signing with same certificate in C# code and sql server gives different results

Philip Stuyck 1 Reputation point
2023-11-20T13:42:10.5733333+00:00

I created a selfsigned certificate in IIS and exported it in pfx format Then I used pvkconverter to create a cer file and a pvk file

I import these 2 files in localdb using :

CREATE CERTIFICATE test3   
FROM FILE = 'c:\sql\pvkder.cer'   
    WITH PRIVATE KEY (FILE = 'c:\sql\pvkder.pvk',   
    DECRYPTION BY PASSWORD = 'sec4ChipSoft!');  

This import is successfull

if i now use signbycert

select SIGNBYCERT(Cert_Id( 'test3' ),'Philip');

the result is :

0x01000502040000006D545003C12AAB0C900B932698CCCD4F117DAE5621EA36CFC63ACF388E44FDEFCCE576286056BA0504DB5D96C1811E5769B21560D4E455F59D3FFBE7CDBD71AC4EE222FC5F6D8960C1EA7649BED4292EE8199C18B01EE5644B8D83FE81F8747FC760E0765BB1FC67933218E7D359F7226E6639B99E6728C507AF05BB68E147627328794A12FDBDCCD30118F4A60F516F9FD29CAF24F64EADAB568523364930A9FE81670D6EF75AD431AC28C169718C36F2F9377B1A0DAF5EA58493AC2CC0342E1C90A9E746C65E8D3535C4AB9D7C364F4FEC2DA3BC691636BA9846D7E6B310FDA665EF16C29A24DDCE6C141610D53B5FE924EE93C6713C875FEB780260EC1888

now in C# code i do this :

string password = "sec4ChipSoft!";
X509Certificate2 certificate = new X509Certificate2("C:\\SQL\\ChipSoftCertificate.pfx", password);//public X509Certificate2 (string fileName, string? password, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags keyStorageFlags);
    
RSA provider = certificate.GetRSAPrivateKey();
var data = Encoding.UTF8.GetBytes("Philip");
var signature = provider.SignData(data, HashAlgorithmName.MD5, RSASignaturePadding.Pkcs1);
var ssignature = Convert.ToHexString(signature);
signature = provider.SignData(data, HashAlgorithmName.SHA1, RSASignaturePadding.Pkcs1);
ssignature = Convert.ToHexString(signature);
signature = provider.SignData(data, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
ssignature = Convert.ToHexString(signature);
signature = provider.SignData(data, HashAlgorithmName.SHA384, RSASignaturePadding.Pkcs1);
ssignature = Convert.ToHexString(signature);
signature = provider.SignData(data, HashAlgorithmName.SHA512, RSASignaturePadding.Pkcs1);
ssignature = Convert.ToHexString(signature);

then none of the signatures are the same as the one created on sql server.

As a matter of fact if i do the signing in sql server then the signature is 8 bytes longer. It seems that 0x0100050204000000 is some kind of header. But the remaining bytes are then again allways different from any signature i create in C#.

The reason i do this is that ultimately i want to sign something in C# code and verify the signature in sql server for security purposes

But as it looks now this mechanism does not work. What am I doing wrong

The thing is that the verification on sql server works with the sign created on sql server and the same is true for the C# code. But i cannot use the combination of sql server and C#

Any help is appreciated. Does sql server use different padding ? a different hashing ? Some sort of encapsulation ? Is there a way to find out ?

select @@VERSION

yields

Microsoft SQL Server 2019 (RTM-CU12) (KB5004524) - 15.0.4153.1 (X64) Jul 19 2021 15:37:34 Copyright (C) 2019 Microsoft Corporation Express Edition (64-bit) on Windows 10 Enterprise 10.0 <X64> (Build 19045: )

And the target framework of the C# code is .NET 7

SQL Server
SQL Server
A family of Microsoft relational database management and analysis systems for e-commerce, line-of-business, and data warehousing solutions.
13,637 questions
C#
C#
An object-oriented and type-safe programming language that has its roots in the C family of languages and includes support for component-oriented programming.
10,821 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Bruce (SqlWork.com) 63,746 Reputation points
    2023-11-20T16:13:08.94+00:00

    With RSA encryption, unlike a hash, the result string will be different with encryption. You need to decrypt to compare values.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.