protected override bool Sign( ReadOnlySpan <byte> dataHash, HashAlgorithmName hashAlgorithmName, X509Certificate2 certificate, bool silent, out Oid signatureAlgorithm, out byte[] signatureValue) { // If there's no private key, fall back to the public key for a "no private key" exception. DSA dsa = PkcsPal.Instance.GetPrivateKeyForSigning <DSA>(certificate, silent) ?? certificate.GetDSAPublicKey(); if (dsa == null) { signatureAlgorithm = null; signatureValue = null; return(false); } string oidValue = hashAlgorithmName == HashAlgorithmName.SHA1 ? Oids.DsaWithSha1 : hashAlgorithmName == HashAlgorithmName.SHA256 ? Oids.DsaWithSha256 : hashAlgorithmName == HashAlgorithmName.SHA384 ? Oids.DsaWithSha384 : hashAlgorithmName == HashAlgorithmName.SHA512 ? Oids.DsaWithSha512 : null; if (oidValue == null) { signatureAlgorithm = null; signatureValue = null; return(false); } signatureAlgorithm = new Oid(oidValue, oidValue); ArrayPool <byte> pool = ArrayPool <byte> .Shared; // The Q size cannot be bigger than the KeySize. byte[] rented = pool.Rent(dsa.KeySize / 8); int bytesWritten = 0; try { if (dsa.TryCreateSignature(dataHash, rented, out bytesWritten)) { signatureValue = DsaIeeeToDer(new ReadOnlySpan <byte>(rented, 0, bytesWritten)); return(true); } } finally { Array.Clear(rented, 0, bytesWritten); pool.Return(rented); } signatureValue = null; return(false); }