Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / .NET Framework / Security / November 2004

Tip: Looking for answers? Try searching our database.

Using private keys to sign hash

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Erick Daniel Tinajero - 23 Nov 2004 01:23 GMT
Hi there:

I am trying to export (use) a private key from the certificate store to sign
a
hash. But I am getting the error:
Export of private parameters is not supported

I have this:

   Dim store =
Microsoft.Web.Services2.Security.X509.X509CertificateStore.LocalMachineStore(Microsoft.Web.Services2.Security.X509.X509CertificateStore.MyStore)
   store.OpenRead
   Dim cert as Microsoft.Web.Services2.Security.X509.X509Certificate =
store.Certificates(0)
   Dim RSA as RSA = Cert.Key
   Dim RSAParams as RSAParameters = Cert.Key.ExportParameters(True)

The exception happens when the last line executes. I guess its a permission
problem, but I can't figure it out the solution. Can anyone help me? Thanks.
Reply to this Message
Nicole Calinoiu - 25 Nov 2004 18:39 GMT
Erick,

The
Microsoft.Web.Services2.Security.Cryptography.RSACryptoServiceProvider.ExportParameters()
method does not allow export of the private key, regardless of what the
documentation and the presence of the includePrivateParameters argument
might lead you to believe.  You'll need to some other approach to use the
certificate private information to generate the desired signature.  Someone
may be able to help with this if you provide more complete details
concerning your signing scenario.

HTH,
Nicole

> Hi there:
>
[quoted text clipped - 17 lines]
> problem, but I can't figure it out the solution. Can anyone help me?
> Thanks.
Reply to this Message
Erick Daniel Tinajero - 25 Nov 2004 21:46 GMT
Thanks for the answer, Nicole:

I need to do a PKCS#1 RSA sign to a MD5 hash. That's all. To accomplish it,
I have a certificate and private key generated by a tool that I didn't
develop, using OpenSSL functions. I was told that a private key without the
CRYPT_EXPORTABLE property cannot be used for such procedure in .NET, but I
didn't make it work with a private key generated with that property (made by
me) either.

I already figured it out that I need to assign the private key to the
RSACryptoServiceProvider without "extracting" it, because then the exception
is raised. But I don't know how to accomplish it. This is my scenario:

.PFX File -->  Certificate Store -- > X509CertificateStore -->
X509Certificate
--> RSA --> RSACryptoServiceProvider.Sign

Either from the file or from the Certificate Store, I need to retrieve the
private key and then do the sign. I don't find it very complicated but I
don't know how to make it work in the code. Any ideas would be greatly
appreciated.

> Erick,
>
[quoted text clipped - 31 lines]
>> problem, but I can't figure it out the solution. Can anyone help me?
>> Thanks.
Reply to this Message
Erick Daniel Tinajero - 26 Nov 2004 13:17 GMT
I am currently trying to do this:

Dim store As Microsoft.Web.Services2.Security.X509.X509CertificateStore =
Microsoft.Web.Services2.Security.X509.X509CertificateStore.CurrentUserStore(Microsoft.Web.Services2.Security.X509.X509CertificateStore.MyStore)

store.Open()

Dim cert As Microsoft.Web.Services2.Security.X509.X509Certificate =
store.Certificates(0)

Dim RSA As System.Security.Cryptography.RSA = cert.Key

Dim Crypt As New
System.Security.Cryptography.RSAPKCS1SignatureFormatter(RSA)

Dim hash As New System.Security.Cryptography.MD5CryptoServiceProvider()

Dim hashed As Byte()

Dim Cypher As Byte()

Dim enc As System.Text.Encoding

hashed = hash.ComputeHash(enc.ASCII.GetBytes("Hi"))

Crypt.SetHashAlgorithm("MD5")

Cypher = Crypt.CreateSignature(hashed)

Everything goes fine until the last line, when it throws an 'DecryptValue'
not supported exception. Any clues? Thank you.

> Thanks for the answer, Nicole:
>
[quoted text clipped - 54 lines]
>>> problem, but I can't figure it out the solution. Can anyone help me?
>>> Thanks.
Reply to this Message
Nicole Calinoiu - 26 Nov 2004 15:04 GMT
Erick,

You don't need to use the WSE classes for this.  Instead, you should
probably use System.Security.Cryptography.RSAPKCS1SignatureFormatter to
generate the signature.  You can initialize the RSACryptoServiceProvider
used by the formatter by using the constructor (for
RSACryptoServiceProvider) that takes a CspParameters object as an argument.

For a complete example of this technique, see
http://www.jensign.com/JavaScience/dotnet/SignFileHash/SignFilehash.txt.

HTH,
Nicole

> Thanks for the answer, Nicole:
>
[quoted text clipped - 54 lines]
>>> problem, but I can't figure it out the solution. Can anyone help me?
>>> Thanks.
Reply to this Message

Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.