1

The following code in python is my baseline that I need to implement using .net core

from Crypto.PublicKey import RSA
from Crypto.Signature import PKCS1_v1_5
from Crypto.Hash import SHA256
import base64


thing_to_sign = "12345"
key = RSA.importKey(open('dev.private.pem').read())
signer = PKCS1_v1_5.new(key)
data = SHA256.new(thing_to_sign)
signedData = signer.sign(data)
sig =  base64.b64encode(signedData)

print sig

for now i have tried to do the same with BouncyCastel but got a different result than i should.

var data = "12345";
var keyParams = ReadAsymmetricKeyParameter("dev.private.pem");
var encryptEngine = new Pkcs1Encoding(new RsaEngine());
encryptEngine.Init(true, keyParams);
var dataBytes = GetSHA256Bytes(data);
var signedData = encryptEngine.ProcessBlock(dataBytes, 0, dataBytes.Length);
var sig64 = Convert.ToBase64String(signedData);

const string expectedSig = "MEka+7qTARRoXWmU4nm6sBc9R8908AIx.... shorten for reading convinience";
Assert.Equal(expectedSig, sig64); //Fails here the result is differnt the python code :(

the ReadAsymmetricKeyParameter method:

private AsymmetricKeyParameter ReadAsymmetricKeyParameter(string pemFilename)
{
    var fileStream = File.OpenText(pemFilename);
    var pemReader = new PemReader(fileStream);
    var keyParameter = (AsymmetricCipherKeyPair) pemReader.ReadObject();
    return keyParameter.Private;
}

Then i figured that the Pkcs1Encoding might not be 1.5 as it should and could not find enougth infor about it so im trying to revert to use System.Security.Cryptography from the .Net Framework but stuck at how to load the private pem key file

var dataStr = "12345";
using (var rsa = new RSACryptoServiceProvider())
{
    var data = GetSHA256Bytes(dataStr);
    var rsaFormatter = new RSAPKCS1SignatureFormatter(rsa);
    rsaFormatter.SetHashAlgorithm("SHA256");
    byte[] SignedHash = rsaFormatter.CreateSignature(data);
    var sig64 = Convert.ToBase64String(SignedHash);
}

The GetSHA256Bytes helper is straightforward:

        using (var hash = SHA256.Create())
        {
            return hash.ComputeHash(Encoding.UTF8.GetBytes(data));
        }
Mortalus
  • 10,574
  • 11
  • 67
  • 117
  • See my response at following posting : https://stackoverflow.com/questions/46722997/saml-assertion-in-a-xml-using-c-sharp/46724392 – jdweng Aug 01 '18 at 08:57
  • @jdweng thanks in your method `SignXmlWithCertificate` your using a `X509Certificate2 ` to get the private key .. but i dot have pfx i have only a private.dev.pem and public.dev.pem files can i generate a pfx from them somehow ? – Mortalus Aug 01 '18 at 08:59
  • See msdn : https://social.msdn.microsoft.com/Forums/vstudio/en-US/d7e2ccea-4bea-4f22-890b-7e48c267657f/creating-a-x509-certificate-from-a-rsa-private-key-in-pem-file?forum=csharpgeneral and https://msdn.microsoft.com/en-us/library/system.security.cryptography.x509certificates.x509certificate2(v=vs.110).aspx – jdweng Aug 01 '18 at 09:07
  • @jdweng Thanks you so much !! that was exactlly what i needed .. i wonder why its not an exsisting nuget or something .. can you post it as an answer ? – Mortalus Aug 01 '18 at 10:57
  • Why use thrid party nuget app code when you can use straight code from the Net Library? – jdweng Aug 01 '18 at 11:04

0 Answers0