1

I am studying the proper way to sign message in Windows and .NET.

I planned to use aspnet_regiis to create a key pair in server's machine key container, export the public key and import it in client's machine key container. I tested both server and client in my own PC.

C:\Windows\Microsoft.NET\Framework64\v4.0.30319>aspnet_regiis -pc MyKeys -exp
C:\Windows\Microsoft.NET\Framework64\v4.0.30319>aspnet_regiis -pa MyKeys "MyUserAccount"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319>aspnet_regiis -px MyKeys D:\temp\myPublicKey.xml
C:\Windows\Microsoft.NET\Framework64\v4.0.30319>aspnet_regiis -pi MyPublicKey D:\temp\myPublicKey.xml -exp
C:\Windows\Microsoft.NET\Framework64\v4.0.30319>aspnet_regiis -pa MyPublicKey "MyUserAccount"

In my Console application, I used RSACryptoServiceProvider to sign a message and verify it.

string message = "This is the message!";
byte[] data = Encoding.UTF8.GetBytes(message);


// Sign message (server)

var rsaPrivate = new RSACryptoServiceProvider(new CspParameters
{
    KeyContainerName = "MyKeys",
    KeyNumber = 2,    // tried to comment this line, same false result
    Flags = CspProviderFlags.UseMachineKeyStore
});

byte[] signedData = rsaPrivate.SignData(data, new SHA512CryptoServiceProvider());
string signedMessage = Convert.ToBase64String(signedData);


//... Server sends message + signedMessage to client

// Verify message (client)

var rsaPublic = new RSACryptoServiceProvider(new CspParameters
{
    KeyContainerName = "MyPublicKey",
    KeyNumber = 2,    // tried to comment this line, same false result
    Flags = CspProviderFlags.UseMachineKeyStore
});

byte[] clientData = Encoding.UTF8.GetBytes(message);
byte[] clientSignedData = Convert.FromBase64String(signedMessage);
bool verify = rsaPublic.VerifyData(clientData, new SHA512CryptoServiceProvider(), clientSignedData);
// verify = false

If it succeeds, next step I will move the hardcoded key container names to .config file. aspnet_regiis will become a deployment step.

May anyone tell me which step I did it wrong? Or my whole concept of using aspnet_regiis with RSACryptoServiceProvider is wrong? - I say so because I could not find examples talking about using both together. Thank you.

4

0 回答 0