1

So the problem I'm facing is that I'm making a request to a server, and the server is responding via webhooks -> this notification can take a while to come back. This is why every time I get a response, I need to verify the signature sent in the response authentication header.

They say that they produce the signature with: sign(apikey + nonce + timestamp + transactionid)

Now, obviously I have the apikey, but I don't have the timestamp, nonce and transactionId to verify if the signature is correct. I don't understand, is it even solvable then?

Anyway, they say that they use the SHA256withRSA (OID: 1.2.840.113549.1.1.11) standard to sign it, therefore I have to use the same thing to decrypt it. They have given me their string public key and nothing else (no certificate). The public key is in the form:

-----BEGIN PUBLIC KEY-----
<public key>
-----END PUBLIC KEY-----

I haven't found any out of the box solutions in C# for this problem, as I can't just use RSA. What can I do to decrypt their signature and verify that it's really them?

Vulpex
  • 1,041
  • 8
  • 19
Kristijan Mirčeta
  • 103
  • 1
  • 12
  • SHA means Secure **Hash** Algorithm. Hash-algorithms are not meant to be done two-ways around – Rafalon Mar 23 '18 at 11:26
  • You may want to read [this related link (what is the difference between encrypting and signing)](https://stackoverflow.com/questions/454048/what-is-the-difference-between-encrypting-and-signing-in-asymmetric-encryption?rq=1) – Rafalon Mar 23 '18 at 11:33
  • Nonce, transactionid and timestamp should be in the same response you receive signature in – Evk Mar 23 '18 at 11:38
  • The public key is in ASN.1 PEM format, which encodes a `SubjectPublicKeyInfo` structure (also found within X.509 certificates). It's the default format also used by e.g. openssl. Bouncy Castle can parse it. – Maarten Bodewes Mar 23 '18 at 12:43
  • 1
    If your problem is just "how do I read the key?" https://stackoverflow.com/q/41808094/6535399 should help. – bartonjs Mar 23 '18 at 15:04

1 Answers1

4

The data should contain the artifacts you are looking for. A signature doesn't encrypt the data, instead it is usually attached (commonly appended) to the data. Although the data is not encrypted (by the signature generation process), it could of course have been encoded which means you may have to decode the data first (e.g. base 64). The signature is then over a canonical binary representation of the data.

So in general, to verify a signature:

  • decode and aggregate the data
  • decode the signature
  • make the correct binary representation of the data
  • hash the binary representation (normally part of the signature verification function such as "SHA256withRSA") and finally
  • verify the signature.

Besides verification of the signature you may need to perform validation of the signature as well. Generally validation of the signature consists of things such as:

  • verification that the nonce hasn't been used before (protection against replay attacks);
  • verification that the timestamp is within a certain range.

But if possible you should let a library take care of this. Do check however that the verification does indeed take place and that the validation checks are useful and that they have been performed.

If PEM is used (like it is for the public key you've shown) it may be that the data and signature are buried using CMS (cryptographic message syntax). This is a binary container format. If this is true then you definitely need a CMS library as parsing the message structure requires a lot of knowledge and practice.

Maarten Bodewes
  • 90,524
  • 13
  • 150
  • 263