3. Using the
Signature Formatter Classes
The .NET Framework specifies separate formatter
and deformatter
classes, as shown by the hierarchy in Figure 2.
These classes format a hash code using PKCS #1, and sign the result
in conjunction with the abstract and implementation classes. The
functionality that these classes provide is equivalent to using the
methods that we have described in the preceding sections; there is no
specific advantage to using the formatter and deformatter classes.
The abstract AsymmetricSignatureFormatter
class defines the methods
described in
Table 2. The abstract class does not specify how
to format a hash code, and so implementation classes can define any
formatting that is appropriate to an algorithm; both of the default
.NET implementation classes use PKCS #1 formatting.
Table 2. AsymmetricSignatureFormatter members
|
Method
|
Description
|
|---|
|
SetHashAlgorithm
|
Specifies the name of the hashing algorithm that was used to
create
the hash code that will be signed; in the case of PKCS #1 formatting,
the ID of the algorithm will be included in the signed data
|
|
SetKey
|
Specifies an instance of the asymmetric signing algorithm that
will
be used to create the digital signature
|
|
CreateSignature
|
Creates a digital signature from a hash code
|
The following statements
demonstrate how to use the
RSAPKCS1SignatureFormatter class to create a
digital signature:
# C#
// create the plaintext
byte[] x_plaintext = Encoding.Default.GetBytes("Programming .NET Security");
// create a hash code for the plaintext, using the SHA-1 algorithm
byte[] x_hashcode = HashAlgorithm.Create("SHA1").ComputeHash(x_plaintext);
// create an instance of the DSA implementation class
DSACryptoServiceProvider x_dsa = new DSACryptoServiceProvider( );
// create the signature formatter
DSASignatureFormatter x_formatter = new DSASignatureFormatter( );
// set the instance of the DSA algorithm that will sign the data
x_formatter.SetKey(x_dsa);
// set the name of the hashing algorithm we used to create the hash code
x_formatter.SetHashAlgorithm("SHA1");
// create the formatted DSA signature
byte[] x_signature = x_formatter.CreateSignature(x_hashcode);
# Visual Basic .NET
' create the plaintext
Dim x_plaintext As Byte( ) = Encoding.Default.GetBytes("Programming .NET Security")
' create a hash code for the plaintext, using the SHA-1 algorithm
Dim x_hashcode As Byte( ) = HashAlgorithm.Create("SHA1").ComputeHash(x_plaintext)
' create an instance of the DSA implementation class
Dim x_dsa As DSACryptoServiceProvider = New DSACryptoServiceProvider( )
' create the signature formatter
Dim x_formatter As DSASignatureFormatter = New DSASignatureFormatter( )
' set the instance of the DSA algorithm that will sign the data
x_formatter.SetKey(x_dsa)
' set the name of the hashing algorithm we used to create the hash code
x_formatter.SetHashAlgorithm("SHA1")
' create the formatted DSA signature
Dim x_signature As Byte( ) = x_formatter.CreateSignature(x_hashcode)
The abstract AsymmetricSignatureDeformatter
is
the
basis for classes that verify
digital signatures created by subclasses of the
AsymmetricSignatureFormatter class. Table 3
summarizes the methods of the
AsymmetricSignatureDeformatter class.
Table 3. AsymmetricSignatureDeformatter members
|
Method
|
Description
|
|---|
|
SetHashAlgorithm
|
Specifies the name of the hashing algorithm that will be used
to
verify the signature
|
|
SetKey
|
Specifies an instance of the asymmetric signing algorithm that
will
be used to verify the digital signature
|
|
VerifySignature
|
Verifies a digital signature
|
The following statements
demonstrate how to verify a digital
signature using the DSASignatureDeformatter class:
# C#
// create the plaintext
byte[] x_plaintext = Encoding.Default.GetBytes("Programming .NET Security");
// create a hash code for the plaintext, using the SHA-1 algorithm
byte[] x_hashcode = HashAlgorithm.Create("SHA1").ComputeHash(x_plaintext);
// define the signature to verify
byte[] x_signature = new Byte[] {0x7D, 0x2B, 0xD7, 0x3D, 0x88, 0xCB, 0x1B, 0x6B,
0x04, 0x62, 0x95, 0xBE, 0x28, 0x59, 0x3E, 0xC5,
0x40, 0xDA, 0x79, 0xFE, 0x3B, 0x25, 0x08, 0x4B,
0x27, 0xF1, 0x31, 0x2A, 0x6F, 0x7C, 0x6E, 0x35,
0x45, 0x9A, 0x49, 0x4C, 0xA4, 0x5E, 0xE6, 0xA0};
// create an instance of the DSA implementation class
DSACryptoServiceProvider x_dsa = new DSACryptoServiceProvider( );
// create the signature deformatter
DSASignatureDeformatter x_deformatter = new DSASignatureDeformatter( );
// set the instance of the DSA algorithm that will verify the signature
x_deformatter.SetKey(x_dsa);
// set the name of the hashing algorithm we used to create the hash code
x_deformatter.SetHashAlgorithm("SHA1");
// verify the DSA signature
bool x_signature_valid = x_deformatter.VerifySignature(x_hashcode, x_signature);
# Visual Basic .NET
' create the plaintext
Dim x_plaintext As Byte( ) = Encoding.Default.GetBytes("Programming .NET Security")
' create a hash code for the plaintext, using the SHA-1 algorithm
Dim x_hashcode As Byte( ) = HashAlgorithm.Create("SHA1").ComputeHash(x_plaintext)
' define the signature to verify
Dim x_signature As Byte( ) = New Byte( ) {&H7D, &H2B, &HD7, &H3D, &H88, &HCB, _
&H1B, &H6B, &H4, &H62, &H95, &HBE, &H28, _
&H59, &H3E, &HC5, &H40, &HDA, &H79, &HFE, _
&H3B, &H25, &H8, &H4B, &H27, &HF1, &H31, _
&H2A, &H6F, &H7C, &H6E, &H35, &H45, &H9A, _
&H49, &H4C, &HA4, &H5E, &HE6, &HA0}
' create an instance of the DSA implementation class
Dim x_dsa As DSACryptoServiceProvider = New DSACryptoServiceProvider( )
' create the signature deformatter
Dim x_deformatter As DSASignatureDeformatter = New DSASignatureDeformatter( )
' set the instance of the DSA algorithm that will verify the signature
x_deformatter.SetKey(x_dsa)
' set the name of the hashing algorithm we used to create the hash code
x_deformatter.SetHashAlgorithm("SHA1")
' verify the DSA signature
Dim x_signature_valid As Boolean = _
x_deformatter.VerifySignature(x_hashcode, x_signature)
