Recently I had the joy of busting open the cryptographic documentation to figure out how to sign a file, and verify that signature.
There are a lot of documentations for .NET Framework - but it's pretty damn sparse for working in UWP, and I assume .NET Core.
This is serving as my external brain on how to sign and verify for UWP.
We're just signing a file to be able to prove it came from ourselves. Some on-prem and cloud based communication verification.
The Signing Code
byte certificateBytes = File.ReadAllBytes(pathToCertificate)); X509Certificate2 x509Certificate = new X509Certificate2(certificateBytes, certificatePassword); RSA rsaPrivateKey = x509Cert.GetRSAPrivateKey(); byte signatureData = rsaPrivateKey.SignData(byteArrayToSign, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
Pretty straigt forward. It's just finding the order of doing things when it's not documented that becomes a PIA.
The Verify Code
IBuffer certBytes = await FileIO.ReadBufferAsync(await StorageFile.GetFileFromApplicationUriAsync(_certificateLocationUri)); X509Certificate2 publicKeyCert = new X509Certificate2(certBytes.ToArray()); AsymmetricKeyAlgorithmProvider asymmetricKeyAlgorithmProvider = AsymmetricKeyAlgorithmProvider.OpenAlgorithm(AsymmetricAlgorithmNames.RsaSignPkcs1Sha256); CryptographicKey cryptoKey asymmetricKeyAlgorithmProvider.ImportPublicKey(publicKeyCert.PublicKey.EncodedKeyValue.RawData.AsBuffer(), CryptographicPublicKeyBlobType.Pkcs1RsaPublicKey); bool verified = CryptographicEngine.VerifySignature(cryptoKey, byteArrayOfSigned, signatureData);
byteArrayOfSigned is the same data as
byteArrayToSign and the
signatureData is the same data in signing and verifying.
Again - This is all really simple - unless you don't know how to do it. Then it's a giant pain.
I managed to figure it out by a few "shot in the dark" attempts.
That's all for this quick shot.