Digital Signature with wrong value

Question

I am trying to create a digital signature for a block of Text. While I seem to be able to create a signature it is different from the digital test signature as required by our test cases. The code I am using is below.

X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
store.Open(OpenFlags.OpenExistingOnly);

X509Certificate2Collection certcol  = store.Certificates.Find(X509FindType.FindByIssuerName, "eBusiness Development CA", false);
if (certcol.Count > 0) {
    X509Certificate2 cert = certcol[0];

    System.Security.Cryptography.RSACryptoServiceProvider privateKey = cert.PrivateKey as System.Security.Cryptography.RSACryptoServiceProvider;
    System.Security.Cryptography.SHA1CryptoServiceProvider sha = new System.Security.Cryptography.SHA1CryptoServiceProvider();
    byte[] hash = sha.ComputeHash(System.Text.ASCIIEncoding.ASCII.GetBytes(txtIn.Text));

    byte[] SignedHash = privateKey.SignHash(hash, System.Security.Cryptography.CryptoConfig.MapNameToOID("SHA"));
    String val = Convert.ToBase64String(SignedHash) + Environment.NewLine + Environment.NewLine;
}  



**Below is the test certificate being used**

    -----BEGIN CERTIFICATE-----
    MIIDajCCAtOgAwIBAgIBCjANBgkqhkiG9w0BAQQFADCBhDELMAkGA1UEBhMCQVUx
    DDAKBgNVBAgTA05TVzEPMA0GA1UEBxMGU3lkbmV5MQ0wCwYDVQQKEwRBU0lDMSQw
    IgYDVQQLExtJVFNCIGVCdXNpbmVzcyBTeXN0ZW1zIFRlYW0xITAfBgNVBAMTGGVC
    dXNpbmVzcyBEZXZlbG9wbWVudCBDQTAeFw0wMjA1MjcwMzA4MDlaFw0wMzA1Mjcw
    MzA4MDlaMF0xCzAJBgNVBAYTAkFVMQwwCgYDVQQIEwNOU1cxDzANBgNVBAcTBlN5
    ZG5leTENMAsGA1UEChMEQVNJQzENMAsGA1UECxMEVGVzdDERMA8GA1UEAxMIVGVz
    dGVyIDIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM3zyt6WrajwGLx7L9b/
    ji36J5cUi3FCiAnHWT6rU4iO/0kO5GC5DhIlEVW64e29sXD7V5G+Dc1DyhweHOFC
    1nz55zci4peeg+QPj8LApexjKcCjm6y6hilN8u5YUzBG7lkI0miUcrF2zF9Kxrqo
    c/GxKL7Btdj3jGCZpwmVmQrHAgMBAAGjggEQMIIBDDAJBgNVHRMEAjAAMCwGCWCG
    SAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4E
    FgQUwvFqXS71CPKI/CUSuTqzZmTKY8AwgbEGA1UdIwSBqTCBpoAUdVgA2CTNbQWg
    /GHtVe7HDcH/Ci2hgYqkgYcwgYQxCzAJBgNVBAYTAkFVMQwwCgYDVQQIEwNOU1cx
    DzANBgNVBAcTBlN5ZG5leTENMAsGA1UEChMEQVNJQzEkMCIGA1UECxMbSVRTQiBl
    QnVzaW5lc3MgU3lzdGVtcyBUZWFtMSEwHwYDVQQDExhlQnVzaW5lc3MgRGV2ZWxv
    cG1lbnQgQ0GCAQAwDQYJKoZIhvcNAQEEBQADgYEAM3NVo4i+ndGqddZAtGxqpeE0
    dWondUaN3DV+0CpQFYfH3cblGtnTkQdgUFbBxrDrFvIuoYZWv2X1zYl3SAFbF91U
    WFxklCCmU9POoeB+j4fDqN+H69eAUZUz2vVHcLVePhNJhm64lYAhA83Rodv/sj6c
    vxkxeg9xtdlZXGrmKik=
    -----END CERTIFICATE-----
    -----BEGIN RSA PRIVATE KEY-----
    MIICXgIBAAKBgQDN88relq2o8Bi8ey/W/44t+ieXFItxQogJx1k+q1OIjv9JDuRg
    uQ4SJRFVuuHtvbFw+1eRvg3NQ8ocHhzhQtZ8+ec3IuKXnoPkD4/CwKXsYynAo5us
    uoYpTfLuWFMwRu5ZCNJolHKxdsxfSsa6qHPxsSi+wbXY94xgmacJlZkKxwIDAQAB
    AoGBALSKsd3dAxFkoJqh9rcnwhDmCUy00uSPqUfBPKfmcsz0ZjA6YNO1hfM8EW0w
    7ZuGvgVIIGT/0YOOmJ97el+yQukp8ViYQLWidLOe/IWPzWrcK+D7gBs/sGUNakWl
    Dqen6+HcUV9NBW/AvY4wWigllWx+F9fRt2Y+BLV3lO7EngsJAkEA+haLzFi4+Sdm
    SPot7f2yYy366Ktqt9XbAWbWllE/Md2kt0wFI3gs85uURIf9UIrLL+JbrPRw1rzq
    j94qXdE7TQJBANLSJpZougjyQG+rgbkf4BbUlfy9S8iKNDk4YfYviDQ4EJ99c5Mb
    qF5ukiqnPSRNuKm5iePdFT2kB/F4mbvFjGMCQQCPjqmpH7TusQMyGQqMdvkTna1O
    KjgUVxpkb5f2qaTRBx4qaeT5O17yZ/hwbm+m8EU6s4FUguzTF5a+BxXizNxxAkEA
    qZZxggbGuBGfsfTmCnRQwCzMZp4jyzMZpXnsm6xKxa7f+FxjT1AtVaFepT8Y2Q5I
    YQemm40p3AcKeL2J9VmJfwJAHTf41K9iQlbQEyq8LMF7EQ7IqwmOlebh86qJPVqE
    Fv9xZRAOzxG/ZgsXImMvWEUabqcIoXA7i9CZOJNg/kvKdw==
    -----END RSA PRIVATE KEY-----

**Below is the Data I am trying to create a digital signature for Starting from ZHDASCRA53  0700 to the end of ZTRENDRA53   22 including the new line contstant at the very end**

ZHDASCRA53  0700    956456
ZXCMIIDajCCAtOgAwIBAgIBCjANBgkqhkiG9w0BAQQFADCBhDELMAkGA1UEBhMCQVUx
ZXCDDAKBgNVBAgTA05TVzEPMA0GA1UEBxMGU3lkbmV5MQ0wCwYDVQQKEwRBU0lDMSQw
ZXCIgYDVQQLExtJVFNCIGVCdXNpbmVzcyBTeXN0ZW1zIFRlYW0xITAfBgNVBAMTGGVC
ZXCdXNpbmVzcyBEZXZlbG9wbWVudCBDQTAeFw0wMjA1MjcwMzA4MDlaFw0wMzA1Mjcw
ZXCMzA4MDlaMF0xCzAJBgNVBAYTAkFVMQwwCgYDVQQIEwNOU1cxDzANBgNVBAcTBlN5
ZXCZG5leTENMAsGA1UEChMEQVNJQzENMAsGA1UECxMEVGVzdDERMA8GA1UEAxMIVGVz
ZXCdGVyIDIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM3zyt6WrajwGLx7L9b/
ZXCji36J5cUi3FCiAnHWT6rU4iO/0kO5GC5DhIlEVW64e29sXD7V5G+Dc1DyhweHOFC
ZXC1nz55zci4peeg+QPj8LApexjKcCjm6y6hilN8u5YUzBG7lkI0miUcrF2zF9Kxrqo
ZXCc/GxKL7Btdj3jGCZpwmVmQrHAgMBAAGjggEQMIIBDDAJBgNVHRMEAjAAMCwGCWCG
ZXCSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4E
ZXCFgQUwvFqXS71CPKI/CUSuTqzZmTKY8AwgbEGA1UdIwSBqTCBpoAUdVgA2CTNbQWg
ZXC/GHtVe7HDcH/Ci2hgYqkgYcwgYQxCzAJBgNVBAYTAkFVMQwwCgYDVQQIEwNOU1cx
ZXCDzANBgNVBAcTBlN5ZG5leTENMAsGA1UEChMEQVNJQzEkMCIGA1UECxMbSVRTQiBl
ZXCQnVzaW5lc3MgU3lzdGVtcyBUZWFtMSEwHwYDVQQDExhlQnVzaW5lc3MgRGV2ZWxv
ZXCcG1lbnQgQ0GCAQAwDQYJKoZIhvcNAQEEBQADgYEAM3NVo4i+ndGqddZAtGxqpeE0
ZXCdWondUaN3DV+0CpQFYfH3cblGtnTkQdgUFbBxrDrFvIuoYZWv2X1zYl3SAFbF91U
ZXCWFxklCCmU9POoeB+j4fDqN+H69eAUZUz2vVHcLVePhNJhm64lYAhA83Rodv/sj6c
ZXCvxkxeg9xtdlZXGrmKik=
ZDCALPHA    ADAM                20110801    Y   Y                           A96373
ZTRENDRA53  22

**^ Include last newline constant** 

**Below is the expected signature**
jrnTLMj6W4vbZ/FJ13TLl+nsfsIWkbUU6UgZqIutPmQlZgB6eYWwF5noHsTc90CXXEXUV1GS3UZvedFEzr8D1cqbf4EOHYZJclcHlF/Ve47lXwggZ1G7FIlqHAmlGNcLktyLehOsyHapYY6oyqQF6by2/I9sMD5qy/LpxHObSaS=

**Below is the signature I get (which is wrong)**
C1r3XVKCl/yfg0lm67C95ozma/L1EWQFgmHV4T1RDq+yxqxCF4FN7fcmuF8eSoLuyJZWx4HnNPqTZwetmKzyDhGpzZaBf4FMfCC7bgIBWaZrHUgVmswUITbQmNZv2T2Ka4q8PpNAhPRv3VhXb2UPeuz7zcsmNwTsCRzT+gvw/c8=

Any genius that can produce the expected signature will be eternally in my gratitude. We would be willing to pay a professional if the community cannot answer this, so recommendations would be gladly accepted.

Regards All - Bruce

How was the test data created? Does it use the same encoding? — Shaun Wilde, Nov 11 '11 at 02:56
What I meant was you have used ascii encoding but there are other encodings (ASCII/UTF7/8/32/UNICODE), could the test data have been used created using an alternative encoding. Even the data posted ona web form can lose/gain information during to be cut and pasted on a web form - i.e. carriage returns or spaces (truncation). — Shaun Wilde, Nov 12 '11 at 21:47
Thanks for your reply, All of the documentation only refers to ASCII — Bruce, Nov 13 '11 at 06:25

score 0 · Answer 1 · answered Dec 29 '11 at 22:18

I verified both signatures you provided with the certificate public key and both are correct RSA/PKCS#1 signatures. However the signatures are using distinct digest algorithms: your signature is using SHA-1 algorithm and the "correct" signature is using MD5 algorithm. This explains why the signature differs.

Digital Signature with wrong value

1 Answers1

Linked