Cryptography - Signing File

[Allen Holman]

I am attempting to write software using the compact
framework that duplicates on a PDA the file signing we
are using on PCs.

So far, I have been able to write software that computes
an identical 20 byte SHA-1 hash on either the PC or PDA.

However, I have been unable to sign the hash and get
identical results. One problem is that I need to import
my private key to the PDA. I have read an written code
to implement the techniques described in Q228786 and this
allows me to import the public / private key pair, and I
have set the key length so both the PC and PDA return 128
bytes of signed data. The problem is that the byte
streams are not identical.

One problem may be mapping the key from one system to the
other. On the PC, I can export the key as an
RSAParameters object. On the PDA side I have to use a
PRIVATEKEYBLOB class to import the key. The two objects
have different variable names and I have mapped them as
follows

RSAParameter PRIVATEKEYBLOB

D -------------- privateExponent
dP ------------- exponent1
dQ ------------- exponent2
IQ ------------- coefficient
Modulus -------- modulus
P -------------- prime1
Q -------------- prime2

This could be a source of my problem if this is not
correct.

The code I am using to import the key follows:

if (CryptExportKey(hPrivateKey,(IntPtr)0, PRIVATEKEYBLOB,
0, bData, ref iLgth))
{
CryptDestroyKey(hPrivateKey);
hPrivateKey = (IntPtr)0;
CreatePrivateExponentOneKey(bData);
CryptImportKey(hProvider, bData, iLgth, (IntPtr)0, 0, ref
hPrivateKey);
CryptDestroyKey(hPrivateKey);
hPrivateKey = (IntPtr)0;
SetMDIPDAPrivateKey(bData,iLgth);
CryptImportKey(hProvider, bData, iLgth, (IntPtr)0,
CRYPT_EXPORTABLE, ref hPrivateKey);
CryptExportKey(hPrivateKey,(IntPtr)0, PRIVATEKEYBLOB, 0,
bData, ref iLgth);
}

The code to sign the hash is as follows:

CryptSignHash(hHash, AT_SIGNATURE, null, 0, bSignature,
ref iLgth);

Any help in getting this to work will be appreciated.

Allen Holman

 

[Yan-Hong Huang[MSFT]]

Hello Allen,

After reviewing the describtion carefully, I feel it would be best to post this question in the following newsgroup:

Microsoft.public.PlatfromSDK.Security

All Cryptography related issues, configuration and other questions are posted in the newsgroup above.

The reason why we recommend posting appropriately is you will get the most qualified pool of respondents, and other
partners who the newsgroups regularly can either share their knowledge or learn from your interaction with us. Also, this is to
make sure that the responders can better track the problem Thank you for your understanding.

Thanks again for using Microsoft MSDN Newsgroups.

Best regards,
Yanhong Huang
Microsoft Online Partner Support

Get Secure! - www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
!Content-Class: urn:content-classes:message
!From: "Allen Holman" <[email protected]>
!Sender: "Allen Holman" <[email protected]>
!Subject: Cryptography - Signing File
!Date: Thu, 31 Jul 2003 12:32:22 -0700
!Lines: 67
!Message-ID: <[email protected]>
!MIME-Version: 1.0
!Content-Type: text/plain;
! charset="iso-8859-1"
!Content-Transfer-Encoding: 7bit
!X-Newsreader: Microsoft CDO for Windows 2000
!X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
!Thread-Index: AcNXmnavU1cx1u8yToyebd13tcebDQ==
!Newsgroups: microsoft.public.dotnet.framework
!Path: cpmsftngxa06.phx.gbl
!Xref: cpmsftngxa06.phx.gbl microsoft.public.dotnet.framework:50274
!NNTP-Posting-Host: TK2MSFTNGXA11 10.40.1.163
!X-Tomcat-NG: microsoft.public.dotnet.framework
!
!I am attempting to write software using the compact
!framework that duplicates on a PDA the file signing we
!are using on PCs.
!
!So far, I have been able to write software that computes
!an identical 20 byte SHA-1 hash on either the PC or PDA.
!
!However, I have been unable to sign the hash and get
!identical results. One problem is that I need to import
!my private key to the PDA. I have read an written code
!to implement the techniques described in Q228786 and this
!allows me to import the public / private key pair, and I
!have set the key length so both the PC and PDA return 128
!bytes of signed data. The problem is that the byte
!streams are not identical.
!
!One problem may be mapping the key from one system to the
!other. On the PC, I can export the key as an
!RSAParameters object. On the PDA side I have to use a
!PRIVATEKEYBLOB class to import the key. The two objects
!have different variable names and I have mapped them as
!follows
!
!RSAParameter PRIVATEKEYBLOB
!
!D -------------- privateExponent
!dP ------------- exponent1
!dQ ------------- exponent2
!IQ ------------- coefficient
!Modulus -------- modulus
!P -------------- prime1
!Q -------------- prime2
!
!This could be a source of my problem if this is not
!correct.
!
!The code I am using to import the key follows:
!
!if (CryptExportKey(hPrivateKey,(IntPtr)0, PRIVATEKEYBLOB,
!0, bData, ref iLgth))
!{
!CryptDestroyKey(hPrivateKey);
!hPrivateKey = (IntPtr)0;
!CreatePrivateExponentOneKey(bData);
!CryptImportKey(hProvider, bData, iLgth, (IntPtr)0, 0, ref
!hPrivateKey);
!CryptDestroyKey(hPrivateKey);
!hPrivateKey = (IntPtr)0;
!SetMDIPDAPrivateKey(bData,iLgth);
!CryptImportKey(hProvider, bData, iLgth, (IntPtr)0,
!CRYPT_EXPORTABLE, ref hPrivateKey);
!CryptExportKey(hPrivateKey,(IntPtr)0, PRIVATEKEYBLOB, 0,
!bData, ref iLgth);
!}
!
!The code to sign the hash is as follows:
!
!CryptSignHash(hHash, AT_SIGNATURE, null, 0, bSignature,
!ref iLgth);
!
!Any help in getting this to work will be appreciated.
!
!Allen Holman
!
!
!
!
!

 

[Allen Holman]

Hello Yanhong,

I will do so today. Thanks!

Allen

-----Original Message-----
Hello Allen,

After reviewing the describtion carefully, I feel it

would be best to post this question in the following
newsgroup:

Microsoft.public.PlatfromSDK.Security

All Cryptography related issues, configuration and other

questions are posted in the newsgroup above.

The reason why we recommend posting appropriately is you

will get the most qualified pool of respondents, and
other

partners who the newsgroups regularly can either share

their knowledge or learn from your interaction with us.
Also, this is to

make sure that the responders can better track the

problem Thank you for your understanding.

 

[Yan-Hong Huang[MSFT]]

Hi Allen,

Thanks very much for your understanding.

And thanks for participating the community.

Best regards,
Yanhong Huang
Microsoft Online Partner Support

Get Secure! - www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
!Content-Class: urn:content-classes:message
!From: "Allen Holman" <[email protected]>
!Sender: "Allen Holman" <[email protected]>
!References: <[email protected]> <[email protected]>
!Subject: RE: Cryptography - Signing File
!Date: Tue, 5 Aug 2003 08:28:04 -0700
!Lines: 142
!Message-ID: <[email protected]>
!MIME-Version: 1.0
!Content-Type: text/plain;
! charset="iso-8859-1"
!Content-Transfer-Encoding: 7bit
!X-Newsreader: Microsoft CDO for Windows 2000
!X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
!Thread-Index: AcNbZioH0VqSfGwfR+WdakRUNDA7+Q==
!Newsgroups: microsoft.public.dotnet.framework
!Path: cpmsftngxa06.phx.gbl
!Xref: cpmsftngxa06.phx.gbl microsoft.public.dotnet.framework:50593
!NNTP-Posting-Host: TK2MSFTNGXA12 10.40.1.164
!X-Tomcat-NG: microsoft.public.dotnet.framework
!
!Hello Yanhong,
!
!I will do so today. Thanks!
!
!Allen
!
!>-----Original Message-----
!>Hello Allen,
!>
!>After reviewing the describtion carefully, I feel it
!would be best to post this question in the following
!newsgroup:
!>
!>Microsoft.public.PlatfromSDK.Security
!>
!>All Cryptography related issues, configuration and other
!questions are posted in the newsgroup above.
!>
!>The reason why we recommend posting appropriately is you
!will get the most qualified pool of respondents, and
!other
!>partners who the newsgroups regularly can either share
!their knowledge or learn from your interaction with us.
!Also, this is to
!>make sure that the responders can better track the
!problem Thank you for your understanding.
!>
!>Thanks again for using Microsoft MSDN Newsgroups.
!>
!>Best regards,
!>Yanhong Huang
!>Microsoft Online Partner Support
!>
!>Get Secure! - www.microsoft.com/security
!>This posting is provided "AS IS" with no warranties, and
!confers no rights.
!>
!>--------------------
!>!Content-Class: urn:content-classes:message
!>!From: "Allen Holman" <[email protected]>
!>!Sender: "Allen Holman" <[email protected]>
!>!Subject: Cryptography - Signing File
!>!Date: Thu, 31 Jul 2003 12:32:22 -0700
!>!Lines: 67
!>!Message-ID: <[email protected]>
!>!MIME-Version: 1.0
!>!Content-Type: text/plain;
!>! charset="iso-8859-1"
!>!Content-Transfer-Encoding: 7bit
!>!X-Newsreader: Microsoft CDO for Windows 2000
!>!X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
!>!Thread-Index: AcNXmnavU1cx1u8yToyebd13tcebDQ==
!>!Newsgroups: microsoft.public.dotnet.framework
!>!Path: cpmsftngxa06.phx.gbl
!>!Xref: cpmsftngxa06.phx.gbl
!microsoft.public.dotnet.framework:50274
!>!NNTP-Posting-Host: TK2MSFTNGXA11 10.40.1.163
!>!X-Tomcat-NG: microsoft.public.dotnet.framework
!>!
!>!I am attempting to write software using the compact
!>!framework that duplicates on a PDA the file signing we
!>!are using on PCs.
!>!
!>!So far, I have been able to write software that
!computes
!>!an identical 20 byte SHA-1 hash on either the PC or
!PDA.
!>!
!>!However, I have been unable to sign the hash and get
!>!identical results. One problem is that I need to
!import
!>!my private key to the PDA. I have read an written code
!>!to implement the techniques described in Q228786 and
!this
!>!allows me to import the public / private key pair, and
!I
!>!have set the key length so both the PC and PDA return
!128
!>!bytes of signed data. The problem is that the byte
!>!streams are not identical.
!>!
!>!One problem may be mapping the key from one system to
!the
!>!other. On the PC, I can export the key as an
!>!RSAParameters object. On the PDA side I have to use a
!>!PRIVATEKEYBLOB class to import the key. The two
!objects
!>!have different variable names and I have mapped them as
!>!follows
!>!
!>!RSAParameter PRIVATEKEYBLOB
!>!
!>!D -------------- privateExponent
!>!dP ------------- exponent1
!>!dQ ------------- exponent2
!>!IQ ------------- coefficient
!>!Modulus -------- modulus
!>!P -------------- prime1
!>!Q -------------- prime2
!>!
!>!This could be a source of my problem if this is not
!>!correct.
!>!
!>!The code I am using to import the key follows:
!>!
!>!if (CryptExportKey(hPrivateKey,(IntPtr)0,
!PRIVATEKEYBLOB,
!>!0, bData, ref iLgth))
!>!{
!>!CryptDestroyKey(hPrivateKey);
!>!hPrivateKey = (IntPtr)0;
!>!CreatePrivateExponentOneKey(bData);
!>!CryptImportKey(hProvider, bData, iLgth, (IntPtr)0, 0,
!ref
!>!hPrivateKey);
!>!CryptDestroyKey(hPrivateKey);
!>!hPrivateKey = (IntPtr)0;
!>!SetMDIPDAPrivateKey(bData,iLgth);
!>!CryptImportKey(hProvider, bData, iLgth, (IntPtr)0,
!>!CRYPT_EXPORTABLE, ref hPrivateKey);
!>!CryptExportKey(hPrivateKey,(IntPtr)0, PRIVATEKEYBLOB,
!0,
!>!bData, ref iLgth);
!>!}
!>!
!>!The code to sign the hash is as follows:
!>!
!>!CryptSignHash(hHash, AT_SIGNATURE, null, 0, bSignature,
!>!ref iLgth);
!>!
!>!Any help in getting this to work will be appreciated.
!>!
!>!Allen Holman
!>!
!>!
!>!
!>!
!>!
!>
!>
!>.
!>
!