tags:

views:

742

answers:

4
+2  Q: 

Sign a file using a private key in .NET

How do I sign a file using .NET and how do I then validate that the generated key is a valid one once I read it?

My goal is to have a text file with some values and a generated key. I then want to be able to check that generated key in the file to make no one has tampered with the values in the file once I sent the file to a customer.

Update: Found it here with some help from the answers.

A: 

You have two possibilities:

  • Once is on project properties on the Sign option.
  • The second is modify the AssemblyInfo.cs file and add the commands to use the sn generated: [assembly: AssemblyKeyFile("..\\..\\SN_Generated.snk")]
jaloplo  2009-04-06 09:00:13
I don't want to sign a assembly. I want to generate a value in a file to avoid tampering with the values in that file.
Riri  2009-04-06 09:10:08
A: 

The definitive reference at MSDN

and

Assembly Signing for Dummies

Cerebrus  2009-04-06 09:08:35
I don't want to sign a assembly. I want to generate a value in a file to avoid tampering with the values in that file.
Riri  2009-04-06 09:11:15
+2  A: 

If you want to sign a assembly, jaloplo gave the solution.

If you want to sign some files created by your program, have a look at the DSACryptoServiceProvider class in the System.Security.Cryptography namespace.

Daniel Brückner  2009-04-06 09:14:10
+1  A: 

Try this:

class Program
{
    static byte[] Sign(string message, RSAParameters key)
    {
        RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();
        rsa.ImportParameters(key);

        byte[] toSign = Encoding.Unicode.GetBytes(message);
        return rsa.SignData(toSign, "SHA1");
    }

    static bool Verify(string message, byte[] signature, RSAParameters key)
    {
        RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();
        rsa.ImportParameters(key);

        byte[] toVerify = Encoding.Unicode.GetBytes(message);
        return rsa.VerifyData(toVerify, "SHA1", signature);
    }

    static void Main(string[] args)
    {
        string message = "Let's sign this message.";

        RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(); // Creates a new RANDOM key.
        RSAParameters privatekey = rsa.ExportParameters(true);
        RSAParameters publickey = rsa.ExportParameters(false);

        byte[] signature = Sign(message, privatekey);

        if (Verify(message, signature, publickey))
        {
            Console.WriteLine("It worked!");
        }
    }
}

It's important to note that a new public/private keypair is generated everytime you start this program. In order to do what you want, you'll want to save the public/private keypair before using it at both ends. Your public key is the only thing you need to verify, so your private key will not be published to the client.

You might want to take a look at ExportParameters or ExportCspBlob to accomplish saving/loading the public/private keypair.

Dave Van den Eynde  2009-04-06 11:35:58

related questions

Subsonic Vs NHibernate
How to check For File Lock in C# ?
Is nAnt still supported and suitable for .net 3.5/VS2008?
Limit size of Queue<T> in .NET?
Viewstate invalid when using Safari
Free OCR library
Unhandled Exception Handler in .NET 1.1
Localising date format descriptors
Get a new object instance from a Type in C#
VFP .NET OLEdb provider does not work in Win 64-Bits. Help
.NET Testing Framework Advice
Embedded Database for .net that can run off a network
Automatically update version number
Homegrown consumption of web services
How do you migrate a large app from VB6 to VB .net ?
.NET Migrations Engine
Adding Scripting functionality to .NET applications
SQLite and XSD
Floating Point Number parsing: Is there a Catch All algorithm?
How do I programmatically create a PDF in my .NET application?
How do I sync the SVN revision number with my ASP.NET web site?
XSD DataSets and ignoring foreign keys
Anatomy of a "Memory Leak"
Reliable Timer in a Console Application
How do I calculate relative time?