Hi
i'm trying to sign a file and verify its signature with a DSA key. But
i don't know if i'm doing it the right way !. I tried 2 different ways
but i either got an error or simply the verification just failed.
Here's what i did
in the 1st attempt i generated the hash for the file and then tried to
sign that hash by chunks of 20 bytes ( otherwise i would get an
Exception "SHA1 algorithm key size is 20 bytes") and at the end i
would concatenate the signed chunks and write them to the end of the
file. I also verified that every 20 bytes, when signed, generate 40
bytes, i don't know if this is a standard.
Anyway for verification,as suming that the signature from phase 1 is
written to the end of the file, i followed the same tactic used to
generate it, meaning verifying signature by chunks: i would read off
40 bytes from the signature at the end of the file, and then 20 bytes
from the computed hash and sign it and then compare, but this always
fails !
to sign
senderPk is a DSACryptoServic eProvider Object
1 List<bytesign = new List<byte>();
2 int offset = 0;
3 String oid = CryptoConfig.Ma pNameToOID("SHA 1");
4 while (offset < computedHash.Le ngth)
5 {
6 byte[] chunk = new byte[20];
7 int copySize = (computedHash.L ength -
offset) 20 ? 20 : computedHash.Le ngth - offset;
8 Array.Copy(comp utedHash,offset , chunk, 0,
copySize);
9 offset += 20;
10
11 byte[] signedHash =
senderPk.SignHa sh(chunk,oid);
12 sign.AddRange(s ignedHash);
13 }
14
15 senderPk.Clear( );
16 //cout.Write(comp utedHash, 0,
computedHash.Le ngth);
17 // flush all the data encrypted with the
symmetric key
18 cout.FlushFinal Block();
19 cout.Flush();
to verify
dsa is a DSACryptoServic eProvider Object
1 // dsa is the sender public key
2 // fin is the FileStream opened on the file
3 //computed hash is the hash computed while
decrypting the file
4 List<byteleft = new List<byte>();
5 int leftByte;
6 while ((leftByte = fin.ReadByte()) != -1)
7 left.Add((byte) leftByte);
8 List<bytesign = new List<byte>();
9 int offset = 0,sOffset=0;
10 byte[] computedHash =
hasher.Hash,sig nedHash = left.ToArray();
11 bool goodSignature = true;
12 String oid =
CryptoConfig.Ma pNameToOID("SHA 1");
13 byte[] chunk = new byte[20], sChunk = new
byte[40];
14 while (offset < computedHash.Le ngth &&
goodSignature)
15 {
16 int copySize = (computedHash.L ength -
offset) 20 ? 20 : computedHash.Le ngth - offset;
17 Array.Copy(comp utedHash, offset, chunk,
0, copySize);
18 copySize = (signedHash.Len gth -
sOffset) 40 ? 40 : signedHash.Leng th - sOffset;
19 Array.Copy(sign edHash, sOffset, sChunk,
0, copySize);
20 offset += 20;sOffset+=40;
21 goodSignature =
dsa.VerifyHash( chunk,oid, sChunk);
22 sign.AddRange(s ignedHash);
23 }
24 if (!goodSignature )
25 {
26 Console.WriteLi ne("file verification
failed ! signatures do not macth");
27 return false;
28
29 }
this way, the verification process will always fail.
and if i use the one pass method meaning i try to sign or verify the
file in just one pass i get the following exception
System.Security .Cryptography.. CryptographicEx ception "SHA1 algorithm
key size is 20 bytes"
the DSA key is a DSACryptoServic eProvider instance in all cases.
Language is C# and .NET version is 3.0
already tried posting at the .NET forums on msdn but got no answer so
If someone could provide me with a sample code on how to sign and
verify the signature, it'd be great !
i'm trying to sign a file and verify its signature with a DSA key. But
i don't know if i'm doing it the right way !. I tried 2 different ways
but i either got an error or simply the verification just failed.
Here's what i did
in the 1st attempt i generated the hash for the file and then tried to
sign that hash by chunks of 20 bytes ( otherwise i would get an
Exception "SHA1 algorithm key size is 20 bytes") and at the end i
would concatenate the signed chunks and write them to the end of the
file. I also verified that every 20 bytes, when signed, generate 40
bytes, i don't know if this is a standard.
Anyway for verification,as suming that the signature from phase 1 is
written to the end of the file, i followed the same tactic used to
generate it, meaning verifying signature by chunks: i would read off
40 bytes from the signature at the end of the file, and then 20 bytes
from the computed hash and sign it and then compare, but this always
fails !
to sign
senderPk is a DSACryptoServic eProvider Object
1 List<bytesign = new List<byte>();
2 int offset = 0;
3 String oid = CryptoConfig.Ma pNameToOID("SHA 1");
4 while (offset < computedHash.Le ngth)
5 {
6 byte[] chunk = new byte[20];
7 int copySize = (computedHash.L ength -
offset) 20 ? 20 : computedHash.Le ngth - offset;
8 Array.Copy(comp utedHash,offset , chunk, 0,
copySize);
9 offset += 20;
10
11 byte[] signedHash =
senderPk.SignHa sh(chunk,oid);
12 sign.AddRange(s ignedHash);
13 }
14
15 senderPk.Clear( );
16 //cout.Write(comp utedHash, 0,
computedHash.Le ngth);
17 // flush all the data encrypted with the
symmetric key
18 cout.FlushFinal Block();
19 cout.Flush();
to verify
dsa is a DSACryptoServic eProvider Object
1 // dsa is the sender public key
2 // fin is the FileStream opened on the file
3 //computed hash is the hash computed while
decrypting the file
4 List<byteleft = new List<byte>();
5 int leftByte;
6 while ((leftByte = fin.ReadByte()) != -1)
7 left.Add((byte) leftByte);
8 List<bytesign = new List<byte>();
9 int offset = 0,sOffset=0;
10 byte[] computedHash =
hasher.Hash,sig nedHash = left.ToArray();
11 bool goodSignature = true;
12 String oid =
CryptoConfig.Ma pNameToOID("SHA 1");
13 byte[] chunk = new byte[20], sChunk = new
byte[40];
14 while (offset < computedHash.Le ngth &&
goodSignature)
15 {
16 int copySize = (computedHash.L ength -
offset) 20 ? 20 : computedHash.Le ngth - offset;
17 Array.Copy(comp utedHash, offset, chunk,
0, copySize);
18 copySize = (signedHash.Len gth -
sOffset) 40 ? 40 : signedHash.Leng th - sOffset;
19 Array.Copy(sign edHash, sOffset, sChunk,
0, copySize);
20 offset += 20;sOffset+=40;
21 goodSignature =
dsa.VerifyHash( chunk,oid, sChunk);
22 sign.AddRange(s ignedHash);
23 }
24 if (!goodSignature )
25 {
26 Console.WriteLi ne("file verification
failed ! signatures do not macth");
27 return false;
28
29 }
this way, the verification process will always fail.
and if i use the one pass method meaning i try to sign or verify the
file in just one pass i get the following exception
System.Security .Cryptography.. CryptographicEx ception "SHA1 algorithm
key size is 20 bytes"
the DSA key is a DSACryptoServic eProvider instance in all cases.
Language is C# and .NET version is 3.0
already tried posting at the .NET forums on msdn but got no answer so
If someone could provide me with a sample code on how to sign and
verify the signature, it'd be great !