public override byte[] SignHash(byte[] hash) { CheckDisposed(); ValidateKeyDigestCombination(KeySize, hash.Length); // We know from ValidateKeyDigestCombination that the key size and hash size are matched up // according to RFC 7518 Sect. 3.1. if (KeySize == 256) { return(context.SignDigest(hash, HashAlgorithmName.SHA256, KeyVaultSignatureAlgorithm.ECDsa)); } if (KeySize == 384) { return(context.SignDigest(hash, HashAlgorithmName.SHA384, KeyVaultSignatureAlgorithm.ECDsa)); } if (KeySize == 521) //ES512 uses nistP521 { return(context.SignDigest(hash, HashAlgorithmName.SHA512, KeyVaultSignatureAlgorithm.ECDsa)); } throw new ArgumentException("Digest length is not valid for the key size.", nameof(hash)); }
/// <inheritdoc/> public override byte[] SignHash(byte[] hash, HashAlgorithmName hashAlgorithm, RSASignaturePadding padding) { CheckDisposed(); // Key Vault only supports PKCSv1 padding if (padding.Mode != RSASignaturePaddingMode.Pkcs1) { throw new CryptographicException("Unsupported padding mode"); } try { return(context.SignDigest(hash, hashAlgorithm, KeyVaultSignatureAlgorithm.RSAPkcs15)); } catch (Exception e) { throw new CryptographicException("Error calling Key Vault", e); } }