Hello,
I am trying to use RSAPKCS1SignatureDeformatter.VerifySignature() but am
getting a System.NotSupportedException, Additional information:
EncryptValue. I know that RSA.EncryptValue() isn't supported but is the
downstream effect that AsymmetricSignatureDeformatter isn't either? That
seems a bit odd as there are examples of its use around so it must work for
someone?

Can anyone explain how to get round this or paste some code that IS
working please?

--
RSAPKCS1SignatureDeformatter asd = new RSAPKCS1SignatureDeformatter(rsaKey);
asd.SetHashAlgorithm("MD5");
asd.VerifySignature(hash, signature);
--

"Mark Shasby" <mark (AT) shasby (DOT) com> wrote
The RSAPKCS1SignatureDeformatter is certainly supported by the .NET
framework; in fact, I often use code like yours and never had any problems
with it.
However, the exception you're getting is a bit odd if you're using an
RSACryptoServiceProvider as the key. The RSAPKCS1SignatureDeformatter makes
a difference between an RSACryptoServiceProvider and other descendants of
the RSA class. If the key you passed to it is from the
RSACryptoServiceProvider type, it calls the
RSACryptoServiceProvider.SignData. If it's not an RSACryptoServiceProvider,
it calls the RSA.Encrypt method.
Since the error message you're getting says something about an exception in
the EncryptValue method, I assume the 'rsaKey' variable does not contain an
RSACryptoServiceProvider. Is this correct? Could you tell us something more
about the type of object in that variable? If you manually call
rsaKey.EncryptValue, does that work?

Regards,
Pieter Philippaerts

Ahhh good point, thanks - if I view locals at the time of the exception it
is actually a
Microsoft.Web.Services2.Security.Cryptography.RSAC ryptoServiceProvider. I
thought these were all the same thing but obviously not! I obtained this
(in another class somewhere) by retrieving a
Microsoft.Web.Services2.Security.X509.X509Certific ate from the Windows
certificate store and the PublicKey property. Can I convert this to a
System.Security.Cryptography.RSA<something> or should I do something else?
Casting didn't seem to work

"Pieter Philippaerts" <Pieter.nospam (AT) mentalis (DOT) org> wrote

"Mark Shasby" <mark (AT) shasby (DOT) com> wrote in message
(for clarity I've abbreviated
Microsoft.Web.Services2.Security.Cryptography.RSAC ryptoServiceProvider to
RSACryptoServiceProvider2 and
System.Security.Cryptography.RSACryptoServiceProvi der to
RSACryptoServiceProvider)

Here are your options:

1] use the RSACryptoServiceProvider2.ExportParameters(true) method to export
the private key to an RSAParameters structure and then use
RSACryptoServiceProvider.ImportParameters to import it in a 'normal'
RSACryptoServiceProvider instance. There are two problems with this
approach. Firstly, it's unlikely that the call to ExportParameters(true)
will succeed since private keys may be unexportable (for security reasons,
it may be on a smartcard, ...). Secondly, you'll have to create an instance
of the RSACryptoServiceProvider before calling the ImportParameters method.
Unfortunately, the constructor of the RSACryptoServiceProvider will
automatically generate an RSA key for you (which is then thrown away after
calling ImportParameters) and this may degrade performance significantly.

2] cast the RSA instance to an RSACryptoServiceProvider2 and call the
SignHash method directly. In case you're wondering what the value of the
oidHash parameter should be, it's "1.2.840.113549.2.5" for MD5 and
"1.3.14.3.2.26" for SHA1.

3] perhaps there's a class in WSE2 that does PKCS#1 signature formatting. If
there is one, it's preferable to use this class of course, but I wasn't able
to find one.

Regards,
Pieter Philippaerts

Thanks, I'm sure I'll get something to work now.


"Pieter Philippaerts" <Pieter.nospam (AT) mentalis (DOT) org> wrote