DotNetUtilities | DotNetUtilities -

I have the following code that signs some data in a .js script:

I'm trying summarize: I have a self-signed certificate (created by OpenSSL) being used in a aspnetCore API to verify hash (or message digest, if you prefer) signature. I can run tests to sign the hash and run in the API and everything goes well.

Now, I'm trying do my client sign such hashs and consume the API. It's an application running on Mono. I'm tried do exactly the same thing as my tests, but Mono has a bug in X509Certificate2, when pfx certificate is protected by password. So, I replaced it the by the famous BouncyCastle. However, the results are different... Checking the pk algorithm, I can see some differences, but nothing so remarkable (at least to me).

Can you give me advices? I gonna put the codes:

Good code running on tests (dotNet Core):

I want to digitally sign pdf documents using iText 7. The signature is created by an external service which returns a PKCS1 signature only. I then have to create and apply the PKCS7.

There is a good documentation for this scenario from iText: https://kb.itextpdf.com/home/it7kb/examples/how-to-use-a-digital-signing-service-dss-such-as-globalsign-with-itext-7

I have created a sample application which signs pdf documents via local certificate. This sample application can be cloned from https://github.com/suntsu42/PdfSignSamplePkcs1. In this sample application are two different ways of creating the PKCS7. Once manually and once via a IExternalSignature(PrivateKeySignature) implementation.

For both cases, the pdf digest which must be signed is created in the same way. The only difference is the way the PKCS7 is created.

The project on github (https://github.com/suntsu42/PdfSignSamplePkcs1) is complete and self contained. In the resources folder is a private key file (pfx) used for creating the signature as well as the root certificate. In order to run the example, it should be enough to just change the value of the resourcePath variable to accommodate your local system.

The signature creation can be toggled by changeing the value of createSignatureViaPlainPkcs1

I am implementing Apple's App Attestation service.

As part of the process, i receive a EC key and a signature.

Sample key:

I hope someone can explain to me where I have made a mistake. I always thought that when I export a certificate with a private key and import it again, the private key is stable and does not change. Especially across computers.

Now I have been proven wrong and I don't understand it.

Given a certificate Z. Which contains a private key pk. I import this certificate onto a computer C1 and onto a computer C2.

I get the parameters of the private key on both.

I've been trying to solve this issue for the past two days and it's sending me a little loopy. I hadn't looked into Cryptography much before then so I'm very confused trying to figure out what I'm meant to do.

I've been working on integrating APIs from a payment provider known as Citizen. Some of the steps of the payment process send webhook updates to my endpoint in the following format:

I'm trying to use the Walmart Affiliate API, which uses a public/private token for authentication. I'm having trouble figuring out what I'm missing from the steps provided.

I currently have a DelegatingHandler to add the Headers values needed. I'm using BouncyCastle to help in the private token signing and this is what I have currently.

I'm working on an implementation of EWP (Erasmus Without Papers), a set of API's for communication between universities world wide. Every call must be signed with RSA-SHA256. Every partner has a private and public key, the public keys are available in a registry with a keyId. A request has some headers: a digest of the body (sha256 hash), the host, date, x-request-id (random guid). These headers and their values are concatenated in a signing string, that is signed with the private key, the result being the signature that is also sent in the headers, along with the keyId and the other headers used for the signature. The server needs to check if the signature is valid, by creating the same signing string, looking up the public key in the registry and then checking if the signature in the request is indeed correct.

I have both the API as a client application that I use to test. I have access to 109 different partners to test, some of them are not ready yet (they show an error both in my client and the online validator, so I assume there is an error in that API server side, as it is a development environment), others are working fine. There is also a test API of EWP and there is an online validator you can use to send requests to any of these API's.

Strange thing is, my client works with almost all of the partner API's, while some of them give me an error my signature is wrong (when the online validator works fine). Using my client on my own API, validation works fine. Using the online validator, my validation does not work (invalid signature error). There are 2 partners where my client does not work and the online validator does, and 3 API's where my client works but the online validator doesn't (including my own API)

Can anyone think of anything that could cause these issues? Strange thing is, 2 weeks ago, the online validator did work on my API and the only thing that changed according to the EWP guy, is the key pair used by the online validator, but he claims I'm using the correct one now (I sent him my logs)

Could it be some kind of character set issue? An error only happening when some character is used in the public key or something like that?

Here is my code for the RSA-SHA256 part:

Create a signature in the client request, with the private key:

Using .NET Core 3.1 and BouncyCastle

I have a Private ECC key from Pkcs12. How can I store this in X509Certificate2 Private Key please? The reason I am trying it this way is because when I load the Pkcs12 as X509Certificate2, the X509Certificate2.PrivateKey method throws a "not implemented / algorithm not supported exception".

This is what I have so far: