashIterations < 10000) { message = InsecureMessages.NOT_ENOUGH_ITERATIONS; } if (message != null) { throw new InsecureOperationException(message); } }
internal bool EqualsParameters(DnsResourceDataNextDomainSecure3Base other) { return(other != null && HashAlgorithm.Equals(other.HashAlgorithm) && Flags.Equals(other.Flags) && Iterations.Equals(other.Iterations) && Salt.Equals(other.Salt)); }
protected override void ProcessRecord() { HttpSigningConfiguration httpConfig = new HttpSigningConfiguration() { KeyId = this.ApiKeyId, KeyFilePath = this.ApiKeyFilePath, HttpSigningHeader = this.HttpSigningHeader }; if (this.HttpSigningHeader.Contains("(expires)")) { if (SignatureValidityPeriod <= 0) { throw new Exception("SignatureValidityPeriod must be greater than 0 seconds."); } else { httpConfig.SignatureValidityPeriod = SignatureValidityPeriod; } } if (HashAlgorithm.Equals("sha256")) { httpConfig.HashAlgorithm = HashAlgorithmName.SHA256; } else if (HashAlgorithm.Equals("sha512")) { httpConfig.HashAlgorithm = HashAlgorithmName.SHA512; } if (!string.IsNullOrEmpty(ApiKeyPassPhrase)) { var secStr = new SecureString(); foreach (char ch in ApiKeyPassPhrase) { secStr.AppendChar(ch); } httpConfig.KeyPassPhrase = secStr; } Configuration config = new Configuration() { BasePath = BasePath, HttpSigningConfiguration = httpConfig }; CmdletBase.Config = config; if (Proxy != null) { config.Proxy = this.Proxy; } if (SkipCertificateCheck.IsPresent) { System.Net.ServicePointManager.ServerCertificateValidationCallback = delegate { return(true); }; } }
public static Boolean VerifyRaw(byte[] data, HashAlgorithm hashAlgorithm, byte[] signature, string publicKey) { hashAlgorithm = hashAlgorithm.Equals(HashAlgorithm.Md5) ? HashAlgorithm.Sha1 : hashAlgorithm; using (RSACryptoServiceProvider csp = new RSACryptoServiceProvider()) { ParsePublicKey(csp, publicKey); return(csp.VerifyData(data, hashAlgorithm.ToString(), signature)); } }
public static byte[] SignRaw(byte[] data, HashAlgorithm hashAlgorithm, string privateKey) { hashAlgorithm = hashAlgorithm.Equals(HashAlgorithm.Md5) ? HashAlgorithm.Sha1 : hashAlgorithm; using (RSACryptoServiceProvider csp = new RSACryptoServiceProvider()) { ParsePrivateKey(csp, privateKey); return(csp.SignData(data, hashAlgorithm.ToString())); } }
/// <inheritdoc cref="IEquatable{T}.Equals(T)"/> public bool Equals(Block <T>?other) { if (other is null) { return(false); } return(ReferenceEquals(this, other) || (Hash.Equals(other.Hash) && HashAlgorithm.Equals(other.HashAlgorithm))); }
public static bool Verify(string message, HashAlgorithm hashAlgorithm, byte[] signature, X509Certificate2 certificate) { /// Looks for the certificate's public key to verify a message RSACryptoServiceProvider csp = (RSACryptoServiceProvider)certificate.PublicKey.Key; UnicodeEncoding encoding = new UnicodeEncoding(); byte[] data = encoding.GetBytes(message); byte[] hash = null; if (hashAlgorithm.Equals(HashAlgorithm.SHA1)) { SHA1Managed sha1 = new SHA1Managed(); hash = sha1.ComputeHash(data); } else if (hashAlgorithm.Equals(HashAlgorithm.SHA256)) { SHA256Managed sha1 = new SHA256Managed(); hash = sha1.ComputeHash(data); } /// Use RSACryptoServiceProvider support to compare two - hash value from signature and newly created hash value return(csp.VerifyHash(hash, CryptoConfig.MapNameToOID(hashAlgorithm.ToString()), signature)); }
/// <summary> /// Returns the output size of the used <see cref="HashAlgorithm"/> in bytes. /// </summary> /// <returns></returns> private int GetHmacSize() { if (HashAlgorithm.Equals(HashAlgorithmName.SHA1)) { return(20); } if (HashAlgorithm.Equals(HashAlgorithmName.SHA256)) { return(32); } if (HashAlgorithm.Equals(HashAlgorithmName.SHA384)) { return(48); } if (HashAlgorithm.Equals(HashAlgorithmName.SHA512)) { return(64); } return(0); }