News  [SoftwareSite

Latest News
Older News
RSS Feed
Complete Projects
Useful Classes
Top Downloads
Message Board
Send Comments
Software License Buttons
Forums -> Security Library Forum
Signing with RSA - Missing provider?  
by Sarah Boaz [sarahb at loansoft dot com]
posted on 2004/08/23

Hi, After downloading your library, I can access a certificate with an attached private key from both a memory store and a file, and I use the following code to sign a byte array that will be used for authentication. The code is as follows:

Dim md5p As MD5 = New MD5CryptoServiceProvider()
Dim hashed() As Byte = md5p.ComputeHash(decryptedData)

Dim RSAFormatter As RSAPKCS1SignatureFormatter
RSAFormatter = New RSAPKCS1SignatureFormatter(cert.PrivateKey)
encryptedData = RSAFormatter.CreateSignature(hashed)

encryptedString = Convert.ToBase64String(encryptedData)

It seems to be encrypting correctly, but it's not giving me the correct value. I tried this with the SHA1 provider as well and neither works.
I know the application that I'm authenticating against is using org.bouncycastle.jce.provider.BouncyCastleProvider as their provider and cipher=RSA/ECB/OAEPPadding. Does this have any relevence to signing in If so, can you offer any ideas to get my authentication to work right?


by Pieter Philippaerts [Pieter at mentalis dot org]
posted on 2004/08/24

The RSAPKCS1SignatureFormatter generates a PKCS#1.5 signature; the Java code you're using -- RSA/ECB/OAEPPadding -- does _not_ generate a signature, because OAEP cannot be used to sign data. OAEP is used to encrypt data.

You're comparing apples and oranges here, so it's normal that the output of the two algorithms is different. If you want to use OAEP encryption in .NET, use the RSAOAEPKeyExchangeFormatter instead of the RSAPKCS1SignatureFormatter.

by Sarah Boaz [sarahb at loansoft dot com]
posted on 2004/08/24

The Java code I was looking at didn't explicitly say it was using the padding, but it was offered as help from the people I'm trying to authenticate with. (They don't know a lot about it either.)

So, I know I should be signing an id since it's for authentication.
Sorry to sound so nieve, but is there anything else that might be unique to their signing algorithm that I can derive from the key, java code, or ask them for? What is a provider and what role does the Provider play in the algorithm? Does it have to do with the hash algorithm? I also tried to use the certificate to create a hash object, because I thought that might be what's missing, but I couldn't implement that correctly.

Thanks a lot! again! is awesome.

by Sarah Boaz [sarahb at loansoft dot com]
posted on 2004/08/24

Thanks again for your help before. I just wanted to post that I spoke with the group I'm working with and they gave me the wrong id to encrypt so it's all working. Thanks.


Copyright © 2002-2007, The Team. All rights reserved.
This site is located at
Send comments to the webmaster.