DSA signature c#

Question

CertificateI have a Certificate

This is the text i have to verify:

B5080F731EE89EC82FD2E8B22E9_I_CANNOT_SHOW_THE_REAL_TEXT

This is the signed:

MIIBUwYJKoZIhvcNAQcCoIIBRDCCAUACAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHATGCAR8wggEbAgEBMG8wZDELMAkGA1UEBhMCREUxHDAaBgNVBAoTE1NBUCBUcnVzdCBDb21tdW5pdHkxEzARBgNVBAsTClNBUCBXZWIgQVMxFDASBgNVBAsTC0kwMDIwMjEyMzYwMQwwCgYDVQQDEwNFMTUCByASBQYIEQgwCQYFKw4DAhoFAKBdMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTE4MDYyNzE5MzcyNVowIwYJKoZIhvcNAQkEMRYEFDgpp0877pKaChyIGVw5sPeD0W03MAkGByqGSM44BAMEMDAuAhUA4PH8bdBPHHtuPHvhJxjei%2BFrJYUCFQCnZ6IABDiRlctS9E9N3IQK60JLIg%3D%3D

Can´t find a way to do verify the signature with c#. When i use the "normal" DSACryptoServiceProvider I always get the error saying the signature size should be 40 bytes.

I just need to know were to go. wath to use I know is DSA. I know the signature is around 500bytes

this is the code i'm trying:

DSACryptoServiceProvider csp = (DSACryptoServiceProvider)CurrentCer.csp.PublicKey.Key;

SHA1Managed sha1 = new SHA1Managed();
byte[] data = Encoding.UTF8.GetBytes(ToSign);
byte[] hash = sha1.ComputeHash(data);

var base64EncodedBytes = System.Convert.FromBase64String(signature);
result = csp.VerifyHash(hash, CryptoConfig.MapNameToOID("SHA1"), base64EncodedBytes);

DSASignatureDeformatter verifier = new DSASignatureDeformatter(csp);
verifier.SetHashAlgorithm("SHA1");
bool valid = verifier.VerifySignature(hash, base64EncodedBytes);

I've read your post several times and have no idea what you are asking. You have a certificate. Okay. You can't find a way to do "this". What is *this*? — , Jun 28 '18 at 17:21
Why do you say in one sentence that the signature should only be 40 bytes, but elsewhere you say you *know* the signature is 500 bytes? — , Jun 28 '18 at 17:26
Hi Amy. this is verify the signature. I have the publickey in the certificate, the signature to verify ans the text to verify against — Henrique, Jun 28 '18 at 17:26
When i use the "normal" DSACryptoServiceProvider i allways get the error saying the signature size sould be 40 bytes. I receive a 500bytes signature — Henrique, Jun 28 '18 at 17:28

score 0 · Accepted Answer · answered Jun 28 '18 at 20:29

Your data isn't a signature, per se. It's a query-string-encoded base64-encoded representation of a CMS Signed-Data with detached content, and it happens to have been signed with DSA.

str = Uri.UnescapeDataString(str);
byte[] signatureMessage = Convert.FromBase64String(str);
ContentInfo content = new ContentInfo(yourDataHere);
SignedCms signedCms = new SignedCms(content, detached: true);
signedCms.Decode(signatureMessage);

SignerInfoCollection signers = signedCms.SignerInfos;

if (signers.Count != 1 || signers[0].Certificate != null)
{
    // Reject it, this isn't what you're looking for.
    // At least, based on the sample you gave.
    //
    // You could, for Count == 1, accept Certificate == null or
    // Certificate.RawData.SequenceEqual(CurrentCer.RawData),
    // if you're so inclined.
}

// This throws if the signature doesn't check out.
signedCms.CheckSignature(new X509Certificate2Collection(CurrentCer), verifySignatureOnly: true);

Hi bartonjs, I get the exception 'The hash value is not correct'. Does this means that the signature was not verified? — Henrique, Jun 29 '18 at 09:50
@Henrique correct. The combination of input bytes, input (or stored) cert, and existing signature don’t go together, if your input was text, make sure it’s not a Unix vs Windows beeline reinterpret. — bartonjs, Jun 29 '18 at 13:05

DSA signature c#

1 Answers1