.net RSA sign data error with PSS padding

Question

I have a question re. the use of Crypto in .net as follows. I have a .pem file which I am able to parse to a private key and would like to sign some data bytes. The code I'm using is below:

byte[] pemkey = Convert.FromBase64String(privateKeyString);

RSACryptoServiceProvider RSA = DecodeRSAPrivateKey(pemkey);//function to parse .pem file

byte[] fileBytes = File.ReadAllBytes(@"C:\...");

byte[] signature = RSA.SignData(fileBytes, HashAlgorithmName.SHA256, RSASignaturePadding.Pss);

When running this, at the last statement (RSA.SignData), I've got an exception CryptographicException is not handled: Specified padding mode is not valid for this algorithm.

I'm not sure what is missing from my code as my search on Google did not return much result.

Any help is appreciated. Many thanks

jariq · Accepted Answer · 2017-08-16T10:50:19.027

2

I have never seen PSS padding working with RSACryptoServiceProvider but I have seen it working fine with RSACng. You can try it quickly with following modification of your code:

byte[] pemkey = Convert.FromBase64String(privateKeyString);

RSACryptoServiceProvider RSA = DecodeRSAPrivateKey(pemkey);//function to parse .pem file

RSAParameters rsaParams = RSA.ExportParameters(true);
RSACng RSACng = new RSACng();
RSACng.ImportParameters(rsaParams);

byte[] fileBytes = File.ReadAllBytes(@"C:\...");

byte[] signature = RSACng.SignData(fileBytes, HashAlgorithmName.SHA256, RSASignaturePadding.Pss);

edited Aug 16 '17 at 10:50

answered Aug 16 '17 at 10:44

jariq

11,681
3
33
52

1

Correct, RSACryptoServiceProvider doesn't (and won't ever) support PSS. https://github.com/dotnet/corefx/blob/master/Documentation/architecture/cross-platform-cryptography.md#rsa – bartonjs Aug 16 '17 at 14:53
awesome, it works. MSDN didn't mention anything about not being able to use PSS with RSACryptoServiceProvider. Thanks guys – Kevin Le Aug 17 '17 at 11:48

.net RSA sign data error with PSS padding

1 Answers1

Linked