Verify integrity Ceritifcate { RSACryptoServiceProvider - SHA1 - thumbprint }

Question

I have a little problem. I want to verify the integrity of a certificate.

So I did this code:

using System.Security.Cryptography;
using System.Runtime.InteropServices;
using System.Security.Cryptography.X509Certificates; 

SHA1Managed sha1 = new SHA1Managed();
RSACryptoServiceProvider csp = null;
AsymmetricAlgorithm rsaAlgo = certificatEnCours.PublicKey.Key;
byte[] data = null;
byte[] hash = null;

string keyPublic = "";
string signatureLikeInteger = "";

bool verif = false;

// ------------- PART 1 -------------

signatureLikeInteger = certificatEnCours.Thumbprint;

data = Convert.FromBase64String(signatureLikeInteger);

// ------------- PART 2 -------------

hash = sha1.ComputeHash(certificatEnCours.RawData);

keyPublic = rsaAlgo.ToXmlString(false);

csp = new RSACryptoServiceProvider();

csp.FromXmlString(keyPublic);

// ------------------------------

verif = csp.VerifyData(hash, CryptoConfig.MapNameToOID("SHA1"), data);

My problem its that i already have the value "false" on my variable "verif".

could someone please reformat the question. It's awfully hard to read it. — AlexDrenea, Jun 19 '09 at 09:17

Matthew Flaschen · Accepted Answer · 2009-06-19T10:17:16.127

There is no actual question here. You are right that you are unconditionally ignoring the initial value of verif. More importantly, have you considered using X509Certificate2 to do verification?:

X509Certificate2 x2 = new X509Certificate2(certificatEnCours);
bool verif = x2.Verify();

I think this is wiser than re-inventing the wheel.

EDIT: If you are verifying a chain of certificates I believe you want to use X509Chain and in particular the ChainStatus property.

Verify integrity Ceritifcate { RSACryptoServiceProvider - SHA1 - thumbprint }

1 Answers1