News  [SoftwareSite

Latest News
Older News
RSS Feed
 
Complete Projects
Useful Classes
Top Downloads
Message Board
AllAPI.net
 
Send Comments
Software License
Mentalis.org Buttons
Donate
 
Forums -> Security Library Forum
 
Signing with RSA - Missing provider?  
by Sarah Boaz [sarahb at loansoft dot com]
posted on 2004/08/23

Hi, After downloading your library, I can access a certificate with an attached private key from both a memory store and a file, and I use the following code to sign a byte array that will be used for authentication. The code is as follows:

Dim md5p As MD5 = New MD5CryptoServiceProvider()
Dim hashed() As Byte = md5p.ComputeHash(decryptedData)

Dim RSAFormatter As RSAPKCS1SignatureFormatter
RSAFormatter = New RSAPKCS1SignatureFormatter(cert.PrivateKey)
RSAFormatter.SetHashAlgorithm("MD5")
encryptedData = RSAFormatter.CreateSignature(hashed)

encryptedString = Convert.ToBase64String(encryptedData)

It seems to be encrypting correctly, but it's not giving me the correct value. I tried this with the SHA1 provider as well and neither works.
I know the application that I'm authenticating against is using org.bouncycastle.jce.provider.BouncyCastleProvider as their provider and cipher=RSA/ECB/OAEPPadding. Does this have any relevence to signing in VB.net? If so, can you offer any ideas to get my authentication to work right?

Thanks.

by Pieter Philippaerts [Pieter at mentalis dot org]
posted on 2004/08/24

The RSAPKCS1SignatureFormatter generates a PKCS#1.5 signature; the Java code you're using -- RSA/ECB/OAEPPadding -- does _not_ generate a signature, because OAEP cannot be used to sign data. OAEP is used to encrypt data.

You're comparing apples and oranges here, so it's normal that the output of the two algorithms is different. If you want to use OAEP encryption in .NET, use the RSAOAEPKeyExchangeFormatter instead of the RSAPKCS1SignatureFormatter.

by Sarah Boaz [sarahb at loansoft dot com]
posted on 2004/08/24

The Java code I was looking at didn't explicitly say it was using the padding, but it was offered as help from the people I'm trying to authenticate with. (They don't know a lot about it either.)

So, I know I should be signing an id since it's for authentication.
Sorry to sound so nieve, but is there anything else that might be unique to their signing algorithm that I can derive from the key, java code, or ask them for? What is a provider and what role does the Provider play in the algorithm? Does it have to do with the hash algorithm? I also tried to use the certificate to create a hash object, because I thought that might be what's missing, but I couldn't implement that correctly.

Thanks a lot! again! Mentalis.org is awesome.

by Sarah Boaz [sarahb at loansoft dot com]
posted on 2004/08/24

Thanks again for your help before. I just wanted to post that I spoke with the group I'm working with and they gave me the wrong id to encrypt so it's all working. Thanks.

 

Copyright © 2002-2007, The Mentalis.org Team. All rights reserved.
This site is located at http://www.mentalis.org/
Send comments to the webmaster.