RSACryptoServiceProvider.SignHash Method

Definition

Computes the signature for the specified hash value.

Overloads

SignHash(Byte[], String)

Computes the signature for the specified hash value.

SignHash(Byte[], HashAlgorithmName, RSASignaturePadding)

Computes the signature for the specified hash value using the specified padding.

SignHash(Byte[], String)

Source:
RSACryptoServiceProvider.Unix.cs
Source:
RSACryptoServiceProvider.Unix.cs
Source:
RSACryptoServiceProvider.Unix.cs

Computes the signature for the specified hash value.

public byte[] SignHash (byte[] rgbHash, string? str);
public byte[] SignHash (byte[] rgbHash, string str);

Parameters

rgbHash
Byte[]

The hash value of the data to be signed.

str
String

The hash algorithm identifier (OID) used to create the hash value of the data.

Returns

Byte[]

The RSA signature for the specified hash value.

Exceptions

The rgbHash parameter is null.

The cryptographic service provider (CSP) cannot be acquired.

-or-

There is no private key.

Examples

The following code example encrypts some data, creates a hash of the encrypted data, and then signs hash with a digital signature.

// This example uses the SHA1 algorithm.
// Due to collision problems with SHA1, Microsoft recommends SHA256 or better.
using System;
using System.Text;
using System.Security.Cryptography;

namespace RSACryptoServiceProvider_Examples
{
    class MyMainClass
    {
        static void Main()
        {
            byte[] toEncrypt;
            byte[] encrypted;
            byte[] signature;
            //Choose a small amount of data to encrypt.
            string original = "Hello";
            ASCIIEncoding myAscii = new ASCIIEncoding();

            //Create a sender and receiver.
            Sender mySender = new Sender();
            Receiver myReceiver = new Receiver();

            //Convert the data string to a byte array.
            toEncrypt = myAscii.GetBytes(original);

            //Encrypt data using receiver's public key.
            encrypted = mySender.EncryptData(myReceiver.PublicParameters, toEncrypt);

            //Hash the encrypted data and generate a signature on the hash
            // using the sender's private key.
            signature = mySender.HashAndSign(encrypted);

            Console.WriteLine("Original: {0}", original);

            //Verify the signature is authentic using the sender's public key.
            if (myReceiver.VerifyHash(mySender.PublicParameters, encrypted, signature))
            {
                //Decrypt the data using the receiver's private key.
                myReceiver.DecryptData(encrypted);
            }
            else
            {
                Console.WriteLine("Invalid signature");
            }
        }
    }

    class Sender
    {
        RSAParameters rsaPubParams;
        RSAParameters rsaPrivateParams;

        public Sender()
        {
            RSACryptoServiceProvider rsaCSP = new RSACryptoServiceProvider();

            //Generate public and private key data.
            rsaPrivateParams = rsaCSP.ExportParameters(true);
            rsaPubParams = rsaCSP.ExportParameters(false);
        }

        public RSAParameters PublicParameters
        {
            get
            {
                return rsaPubParams;
            }
        }

        //Manually performs hash and then signs hashed value.
        public byte[] HashAndSign(byte[] encrypted)
        {
            RSACryptoServiceProvider rsaCSP = new RSACryptoServiceProvider();
            SHA1Managed hash = new SHA1Managed();
            byte[] hashedData;

            rsaCSP.ImportParameters(rsaPrivateParams);

            hashedData = hash.ComputeHash(encrypted);
            return rsaCSP.SignHash(hashedData, CryptoConfig.MapNameToOID("SHA1"));
        }

        //Encrypts using only the public key data.
        public byte[] EncryptData(RSAParameters rsaParams, byte[] toEncrypt)
        {
            RSACryptoServiceProvider rsaCSP = new RSACryptoServiceProvider();

            rsaCSP.ImportParameters(rsaParams);
            return rsaCSP.Encrypt(toEncrypt, false);
        }
    }

    class Receiver
    {
        RSAParameters rsaPubParams;
        RSAParameters rsaPrivateParams;

        public Receiver()
        {
            RSACryptoServiceProvider rsaCSP = new RSACryptoServiceProvider();

            //Generate public and private key data.
            rsaPrivateParams = rsaCSP.ExportParameters(true);
            rsaPubParams = rsaCSP.ExportParameters(false);
        }

        public RSAParameters PublicParameters
        {
            get
            {
                return rsaPubParams;
            }
        }

        //Manually performs hash and then verifies hashed value.
        public bool VerifyHash(RSAParameters rsaParams, byte[] signedData, byte[] signature)
        {
            RSACryptoServiceProvider rsaCSP = new RSACryptoServiceProvider();
            SHA1Managed hash = new SHA1Managed();
            byte[] hashedData;

            rsaCSP.ImportParameters(rsaParams);
            bool dataOK = rsaCSP.VerifyData(signedData, CryptoConfig.MapNameToOID("SHA1"), signature);
            hashedData = hash.ComputeHash(signedData);
            return rsaCSP.VerifyHash(hashedData, CryptoConfig.MapNameToOID("SHA1"), signature);
        }

        //Decrypt using the private key data.
        public void DecryptData(byte[] encrypted)
        {
            byte[] fromEncrypt;
            string roundTrip;
            ASCIIEncoding myAscii = new ASCIIEncoding();
            RSACryptoServiceProvider rsaCSP = new RSACryptoServiceProvider();

            rsaCSP.ImportParameters(rsaPrivateParams);
            fromEncrypt = rsaCSP.Decrypt(encrypted, false);
            roundTrip = myAscii.GetString(fromEncrypt);

            Console.WriteLine("RoundTrip: {0}", roundTrip);
        }
    }
}

Remarks

This method creates a digital signature that is verified using the VerifyHash method.

The valid hash algorithms are SHA1 and MD5. The algorithm identifier can be derived from the hash name by using the MapNameToOID method.

Due to collision problems with SHA1 and MD5, Microsoft recommends a security model based on SHA256 or better.

See also

Applies to

.NET 9 og aðrar útgáfur
Vara Útgáfur
.NET Core 1.0, Core 1.1, Core 2.0, Core 2.1, Core 2.2, Core 3.0, Core 3.1, 5, 6, 7, 8, 9
.NET Framework 1.1, 2.0, 3.0, 3.5, 4.0, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8, 4.8.1
.NET Standard 2.0, 2.1

SignHash(Byte[], HashAlgorithmName, RSASignaturePadding)

Source:
RSACryptoServiceProvider.Unix.cs
Source:
RSACryptoServiceProvider.Unix.cs
Source:
RSACryptoServiceProvider.Unix.cs

Computes the signature for the specified hash value using the specified padding.

public override byte[] SignHash (byte[] hash, System.Security.Cryptography.HashAlgorithmName hashAlgorithm, System.Security.Cryptography.RSASignaturePadding padding);

Parameters

hash
Byte[]

The hash value of the data to be signed.

hashAlgorithm
HashAlgorithmName

The hash algorithm name used to create the hash value of the data.

padding
RSASignaturePadding

The padding.

Returns

Byte[]

The RSA signature for the specified hash value.

Exceptions

hashAlgorithm is null or Empty.

hash is null.

-or-

padding is null.

padding does not equal Pkcs1.

Applies to

.NET 9 og aðrar útgáfur
Vara Útgáfur
.NET Core 1.0, Core 1.1, Core 2.0, Core 2.1, Core 2.2, Core 3.0, Core 3.1, 5, 6, 7, 8, 9
.NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8, 4.8.1
.NET Standard 2.0, 2.1