0

I've tried many times over to get C# and Python to sign the same the same way but have failed in all my attempts, is there something that I'm not doing correctly?

C#:

RSAPKCS1SignatureFormatter formatter = new RSAPKCS1SignatureFormatter(key);
formatter.SetHashAlgorithm("SHA1");
byte[] signature = formatter.CreateSignature(hash);

Python (using PyCrypto):

signature = PKCS1_v1_5.new(key).sign(SHA.new(message))
John Dong
  • 65
  • 6
  • The padding is likely randomized. Does the signature change every time? If so, then you need to create a signature in one environment and verify it in the other in order to check compatibility. – Artjom B. Feb 17 '16 at 20:25
  • Yes, it changes every time but it's not static data being signed it's randomized bytes and a timestamp. – John Dong Feb 18 '16 at 00:00
  • What do you mean with `message = formatter.CreateSignature(hash);`. Shouldn't you be generating a *signature* from a *hashed message*? – Maarten Bodewes Feb 18 '16 at 00:25
  • @ArtjomB. PKCS#1 v1.5 padding for *signature generation* is not randomized by itself; it's fully deterministic. PKCS#1 v1.5 padding for encryption is though. – Maarten Bodewes Feb 18 '16 at 00:29
  • I am generating a signature from a hashed message. Both the C# version and the Python version need to generate a signature that's able to be communicated between the two languages and currently it doesn't. – John Dong Feb 18 '16 at 01:06
  • The C# code works but the Python code doesn't, anyone have any idea what's up? – John Dong Feb 20 '16 at 10:28
  • @JohnDong You seem to be hashing it yourself. Have you verified that the hashes in C# and Python are the same? (Please use @ replies if you expect somebody to receive a notification). – Artjom B. Feb 20 '16 at 10:39
  • @ArtjomB. Both SHA-1 hashes are the same. – John Dong Feb 20 '16 at 11:05
  • Have you tried to verify the signature that you generate in Python with C#? – Artjom B. Feb 20 '16 at 11:07
  • @ArtjomB.Yes, the Python signature fails with the same data input. – John Dong Feb 20 '16 at 11:10
  • @ArtjomB. I've noticed that the C# signature doesn't change even though the private key that signs it does because it has a random private exponent of 16 length. The python one, however, changes everytime that it's run. – John Dong Feb 21 '16 at 18:32
  • That is strange. I don't have much experience with the signature generation in C#. Perhaps @MaartenBodewes has some idea. – Artjom B. Feb 22 '16 at 12:02
  • The only thing I can think of is that the private key is a CRT private key for which the private exponent is simply ignored. – Maarten Bodewes Feb 23 '16 at 02:04
  • Note that the private exponent and/or CRT parameters are generated for a specific public/private key pair and modulus. You cannot simply replace the private exponent and expect to have a valid private key left. – Maarten Bodewes Feb 23 '16 at 02:15
  • @MaartenBodewes well the key is generated from rsa parameters and not from a pregenerated certificate, it encrypts the same way as C# but it doesn't sign the same way. – John Dong Feb 23 '16 at 03:36
  • A private exponent should have a length comparable to the modulus length. A 16 byte private exponent should never happen. You are eorking outside of bounds. – Maarten Bodewes Feb 23 '16 at 08:33
  • @MaartenBodewes meant 0x80 sorry. – John Dong Feb 23 '16 at 21:26
  • @MaartenBodewes any ideas? I've worked my butt off on this to find out the problem and I can't manage to find it so I'm pretty much out of luck. – John Dong Mar 07 '16 at 19:31
  • What type is the `hash` variable in `CreateSignature`? – Maarten Bodewes Mar 07 '16 at 19:43
  • @MaartenBodewes It's a raw SHA1 digest in the form of a byte array. – John Dong Mar 07 '16 at 19:47
  • Shouldn't that be either a digest object or the data itself instead of the hash *over* the data? – Maarten Bodewes Mar 07 '16 at 19:52
  • @MaartenBodewes when you sign you're signing the hash of the data and not the data itself. – John Dong Mar 07 '16 at 20:06
  • True butin general the hashing is *part of* the signature generation. Did you *try*? – Maarten Bodewes Mar 07 '16 at 20:21
  • @MaartenBodewes hash is the SHA1CryptoServiceProvider digest it's 20 bytes. – John Dong Mar 07 '16 at 20:42
  • Let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/105605/discussion-between-maarten-bodewes-and-john-dong). – Maarten Bodewes Mar 07 '16 at 20:45

0 Answers0