0

Is it possible to generate hash of a file using certificate information? I have certificate details like this

    "details": {
        "certificate": "XIIHBTCCBO2gAwIBAgIQGuE3Q0ztnKRiYRN.....",
        "public_key": "XIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQE...."
    },

Using this information I need to create a digestvalue. Assuming the digest value is hash of a file created using the above certificate.

I am using below code to generate hash, but not able to figure out how to use certificate as well.

    public static string SHA256CheckSum(string filePath)
    {
        using (SHA256 SHA256 = SHA256Managed.Create())
        {
            using (FileStream fileStream = File.OpenRead(filePath))
                return Convert.ToBase64String(SHA256.ComputeHash(fileStream));
        }
    }
Aathira
  • 655
  • 3
  • 14
  • 31
  • What do you mean by "creating a hash"? You can create a hash with a cryptographic algorithm without the need for a certificate. Do you want to sign the file with the certificate instead? – Markus Sep 28 '22 at 09:22
  • @Markus I am using 3rd party service for signing the document. At one step I will get a certificate, then its is mentioned that "Generate required hash using certificate". I assume its the hash of the file but not understanding how to generate the digest value using certificate – Aathira Sep 28 '22 at 09:26
  • In the next step after receiving the certificate I need to call an API with digest summary . Here is the description of digest summary - >Digest Summary converted to URL SAFE. Is Base64 string created by Base64 (sha256 (digest_value))) . I am stuck at creating the digest value which is the hash created using the certificate. I might be wrong but this is what I understood – Aathira Sep 28 '22 at 09:30
  • Also I am doubt whether the digest value is the something we can create by encrypting the hash using the certificate we got – Aathira Sep 28 '22 at 09:48
  • Encryption uses a key and you want to use the key in the certificate to create the hash. See https://stackoverflow.com/questions/41340208/get-sha256-public-key-from-certificate?force_isolation=true – jdweng Sep 28 '22 at 10:25
  • @jdweng so I guess in my case the steps will be this: 1. Create hash of the file 2. Encrypt the hash using the certificate? – Aathira Sep 28 '22 at 10:59
  • The algorithm for encryption and hash can the same. The hash just gets a CRC and doesn't change the data. The hash is this case is to verify the data wasn't changed by a hacker which is the digital-signature. The hash should use a encryption algorithm [SHA256.ComputeHash(fileStream)] and you do not need to encrypt the hash. Not all hash algorithms use encryption. – jdweng Sep 28 '22 at 11:29
  • @jdweng still I am not understanding the usage of certificate. "Generate hash using certificate data" . If its hash, then I can create it for the file using Sha-256 , some how I need to associate the certificate and file hash to cerate the digest value. Later in the process I need to pass the digest value to get the PKCS#1 signature and need to use that to format the document to make it signed – Aathira Sep 28 '22 at 15:41
  • I think you just need to sign file using Sha-256 PKCS#1. The hash is the signature. Sha is an encryption algorithm and needs to be seeded with a key that is in the certificate. – jdweng Sep 28 '22 at 15:53
  • Need to create a digest summary using the digest value. Here is the requirement -> Digest summary must only be used to obtain the authorization from the end-user for generating a digital signature with a server signing identity enabled via password stored on the HSM. Its value must be the base64 encoded cryptographic hash of the concatenation of the cryptographic hashes of the data to be digitally signed. Hash value shall be recalculated with digests_summary_algorithm from signable data value, e.g. BASE64(SHA256()) – Aathira Sep 28 '22 at 15:54
  • @jdweng Sha is an encryption algorithm and needs to be seeded with a key that is in the certificate. Ok.. need to figure out how to do this... – Aathira Sep 28 '22 at 15:56
  • See my link above. – jdweng Sep 28 '22 at 15:57
  • @jdweng in that link ComputeHash- seems like it is hashing the certificate ComputeHash(cert.RawData) , in my case I have a file SHA256.ComputeHash(fileStream) – Aathira Sep 28 '22 at 16:08
  • Do you have a password. Obsolete version do not require password. The following has methods CreateFromFile (filename)and Inport (string). See : https://learn.microsoft.com/en-us/dotnet/api/system.security.cryptography.x509certificates.x509certificate?view=net-6.0 – jdweng Sep 28 '22 at 17:55
  • Let us [continue this discussion in chat](https://chat.stackoverflow.com/rooms/248433/discussion-between-aathira-and-jdweng). – Aathira Sep 29 '22 at 06:53

0 Answers0