public void VerifyExtendedSignatureUsingPublicationsFile() { KSI.Ksi ksi = GetKsi(); // Read the existing signature, assume it is extended IKsiSignature signature = LoadExtendedSignature(); // We need to compute the hash from the original data, to make sure it // matches the one in the signature and has not been changed // Use the same algorithm as the input hash in the signature IDataHasher dataHasher = new DataHasher(signature.GetAggregationHashChains()[0].InputHash.Algorithm); dataHasher.AddData(File.ReadAllBytes("Resources/infile.txt")); // Do the verification and check the result VerificationPolicy policy = new PublicationBasedVerificationPolicy(); VerificationContext context = new VerificationContext(signature) { DocumentHash = dataHasher.GetHash(), PublicationsFile = ksi.GetPublicationsFile(), }; VerificationResult verificationResult = policy.Verify(context); if (verificationResult.ResultCode == VerificationResultCode.Ok) { Console.WriteLine("VerifyExtendedSignatureUsingPublicationsFile > signature valid"); } else { Console.WriteLine("VerifyExtendedSignatureUsingPublicationsFile > verification failed with error > " + verificationResult.VerificationError); } }
public void VerifyExtendedSignatureUsingDefaultPolicy() { // Create simple wrapper. KSI.Ksi ksi = GetKsi(); // Read the existing signature, assume it is extended IKsiSignature signature = LoadExtendedSignature(); DataHash documentHash = KsiProvider.CreateDataHasher(signature.InputHash.Algorithm) .AddData(File.ReadAllBytes("Resources/infile.txt")) .GetHash(); // Do the verification and check the result. // The signature is verified against given document hash and publications file (publications file is automatically downloaded by simple wrapper). VerificationResult verificationResult = ksi.Verify(signature, documentHash); if (verificationResult.ResultCode == VerificationResultCode.Ok) { Console.WriteLine("VerifyExtendedSignatureUsingDefaultPolicy > signature valid"); } else { Console.WriteLine("VerifyExtendedSignatureUsingDefaultPolicy > verification failed with error > " + verificationResult.VerificationError); } }
public void VerifyKeyBased() { KSI.Ksi ksi = GetKsi(); // Read signature, assume to be not extended IKsiSignature signature = LoadUnextendedSignature(); IDataHasher dataHasher = new DataHasher(signature.GetAggregationHashChains()[0].InputHash.Algorithm); dataHasher.AddData(File.ReadAllBytes("Resources/infile.txt")); VerificationPolicy policy = new KeyBasedVerificationPolicy(new X509Store(StoreName.Root), GetCertificateSubjectRdnSelector()); VerificationContext context = new VerificationContext(signature) { DocumentHash = dataHasher.GetHash(), PublicationsFile = ksi.GetPublicationsFile(), }; VerificationResult verificationResult = policy.Verify(context); if (verificationResult.ResultCode == VerificationResultCode.Ok) { Console.WriteLine("VerifyKeyBased > signature valid"); } else { Console.WriteLine("VerifyKeyBased > signature verification failed with error > " + verificationResult.VerificationError); } }
public void SignHashDirectly() { KSI.Ksi ksi = GetKsi(); // Compute the hash first, use the input stream to provide the data to save memory for // hashing very large documents // In this example we simply use an input stream from an array of bytes but in practice it // could be file input stream from a very large file (several GB) IDataHasher dataHasher = KsiProvider.CreateDataHasher(); using (MemoryStream stream = new MemoryStream()) { byte[] data = Encoding.UTF8.GetBytes("Imagine this is a large file"); stream.Write(data, 0, data.Length); stream.Seek(0, SeekOrigin.Begin); dataHasher.AddData(stream); } // Provide the signing method with the computed hash instead of document itself IKsiSignature signature = ksi.Sign(dataHasher.GetHash()); // Persist signature to file //using (FileStream stream = File.OpenRead("sample-file-for-signing.txt.ksig")) //{ // signature.WriteTo(stream); //} }
public void VerifyExtendedSignatureUsingPublicationsFile() { KSI.Ksi ksi = GetKsi(); // Read the existing signature, assume it is extended IKsiSignature signature = LoadExtendedSignature(); DataHash documentHash = KsiProvider.CreateDataHasher(signature.InputHash.Algorithm) .AddData(File.ReadAllBytes("Resources/infile.txt")) .GetHash(); // Do the verification and check the result VerificationPolicy policy = new PublicationBasedVerificationPolicy(); VerificationContext context = new VerificationContext(signature) { DocumentHash = documentHash, PublicationsFile = ksi.GetPublicationsFile(), }; VerificationResult verificationResult = policy.Verify(context); if (verificationResult.ResultCode == VerificationResultCode.Ok) { Console.WriteLine("VerifyExtendedSignatureUsingPublicationsFile > signature valid"); } else { Console.WriteLine("VerifyExtendedSignatureUsingPublicationsFile > verification failed with error > " + verificationResult.VerificationError); } }
public void VerifyUnextendedSignatureUsingDefaultPolicy() { // Create simple wrapper. KSI.Ksi ksi = GetKsi(); // Read signature, assume to be not extended IKsiSignature signature = LoadUnextendedSignature(); // We need to compute the hash from the original data, to make sure it // matches the one in the signature and has not been changed // Use the same algorithm as the input hash in the signature DataHash documentHash = KsiProvider.CreateDataHasher(signature.InputHash.Algorithm) .AddData(File.ReadAllBytes("Resources/infile.txt")) .GetHash(); // Do the verification and check the result. // At first KSI signature is verified against given document hash. // Then the signature is extended. If extending succeeds then the signature is verified // against publications file (publications file is automatically downloaded by simple wrapper). // If extending is not yet possible then key based verification is done. VerificationResult verificationResult = ksi.Verify(signature, documentHash); if (verificationResult.ResultCode == VerificationResultCode.Ok) { Console.WriteLine("VerifyUnextendedSignatureUsingDefaultPolicy > signature valid"); } else { Console.WriteLine("VerifyUnextendedSignatureUsingDefaultPolicy > verification failed with error > " + verificationResult.VerificationError); } }
public void ExtendToClosestPublication() { KSI.Ksi ksi = GetKsi(); // Read an existing signature from file, assume it to be not extended IKsiSignature signature = LoadUnextendedSignature(); // Extends the signature to the closest publication found in the publications file // Assumes signature is not extended and at least one publication after // the signature obtained IKsiSignature extendedSignature = ksi.Extend(signature); // Double check if signature was extended if (extendedSignature.IsExtended) { Console.WriteLine("ExtendToClosestPublication > extended to publication > " + Util.ConvertUnixTimeToDateTime(extendedSignature.PublicationRecord.PublicationData.PublicationTime)); } else { Console.WriteLine("ExtendToClosestPublication > signature not extended"); } // Store the extended signature //using (FileStream stream = File.Create("sample-file-for-signing.txt.extended.ksig")) //{ // extendedSignature.WriteTo(stream); //} }
public void ExtendToGivenPublicationDate() { KSI.Ksi ksi = GetKsi(); IKsiSignature signature = LoadUnextendedSignature(); PublicationRecordInPublicationFile publicationRecord = ksi.GetPublicationsFile().GetNearestPublicationRecord(new DateTime(2016, 2, 15)); if (publicationRecord == null) { Console.WriteLine("ExtendToGivenPublicationDate > no suitable publication yet. signature not extended"); return; } Console.WriteLine("ExtendToGivenPublicationDate > trying to extend signature to publication > " + Util.ConvertUnixTimeToDateTime(publicationRecord.PublicationData.PublicationTime)); IKsiSignature extendedSignature = ksi.Extend(signature, publicationRecord); if (extendedSignature.IsExtended) { Console.WriteLine("ExtendToGivenPublicationDate > signature extended to publication > " + Util.ConvertUnixTimeToDateTime(extendedSignature.PublicationRecord.PublicationData.PublicationTime)); // Store the extended signature // ... } else { Console.WriteLine("ExtendToGivenPublicationDate > signature not extended"); } }
public void PrintPublicationInfo() { KSI.Ksi ksi = GetKsi(); PublicationRecord publicationRecord = ksi.GetPublicationsFile().GetNearestPublicationRecord(new DateTime(2016, 2, 1)); foreach (string s in publicationRecord.PublicationReferences) { Console.WriteLine("PrintPublicationInfo > publication reference > " + s); } }
public void SignSampleByteArray() { KSI.Ksi ksi = GetKsi(); // Whenever signing text data, make sure you control and know what the character set // (encoding) was otherwise you may have trouble in the verification later. byte[] document = Encoding.UTF8.GetBytes("This is my document"); // Sign it, the hash of the document is computed implicitly by the sign method IKsiSignature signature = ksi.Sign(document); // Persist signature to file //using (FileStream stream = File.OpenRead("sample-file-for-signing.txt.ksig")) //{ // signature.WriteTo(stream); //} }
static KsiSamples() { // The end point URL of the Aggregation service, needed for signing, e.g. http://host.net:8080/gt-signingservice. string signingServiceUrl = Settings.Default.HttpSigningServiceUrl; // The end point URL of the Extender service, needed for extending signature, e.g. *http://host.net:8081/gt-extendingservice string extendingServiceUrl = Settings.Default.HttpExtendingServiceUrl; // The publications file URL, needed for signature verification, e.g. http://verify.guardtime.com/ksi-publications.bin string publicationsFileUrl = Settings.Default.HttpPublicationsFileUrl; // The credentials to access the KSI signing service ServiceCredentials signingServiceCredentials = new ServiceCredentials(Settings.Default.HttpSigningServiceUser, Settings.Default.HttpSigningServicePass); // The credentials to access the KSI extending service ServiceCredentials extendingServiceCredentials = new ServiceCredentials(Settings.Default.HttpExtendingServiceUser, Settings.Default.HttpExtendingServicePass); HttpKsiServiceProtocol ksiServiceProtocol = new HttpKsiServiceProtocol(signingServiceUrl, extendingServiceUrl, publicationsFileUrl); // Certificate selector, used to filter which certificates are trusted when verifying the RSA signature. // We only trust certificates, that have issued to the particular e-mail address CertificateSubjectRdnSelector = new CertificateSubjectRdnSelector("[email protected]"); // This is the KSI context which holds the references to the Aggregation service, Extender // service and other configuration data to perform the various operations. KsiService = new KsiService( ksiServiceProtocol, signingServiceCredentials, ksiServiceProtocol, extendingServiceCredentials, ksiServiceProtocol, new PublicationsFileFactory(new PkiTrustStoreProvider(new X509Store(StoreName.Root), CertificateSubjectRdnSelector))); Ksi = new KSI.Ksi(GetKsiService()); // Set crypto provider to be used. Currently MicrosoftCryptoProvider and BouncyCastleCryptoProvider are available. KsiProvider.SetCryptoProvider(new MicrosoftCryptoProvider()); }
public void ExtendToLatestPublication() { KSI.Ksi ksi = GetKsi(); IKsiSignature signature = LoadUnextendedSignature(); PublicationRecordInPublicationFile latestPublicationRecord = ksi.GetPublicationsFile().GetLatestPublication(); if (!signature.IsExtended || signature.PublicationRecord.PublicationData.PublicationTime < latestPublicationRecord.PublicationData.PublicationTime) { IKsiSignature extendedSignature = ksi.Extend(signature, latestPublicationRecord); if (extendedSignature.IsExtended) { Console.WriteLine("ExtendToLatestPublication > signature extended to publication > " + Util.ConvertUnixTimeToDateTime(extendedSignature.PublicationRecord.PublicationData.PublicationTime)); // Store the extended signature // ... } } }
public void ExtendToGivenPublicationCode() { KSI.Ksi ksi = GetKsi(); IKsiSignature signature = LoadUnextendedSignature(); PublicationData publicationData = new PublicationData("AAAAAA-CWYEKQ-AAIYPA-UJ4GRT-HXMFBE-OTB4AB-XH3PT3-KNIKGV-PYCJXU-HL2TN4-RG6SCC-3ZGSBM"); IKsiSignature extendedSignature = ksi.Extend(signature, publicationData); if (extendedSignature.IsExtended) { Console.WriteLine("ExtendToGivenPublicationCode > signature extended to publication > " + Util.ConvertUnixTimeToDateTime(extendedSignature.PublicationRecord.PublicationData.PublicationTime)); // Store the extended signature // ... } else { Console.WriteLine("ExtendToGivenPublicationCode > signature not extended"); } }
public void CreateAndSignSampleFile() { KSI.Ksi ksi = GetKsi(); // Let's create a file to be singed string inputFileName = "sample-file-for-signing.txt"; File.WriteAllText(inputFileName, "Sample file, generated for signing!"); IKsiSignature signature; using (FileStream stream = File.OpenRead(inputFileName)) { // Sign it, the hash of the document is computed implicitly by the sign method signature = ksi.Sign(stream); } // Persist signature to file using (FileStream stream = File.Create("sample-file-for-signing.txt.ksig")) { signature.WriteTo(stream); } }