isign | Code sign iOS applications , without proprietary Apple | iOS library

Yes it is. The following shows the generation of a signature with deterministic ECDSA using curve P-256 aka secp256r1 and a test vector from RFC6979, A.2.5:

• Test vector:

private key:
x = C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721

With SHA-256, message = "sample":
r = EFD48B2AACB6A8FD1140DD9CD45E81D69D2C877B56AAF991C34D0EA84EAF3716
s = F7CB1C942D657C41D436C7A1B6E29F65F3E900DBB9AFF4064DC4AB2F843ACDA8

• C#/BC Code

In most circumstances, generic constraints can be replaced by delegation to to some other type. For comparisons that would be IComparer. So if your method requires comparisons, you can add a IComparer parameter. For convenience, you can also add overload with a generic constraint and uses a Comparer.Default and delegate implementation to the main method.

Most methods that does anything related to sorting can take a IComparer object, and this is in general a more flexible solution than implementing IComparable, since there can only be one IComparable implementation.

In your example, SignalValue has a public Value, so there is no real need for a CompareTo method. Anyone that wants to compare the value can just do mySignalValue.Value.CompareTo(myOtherSignalValue.Value), no real need to implement IComparable.

It seems the JWT assertion is made from scratch, this might cause many problems.DocuSign recommends using a library to make the JWT assertion. This link shows this process with our SDK:  https://github.com/docusign/code-examples-csharp/blob/06c46b235c094be1346e4ddca692aa9b72a82456/launcher-csharp/Common/JWTAuth.cs

For this case there's a method you might need to try: public static (string, string, string) AuthenticateWithJWT(). This is going to use .NET Core. Or you can use a method on our SDK: RequestJWTUserToken. One of these might solve it, consider that the DocuSign Code Example Launchers should be installed and set up for using this method.

The C/C++ code expects the hash of the message when verifying and therefore does not hash before verifying. The C# code, on the other hand, expects the message itself when verifying and performs the hashing before verifying itself.

Therefore, if the hash of the message is passed to the C# code instead of the message, a double hashed message is verified with the signature for a single hashed message, which fails.

The problem can be solved if no hashing is performed in the C# code analog to the C/C++ code before verification. For this, e.g. under .NET Core the verification can be performed with RSACng#VerifyHash(), which in contrast to RSACng#VerifyData() expects the hash of the message analogous to the C/C++ code.

A possible implementation is:

.NET5 uses the new style projects which auto-include a number of files into your project. This helps keep the projects files small and doesn't cause them to be checked out and changed every time you add, remove or rename a file. Probably the easiest way to fix this for all projects at once is to add a directory.build.props in the root folder of your project to set the false for all projects at once.

Following diagram shows how these filters interact in filter pipeline during request and response life cycle.

According your code, the SignResponseFilter is a Result filter, so, from above diagram, we can know that when the exception executed, it will trigger the Exception Filter first, not trigger the Result Filter. So, the SignResponse not occurs.

If you want to use other Filters with the Exception Filter, you could consider using the Action Filter.

More detail information, check Filters in ASP.NET Core

The problem is that the signature being returned by key vault is in a "raw" (64-byte) format, where the first 32 are R and the last 32 are S. For this to work in bouncycastle, your GenerateSignature method needs to return this in an ASN.1 formatted byte array, which in the end will be somewhere between 70 and 72 bytes.

You can look around online on what this practically means, but you will want to:

1. Create a new byte array for your result
2. split the output from key vault into two initially 32-bit arrays, R and S
3. If the 0th element of either of the R or S arrays has a high MSB, you need to insert a 0 before the start of the respective array (otherwise do nothing and the array stays 32 bytes long).
4. Build the necessary ASN.1 headers (either manually like I showed below, or maybe bouncycastle has some library features to create an ASN.1 message). So at the end, the output byte array should contain

I'm sorry you having problems with JWT. I would recommend you use the DocuSign C# SDK instead of trying to write your own code. Then you can find the example of how to use JWT here - https://github.com/docusign/code-examples-csharp. The specific code relevant to JWT is here - https://github.com/docusign/code-examples-csharp/blob/38c2eb46948a3cbf55edcce758f88d775f80cae9/launcher-csharp/Common/RequestItemService.cs under the UpdateUserFromJWT() method.

Common problems with JWT:

1. Not obtaining consent.
2. Using public token instead of private.
3. Using malform token. Token must be exactly, including new-lines, as provided.
4. Not using correct UserId (GUID) in the request.
5. Not requesting "impersonation" scope in consent (#1 above).

The posted public key is an X.509/SPKI key for NIST P-192 (aka secp192r1 or prime192v1). The signature is given in ASN.1 format. This can be verified most easily with an ASN.1 parser, e.g. here.

There is a bug in the code. In the line