a question about RSACng in my .net test solution, pls help.

Chao Wong 1 Reputation point
2022-06-25T10:22:22.317+00:00

in my c# test demo, I'm confused about the RSACng,some demo code as bellow:

// demo code start ....
// ========================================================
private static byte[] StringToBytes(string s)
{
int sLen = s.Length;
int bytesLen = sLen / 2;
byte[] bytes = new byte[bytesLen];
int position = 0;
for (int i = 0; i < bytesLen; i++)
{
string abyte = s.Substring(position, 2);
bytes[i] = Convert.ToByte(abyte, 16);
position += 2;
}
return bytes;
}

private static void test() {
RSACng cng = new RSACng(0x800);
if (keyfile == null)
{
cng.FromXmlString("<RSAKeyValue><Modulus>t+l0S0X6piDTHDDpY4bpzV+5k97KRcnWCJT3fbnuqdB4RXaUgJ33BSTXMOLADwRuYFMjvVADvyypu7RcxRFaHc4lfUIDT34cej4aaOiaABCNGCisJr1xrkrJuSMLm8EBZ0apAV5w8dm9f1ZLl2Fk/8HZbpOrQGbVy/QC9fxTEVGpgFwHFqvLmCX+AvOJfleRemTMLHpx6IMzWQqpWSPPSmvkJBr3jKkEXWW2dIcZQknjaQPdpMl1/qc8B8GRZ1RF/l/PRXL4vUeVuoGnVFBVKZIvgYJxm0Mc6ycWyofiuoOgHoXvdeRjiC0LU3a2s9ZoGeJsK2dPCp3e/pNCQ86HrQ==</Modulus><Exponent>AQAB</Exponent><P>39EYY28sGxQ7lT1W3VtvAW75TCvL692JsI7d8/AP93F10H6wvmtROozPm4H6NE/8mNZlsS+CVajRtRqve9pvAkMUfmlSEZ6plUSxGX97fGcwEWeInbG1bmppF2RX3F79M66E3CpzVI2+BMdvbn8x8QSza/efYhWwdRKoTwJKy9c=</P><Q>0ltsnaSbqW4pZz/RwlMaUFsKfMFkAf8gIIxoMrEa+45zVCk75/yUD2MGoodWpONIdSG3EJf8Oh2z4qvmSwSN3vus0+Q9cSDaBKrimPTjbPT6w6cfczBPPP6KPiEG5wK05Z1ON2RnFfNkc88wLVQZdiLuRLXLj5Sg9RWRaFbMOBs=</Q><DP>fjPPBrJ3MkW0WzCdPHAEJdDHbbX8ZGEk9JN6f8RLnIEzp37odlbZFKS1o8Akrz6y9hNegAyD930b0nzbmoDOu33LnoQQrLLEeNCk8/W4Uat1pTq2BAVigoIqA/CmwjIln/C2Jdch9Pl/vf4ezTWXmYnHCgg0rQAB4eHFWde3CT0=</DP><DQ>h/ikmrmeDMSyapTsB0okRjCy9LUk6c15fNCFQc8M+/G2Rn5oxKmVIuUFkuUccnSfj2b9p/I2DXLJpgkrUO5erfXMXyK3PHrZsg6rbedNYk5wESvjvldJwMlfno1Gougy+gDWYCO8JoovMlSIdaRY2O33Sd6g9+xApmsMlH8WfmU=</DQ><InverseQ>RlMaGSEt/jZzhTpxooT6XDV22xDwNIYUqXAc2HPfK9BD2XPSJh+yup2CV5tMzUq88h/69VsqjWwgOdv4VRkRFbSpoQDckzFTxcYXyzbpANhuyHVpaoVNQgEqhjZZ/NcLV4p2fcC8Q4pNsRQHTSha7DAok25oFBrAF2zhfDkZ5tg=</InverseQ><D>Z7/IPiqVEqDT10R0dRQH0zbcLuHxA9uv5Zl74K5CSAP1xWH2tnPmhT1aNBbGt/IM/kQIlmSMKI3elqhR6U43ozbHCVlzGqYPFJryNRp6veyYW/ed3iDi/6rrD4kIpG4GB6fh8YbAen8WGr6o2BY2bt2BdpLRefxJQcw+21vj1JFi+iYEGx9eK9R8smhc7EDyxuKDfXHg+fpBJI02HOjEBTirIzfRyMat5d6Y1Qp+qrpUWmPV4Um+hA3eZnF4yN9cU4jqAMGNr4GfCsSgbrD32qEickZlaDskt4nQzt4689UHlNcXnMeQd3tseiFy5RclioQgARub5ZZcFwvehTjPlQ==</D></RSAKeyValue>");

string str3 = "4D5ED0D50B41043E00ADE7875D7C0A1A076BA6BDD812A352AFE0C0A00626C9BC";
byte[] hash = StringToBytes(str3);
byte[] hash_sign = cng.SignHash(pb, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);

// and the code block works just fine: verify pass ...
/*
bool bhevri = cng.VerifyHash(hash, hash_sign, HashAlgorithmName.SHA256, RSASignaturePadding.Pss);
if (bhevri)
{
Console.WriteLine("verify pass\n");
}
else
{
Console.WriteLine("verify fail\n");
}
*/

// save byte[] hash to file hash.bin and byte[] hash_sign to hash_sign.bin ...
// ...
}
}
// demo code end ....
// ========================================================

and then I use openssl to verify hash_sign.bin like this:

  1. convert the xml-formated keyfile string which is used by "cng.FromXmlString("<keyfile>")"(as above) to a file as test-private.pem,and save it.
  2. use openssl to generate test-public.pem
  3. use openssl to verify the file hash_sign.bin with the hashfile hash.bin

I've tried again and again,but unfortunately it fails and the output is "verification failure"
but it just works fine in RSACng verify code(c# democode above: cng.VerifyHash(...) return true...)

I don't known how to explain this.so pls help , thanks !!!

C#
C#
An object-oriented and type-safe programming language that has its roots in the C family of languages and includes support for component-oriented programming.
6,956 questions
.NET Runtime
.NET Runtime
.NET: Microsoft Technologies based on the .NET software framework.Runtime: The period of time during which a program is being executed in a computer.
955 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Chao Wong 1 Reputation point
    2022-06-27T11:15:23.413+00:00

    I've fixed it.
    openssl dgst -verify pub.pem -sha256 -sigopt rsa_padding_mode:pss signature sig.bin file.bin

    it's my fault that file.bin is the orginal file which is signed with rsa, not the hash hex file(generated by file.bin), this is the keypoint.

    Thanks for your attention. Thank you.

    No comments