DotNetUtilities | DotNetUtilities -
kandi X-RAY | DotNetUtilities Summary
kandi X-RAY | DotNetUtilities Summary
DotNetUtilities
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of DotNetUtilities
DotNetUtilities Key Features
DotNetUtilities Examples and Code Snippets
Community Discussions
Trending Discussions on DotNetUtilities
QUESTION
I am trying to figure out how to create a JWT in C# that has custom headers and is signed with a private key. My current attempt is as follows and seems to work except I haven't found a way to include custom headers in it as well.
...ANSWER
Answered 2022-Jan-06 at 22:16You can add custom data via adding claims. They will be added to the token.
QUESTION
I have the following code that signs some data in a .js script:
...ANSWER
Answered 2021-Oct-23 at 18:04PSS has a number of parameters, including the salt length. RFC8017, A.2.3. RSASSA-PSS defines a default salt length that corresponds to the output length of the digest, i.e. 32 bytes for SHA256.
Your recent C# code applies the C# built-in classes that use this default salt length. A different salt length cannot be specified!
The NodeJS code, on the other hand, defaults to the maximum possible salt length (crypto.constants.RSA_PSS_SALTLEN_MAX_SIGN
), which is given by:
- - 2 = 256 - 32 - 2 = 222
.
Thus, the two codes are incompatible!
Unlike the C# built-in classes, BouncyCastle allows the salt length to be configured:
QUESTION
I'm trying summarize: I have a self-signed certificate (created by OpenSSL) being used in a aspnetCore API to verify hash (or message digest, if you prefer) signature. I can run tests to sign the hash and run in the API and everything goes well.
Now, I'm trying do my client sign such hashs and consume the API. It's an application running on Mono. I'm tried do exactly the same thing as my tests, but Mono has a bug in X509Certificate2, when pfx certificate is protected by password. So, I replaced it the by the famous BouncyCastle. However, the results are different... Checking the pk algorithm, I can see some differences, but nothing so remarkable (at least to me).
Can you give me advices? I gonna put the codes:
Good code running on tests (dotNet Core):
...ANSWER
Answered 2021-Oct-09 at 20:50My bad: I've just realized my program wasn't using the string it is supposed might use to calculate the hash...
The Mono's version using BouncyCastle is working perfect fine.
QUESTION
I want to digitally sign pdf documents using iText 7. The signature is created by an external service which returns a PKCS1 signature only. I then have to create and apply the PKCS7.
There is a good documentation for this scenario from iText: https://kb.itextpdf.com/home/it7kb/examples/how-to-use-a-digital-signing-service-dss-such-as-globalsign-with-itext-7
Sample applicationI have created a sample application which signs pdf documents via local certificate. This sample application can be cloned from https://github.com/suntsu42/PdfSignSamplePkcs1. In this sample application are two different ways of creating the PKCS7. Once manually and once via a IExternalSignature(PrivateKeySignature) implementation.
For both cases, the pdf digest which must be signed is created in the same way. The only difference is the way the PKCS7 is created.
The project on github (https://github.com/suntsu42/PdfSignSamplePkcs1) is complete and self contained. In the resources folder is a private key file (pfx) used for creating the signature as well as the root certificate. In order to run the example, it should be enough to just change the value of the resourcePath variable to accommodate your local system.
The signature creation can be toggled by changeing the value of createSignatureViaPlainPkcs1
...ANSWER
Answered 2021-Aug-18 at 09:53One error is fairly obvious:
In CreatePKCS7
you sign the to-be-signed attributes of the signature container (GetAuthenticatedAttributeBytes
) which contain the document digest (Digest
):
QUESTION
I am implementing Apple's App Attestation service.
As part of the process, i receive a EC key and a signature.
Sample key:
...ANSWER
Answered 2021-Jun-30 at 10:43SignerUtilities.GetSigner()
hashes implicitly, i.e. sha256HashByteArray
is hashed again. Therefore instead of ECDsa#VerifyHash()
(does not hash implicitly) the method ECDsa#VerifyData()
(hashes implicitly) must be used.
Also, SignerUtilities.GetSigner()
returns a signature in ASN.1 format, and ECDsa#VerifyData()
expects a signature in r|s format (as you already figured out).
If both are taken into account, the verification is successful:
QUESTION
I hope someone can explain to me where I have made a mistake. I always thought that when I export a certificate with a private key and import it again, the private key is stable and does not change. Especially across computers.
Now I have been proven wrong and I don't understand it.
Given a certificate Z. Which contains a private key pk. I import this certificate onto a computer C1 and onto a computer C2.
I get the parameters of the private key on both.
...ANSWER
Answered 2021-May-18 at 16:37Basically, the D
value doesn't matter, and you're seeing a consequence of that.
"Did you just say the D
value doesn't matter? Isn't RSA based on m == modpow(modpow(m, e, n), d, n)
?"
Yep, and yep. But the Chinese Remainder Theorem provides for a more efficient implementation for modpow(m, d, n)
, so no one really bothers with D
.
The other thing that's going on, is that when an RSA private key is imported you have a couple of choices: 1) verify that n == (p * q) and the d/dp/dq/qInv make sense given n/e/p/q, fail if they don't, 2) import the key on faith, deal with consequences of inconsistency ("garbage in, garbage out"), 3) do (1) but fix any incorrect data.
OK, so we have the premise of why the values might change (strategy (3)), but why are they actually changing?
Because there are at least two different common answers for D
. ("Isn't D unique?" no. "Didn't you say D doesn't matter?" OK, so it matters in computing the CRT parameters, then it stops mattering.)
The original RSA paper defined D as the modular multiplicative inverse of e modulo the Euler totient function of N. The usual symbol for the Euler totient function is the Greek letter phi. Many smart people later, the statement got changed to D being the modular multiplicative inverse of e modulo the Carmichael function of N. The usual symbol for the Carmichael function is the Greek letter lambda.
The difference is sort of a squares-vs-rectangles thing. All D-phi values work for RSA, because e * D-phi === 1 (mod lambda(N))
. Since all D-lambda values also work for RSA, but don't adhere to e * D-lambda === 1 (mod phi(N))
, the formula got rewritten.
OK, there's the background, so what's happening?
- Windows CAPI (powers RSACryptoServiceProvider on Windows, RSA.Create() on .NET Framework) generates keys using lambda, but preserves the D value across import/export.
- OpenSSL (powers RSA classes on Linux) generates keys using phi, but preserves the D value across import/export.
- Windows CNG (powers RSACng on Windows, RSA.Create() on .NET5/.NET Core on Windows) generates keys using phi, but discards D on import and recomputes it from N/E/P/Q for export.
- (There's some nuance here... I feel like CNG changed to maybe preserve the D value around Windows 10 20H1.)
- I don't remember what Android does (probably OpenSSL behaviors), or what macOS does.
So, my guess is that C1 and C2 are running on different OSes (or different versions of the same OS).
https://github.com/dotnet/runtime/commit/700a07cae19fe64649c2fb4c6c10e6b9aa85dc29 shows how we dealt with it in the test suite for .NET. For application code, my recommendation is to just trust the systems.
QUESTION
I've been trying to solve this issue for the past two days and it's sending me a little loopy. I hadn't looked into Cryptography much before then so I'm very confused trying to figure out what I'm meant to do.
I've been working on integrating APIs from a payment provider known as Citizen. Some of the steps of the payment process send webhook updates to my endpoint in the following format:
...ANSWER
Answered 2021-Apr-23 at 20:58Sounds like they are probably signing the paymentToken, not the entire message. Perhaps try something like this:
QUESTION
I'm trying to use the Walmart Affiliate API, which uses a public/private token for authentication. I'm having trouble figuring out what I'm missing from the steps provided.
I currently have a DelegatingHandler
to add the Headers values needed. I'm using BouncyCastle to help in the private token signing and this is what I have currently.
ANSWER
Answered 2021-Feb-26 at 02:47I ended up solving it by mainly using the OpenSSL key creation through a unix terminal, but here's the final product if it helps anybody else.
Usage:
QUESTION
I'm working on an implementation of EWP (Erasmus Without Papers), a set of API's for communication between universities world wide. Every call must be signed with RSA-SHA256. Every partner has a private and public key, the public keys are available in a registry with a keyId. A request has some headers: a digest of the body (sha256 hash), the host, date, x-request-id (random guid). These headers and their values are concatenated in a signing string, that is signed with the private key, the result being the signature that is also sent in the headers, along with the keyId and the other headers used for the signature. The server needs to check if the signature is valid, by creating the same signing string, looking up the public key in the registry and then checking if the signature in the request is indeed correct.
I have both the API as a client application that I use to test. I have access to 109 different partners to test, some of them are not ready yet (they show an error both in my client and the online validator, so I assume there is an error in that API server side, as it is a development environment), others are working fine. There is also a test API of EWP and there is an online validator you can use to send requests to any of these API's.
Strange thing is, my client works with almost all of the partner API's, while some of them give me an error my signature is wrong (when the online validator works fine). Using my client on my own API, validation works fine. Using the online validator, my validation does not work (invalid signature error). There are 2 partners where my client does not work and the online validator does, and 3 API's where my client works but the online validator doesn't (including my own API)
Can anyone think of anything that could cause these issues? Strange thing is, 2 weeks ago, the online validator did work on my API and the only thing that changed according to the EWP guy, is the key pair used by the online validator, but he claims I'm using the correct one now (I sent him my logs)
Could it be some kind of character set issue? An error only happening when some character is used in the public key or something like that?
Here is my code for the RSA-SHA256 part:
Create a signature in the client request, with the private key:
...ANSWER
Answered 2021-Jan-07 at 17:56Problem is fixed! Turned out there was an issue with the format of the dates in the request headers. This date is also used in the signing string for the signature. Different date formats means invalid signature.
The request sent by the online validator had the date Thu, 7 Jan 2021 14:01:58 GMT When fetching this date in my code, it was transformed into Thu, 07 Jan 2021 14:01:58 GMT (with a leading 0 in the day)
QUESTION
Using .NET Core 3.1 and BouncyCastle
I have a Private ECC key from Pkcs12. How can I store this in X509Certificate2 Private Key please?
The reason I am trying it this way is because when I load the Pkcs12 as X509Certificate2, the X509Certificate2.PrivateKey
method throws a "not implemented / algorithm not supported exception".
This is what I have so far:
...ANSWER
Answered 2020-Nov-30 at 13:36The source shows that, depending on the platform you run on the exception is thrown.
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install DotNetUtilities
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page