I am studying the proper way to sign message in Windows and .NET.
I planned to use aspnet_regiis to create a key pair in server's machine key container, export the public key and import it in client's machine key container. I tested both server and client in my own PC.
C:\Windows\Microsoft.NET\Framework64\v4.0.30319>aspnet_regiis -pc MyKeys -exp
C:\Windows\Microsoft.NET\Framework64\v4.0.30319>aspnet_regiis -pa MyKeys "MyUserAccount"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319>aspnet_regiis -px MyKeys D:\temp\myPublicKey.xml
C:\Windows\Microsoft.NET\Framework64\v4.0.30319>aspnet_regiis -pi MyPublicKey D:\temp\myPublicKey.xml -exp
C:\Windows\Microsoft.NET\Framework64\v4.0.30319>aspnet_regiis -pa MyPublicKey "MyUserAccount"
In my Console application, I used RSACryptoServiceProvider
to sign a message and verify it.
string message = "This is the message!";
byte[] data = Encoding.UTF8.GetBytes(message);
// Sign message (server)
var rsaPrivate = new RSACryptoServiceProvider(new CspParameters
{
KeyContainerName = "MyKeys",
KeyNumber = 2, // tried to comment this line, same false result
Flags = CspProviderFlags.UseMachineKeyStore
});
byte[] signedData = rsaPrivate.SignData(data, new SHA512CryptoServiceProvider());
string signedMessage = Convert.ToBase64String(signedData);
//... Server sends message + signedMessage to client
// Verify message (client)
var rsaPublic = new RSACryptoServiceProvider(new CspParameters
{
KeyContainerName = "MyPublicKey",
KeyNumber = 2, // tried to comment this line, same false result
Flags = CspProviderFlags.UseMachineKeyStore
});
byte[] clientData = Encoding.UTF8.GetBytes(message);
byte[] clientSignedData = Convert.FromBase64String(signedMessage);
bool verify = rsaPublic.VerifyData(clientData, new SHA512CryptoServiceProvider(), clientSignedData);
// verify = false
If it succeeds, next step I will move the hardcoded key container names to .config file. aspnet_regiis will become a deployment step.
May anyone tell me which step I did it wrong? Or my whole concept of using aspnet_regiis with RSACryptoServiceProvider is wrong? - I say so because I could not find examples talking about using both together. Thank you.