Verify Signed Message with Server's Public Key?
Relevant Docs: https://learn.microsoft.com/en-us/dotnet/api/system.security.cryptography.rsacryptoserviceprovider.verifydata?view=net-9.0
Code in reply.
After calling
RetrievePublicKey() on client and then ProtectedSign("Hello") keep getting false printed because _clientRsaProvider.VerifyData(dataToCompare, SHA1.Create(), signedBytes) is False.
I don't understand why this is. dataToCompare is "Hello" in ASCII encoded bytes, and signedBytes is the same as signedDataBytes = _rsaProvider.SignData(originalMessageBytes, SHA1.Create()) on the server, just reverse-engineered by the client by using the hex string passed by the server.RSACryptoServiceProvider.VerifyData(Byte[], Object, Byte[]) Method ...
Verifies that a digital signature is valid.
12 Replies
I think I found the issue but I am not sure. When calling an action in the controller, a new one is instantiated, so you ask for a different public key, not even the one that belongs to the signing one? Im not sure tho
is this for something real or is this like a school assignment or for fun
school but my teacher is currently unavailable at the moment due to it being easter weekend
(im aware sha1 shouldnt be used)
you should really not be implementing your own cryptographic protocols at all if you can help it
but if it's for school then you don't really get a choice i guess
yeah i think whats happening is my controller is getting reinstantiated every time I run an action on my client side so the public key is outdated even before I sign. idk how to fix
Unknown User•3d ago
Message Not Public
Sign In & Join Server To View
If your goal is just to finish the assignment, then you might generate a pair of public/private keys of your own, and store in certificates, https://docs.lextudio.com/blog/simple-public-private-key-signing-sample-code-6f95d19fdbc
By sharing the certs between client/server apps of yours, they can use the right key to sign/verify the data in transfer.
no thats not what the assignment asks I need to figure out a way to make the RSA instance on the server side to remain persistent such that when I call sign data and verify data the same public private key pair is used and not a new one getting generated. Even when I call verifyData again its not the same because the controller is made every time I get one of the endpoints. I dont want that to happen
yeah this is pretty much exactly what i need i think but I have no idea where to start or how to go about it. can u direct me to some resources?
Singleton is a design pattern, so search engines can teach you how to implement it in C#. But more practically people use DI/IoC these days, https://learn.microsoft.com/en-us/aspnet/core/fundamentals/dependency-injection?view=aspnetcore-9.0 and ASP.NET Core supports it natively.
Dependency injection in ASP.NET Core
Learn how ASP.NET Core implements dependency injection and how to use it.
Set the CspParameters.KeyContainerName to a constant string that is unique to your application.
Then set the RSACryptoServiceProvider.PersistKeyInCsp member to true.
Then after you generate a key, that key will be stored in the windows keystore for that specific windows user the application is running under, for the specific KeyContainerName that you set.
When another call comes in and the controller goes to instantiate the key/cryptoprovide, by passing in the same constant string for KeyContainerName under the same user, it will load the same key from the windows keystore.
this makes a lot more sense and sounds simpler. I will try this and let you know. thank you in advance
u deserve a smooch thank you so much I had a feeling I had to use cspParams somehow and I thought I was doing it right but ig not. this worked tho thank u