private static async Task SignAndVerify() { // TODO: Test what happens if I disable a key - can I still verify with it? try { // Create a *digest* that we can then sign var digest = GetSHA512Digest(inputText); // This will use the latest key version // Note that the type of digest (SHA512 here) determines which type of signature algo to use! var signatureResult = await keyVaultClient.SignAsync($"{keyVaultUrl}keys/{keyName}", JsonWebKeySignatureAlgorithm.RS512, digest); // In the real world, we'd combine these with the data and potentially store all of it together var signingKey = signatureResult.Kid; var signature = signatureResult.Result; var signingAlgorithm = JsonWebKeySignatureAlgorithm.RS512; // Now to verify the text var newDigest = GetSHA512Digest(inputText + "a"); var verifyResult = await keyVaultClient.VerifyAsync(signingKey, signingAlgorithm, newDigest, signature); if (!verifyResult) { throw new Exception("Failed to verify the data"); } } catch (Exception e) { throw; } }
private async Task <bool> CheckSignedInfo() { SignatureDescription signatureDescription = CryptoConfig.CreateFromName(SignedInfo.SignatureMethod) as SignatureDescription; if (signatureDescription == null) { throw new CryptographicException("Cryptography_Xml_SignatureDescriptionNotCreated"); } HashAlgorithm hashAlgorithm = signatureDescription.CreateDigest(); if (hashAlgorithm == null) { throw new CryptographicException("Cryptography_Xml_CreateHashAlgorithmFailed"); } //byte[] hashval = GetC14NDigest(hashAlgorithm); var methodInfo2 = typeof(SignedXml).GetMethod("GetC14NDigest", BindingFlags.Instance | BindingFlags.NonPublic); var hashvalue = (byte[])methodInfo2.Invoke(this, new object[] { hashAlgorithm }); var result = await keyClient.VerifyAsync(keyvaultUri, keyIdentifier, keyVersion, Microsoft.Azure.KeyVault.WebKey.JsonWebKeySignatureAlgorithm.RS256, hashvalue, m_signature.SignatureValue); return((bool)result.Value); }
/// <summary> /// Signs a hash and then verifies the signature /// </summary> /// <param name="keyId"> a global key identifier of the key to get </param> private static void SignVerify(KeyBundle key) { KeyOperationResult signature; var algorithm = inputValidator.GetSignAlgorithm(); var digest = inputValidator.GetDigestHash(); string keyVersion = inputValidator.GetKeyVersion(); if (keyVersion != string.Empty) { var vaultAddress = inputValidator.GetVaultAddress(); string keyName = inputValidator.GetKeyName(true); signature = keyVaultClient.SignAsync(vaultAddress, keyName, keyVersion, algorithm, digest).GetAwaiter().GetResult(); } else { // If the key is not initialized get the key id from args var keyId = (key != null) ? key.Key.Kid : inputValidator.GetKeyId(); // Create a signature signature = keyVaultClient.SignAsync(keyId, algorithm, digest).GetAwaiter().GetResult(); } Console.Out.WriteLine(string.Format("The signature is created using key id {0} and algorithm {1} ", signature.Kid, algorithm)); // Verify the signature bool isVerified = keyVaultClient.VerifyAsync(signature.Kid, algorithm, digest, signature.Result).GetAwaiter().GetResult(); Console.Out.WriteLine(string.Format("The signature is {0} verified!", isVerified ? "" : "not ")); }
/// <summary> /// Creates a signature and verifies it /// </summary> /// <param name="keyIdentifier"> key identifier </param> /// <param name="algorithm"> sign algorithm </param> /// <param name="digest"> digest hash </param> private void SignVerify(KeyVaultClient client, KeyIdentifier keyIdentifier, string algorithm, byte[] digest) { var signResult = client.SignAsync(keyIdentifier.BaseIdentifier, algorithm, digest).GetAwaiter().GetResult(); var verifyResult = client.VerifyAsync(signResult.Kid, algorithm, digest, signResult.Result).GetAwaiter().GetResult(); Assert.True(verifyResult, "Signature was not verified"); }
public async Task <bool> Verify(string keyName, string keyVersion, string algorithm, byte[] digest, byte[] signature, CancellationToken cancellationToken) { var sign = await _keyVaultClient.VerifyAsync(_baseUrl, keyName, keyVersion, algorithm, digest, signature, cancellationToken); return(sign.Value != null && sign.Value.Value); }
public override bool Verify(byte[] input, byte[] signature) { // TODO: If the public key is available offline (cached in memory?) verify this offline to save money and perform this operation faster var digest = _hashAlgorithm.ComputeHash(input); return(_keyVaultClient.VerifyAsync(_keyIdentifier, _algorithm, digest, signature).Result); }
private static async Task <string> GetKeys(KeyVaultClient keyVaultClient) { var keyIdentifier = "keyIdentifier"; var textToEncrypt = "This is a test message"; var byteData = Encoding.Unicode.GetBytes(textToEncrypt); var hasher = new SHA256CryptoServiceProvider(); var digest = hasher.ComputeHash(byteData); var signedResult = await keyVaultClient.SignAsync( keyIdentifier, JsonWebKeySignatureAlgorithm.RS256, digest); var isVerified = await keyVaultClient.VerifyAsync(keyIdentifier, "RS256", digest, signedResult.Result); var keyResult = await keyVaultClient.GetKeyAsync(keyIdentifier); var jsonWebKey = keyResult.Key.ToString(); var key = JsonConvert.DeserializeObject <JsonWebKey>(jsonWebKey); var rsa = new RSACryptoServiceProvider(); var p = new RSAParameters() { Modulus = key.N, Exponent = key.E }; rsa.ImportParameters(p); isVerified = rsa.VerifyHash(digest, "Sha256", signedResult.Result); return(null); }
private static async Task MainAsync(string[] args) { Console.WriteLine("Application started..."); const string clientId = "{appId}"; const string clientSecret = "{appSecret}"; const string keyIdentifier = "{keyIdentifier}"; Console.WriteLine("Configuration built..."); var kv = new KeyVaultClient(async(authority, resource, scope) => { var authContext = new AuthenticationContext(authority); var clientCred = new ClientCredential(clientId, clientSecret); var result = await authContext.AcquireTokenAsync(resource, clientCred); return(result.AccessToken); }); Console.WriteLine("KeyVaultClient created..."); const string data = "digest"; var byteData = Encoding.UTF8.GetBytes(data); var hasher = new SHA256CryptoServiceProvider(); var digest = hasher.ComputeHash(byteData); var signResult = await kv.SignAsync( keyIdentifier : keyIdentifier, algorithm : JsonWebKeySignatureAlgorithm.RS256, digest : digest ); Console.WriteLine("Data signed..."); var signature = Convert.ToBase64String(signResult.Result); var verifyResult = await kv.VerifyAsync( keyIdentifier : keyIdentifier, algorithm : JsonWebKeySignatureAlgorithm.RS256, digest : digest, signature : Convert.FromBase64String(signature) ); Console.WriteLine("Data verified..."); Console.ReadKey(); }
public static async Task <bool> VerifyAsync(string keyId, Byte[] plainText, byte[] signature) { bool result = false; KeyVaultClient keyVaultClient = GetClient(); var appId = $"{_keyVaultURL}{keyId}"; //Hash the data and send the digest to SignAsync byte[] digestBytes = SHA256.Create().ComputeHash(plainText); try { result = await keyVaultClient.VerifyAsync(appId, JsonWebKeySignatureAlgorithm.RS256, digestBytes, signature); } catch (Exception ex) { Console.WriteLine("Errors: {0}", ex.Message); } return(result); }
/// <summary> /// Verifies a signature using the specified key. /// </summary> /// <param name="verifyKey">The verification key</param> /// <param name="algorithm">The signing algorithm. For more information on possible algorithm types, see JsonWebKeyEncryptionAlgorithm.</param> /// <param name="digest">The digest hash value</param> /// <param name="signature">The signature to verify</param> /// <returns>true if verification succeeds, false if verification fails</returns> public static async Task <bool> VerifyAsync(this KeyVaultClient client, JsonWebKey verifyKey, string algorithm, byte[] digest, byte[] signature) { if (verifyKey == null) { throw new ArgumentNullException("verifyKey"); } if (digest == null) { throw new ArgumentNullException("digest"); } if (signature == null) { throw new ArgumentNullException("signature"); } return(await client.VerifyAsync(verifyKey.Kid, algorithm, digest, signature).ConfigureAwait(false)); }
private static void SignVerify(KeyBundle key, string algorithm, string textToSign, string keyVersion, string keyName, string keyVaultAddress) { KeyOperationResult signature; var bytes = Encoding.ASCII.GetBytes(textToSign); var hasher = new SHA256CryptoServiceProvider(); var digest = hasher.ComputeHash(bytes); signature = Task.Run(() => keyVaultClient.SignAsync(keyVaultAddress, keyName, keyVersion, algorithm, digest)).ConfigureAwait(false).GetAwaiter().GetResult(); Console.Out.WriteLine(string.Format( "The signature is created using key id {0} and algorithm {1} \n\t\n\t SIGNATURE: {2} ", signature.Kid, algorithm, Convert.ToBase64String(signature.Result))); // Verify the signature bool isVerified = Task.Run(() => keyVaultClient.VerifyAsync(signature.Kid, algorithm, digest, signature.Result)).ConfigureAwait(false).GetAwaiter().GetResult(); Console.Out.WriteLine(string.Format("The signature is {0} verified!", isVerified ? "" : "not ")); }
private static async Task<string> GetKeys(KeyVaultClient keyVaultClient) { var keyIdentifier = "keyIdentifier"; var textToEncrypt = "This is a test message"; var byteData = Encoding.Unicode.GetBytes(textToEncrypt); var hasher = new SHA256CryptoServiceProvider(); var digest = hasher.ComputeHash(byteData); var signedResult = await keyVaultClient.SignAsync( keyIdentifier, JsonWebKeySignatureAlgorithm.RS256, digest); var isVerified = await keyVaultClient.VerifyAsync(keyIdentifier, "RS256", digest, signedResult.Result); var keyResult = await keyVaultClient.GetKeyAsync(keyIdentifier); var jsonWebKey = keyResult.Key.ToString(); var key = JsonConvert.DeserializeObject<JsonWebKey>(jsonWebKey); var rsa = new RSACryptoServiceProvider(); var p = new RSAParameters() { Modulus = key.N, Exponent = key.E }; rsa.ImportParameters(p); isVerified = rsa.VerifyHash(digest, "Sha256", signedResult.Result); return null; }
public async Task <bool> Verify(string keyId, byte[] hash, byte[] signature) { var result = await KeyVaultClient.VerifyAsync(keyId, "RS256", hash, signature); return(result); }
public async Task <bool> VerifyAsync(string algorithm, byte[] digest, byte[] signature) { return(await _keyVaultClient.VerifyAsync(_keyVaultOptions.KeyIdentifier, algorithm, digest, signature)); }
/// <summary> /// Verifies a signature using the specified key. /// </summary> /// <param name="verifyKey">The verification key</param> /// <param name="algorithm">The signing algorithm. For more information on possible algorithm types, see JsonWebKeyEncryptionAlgorithm.</param> /// <param name="digest">The digest hash value</param> /// <param name="signature">The signature to verify</param> /// <returns>True if verification succeeds, false if verification fails</returns> public static async Task <bool> VerifyAsync(this KeyVaultClient client, KeyBundle verifyKey, string algorithm, byte[] digest, byte[] signature) { return(await client.VerifyAsync(verifyKey.Key, algorithm, digest, signature).ConfigureAwait(false)); }