Signing data with public key algorithm
There are many ways to sign data by using a public key algorithm. This article concerns low-level signing, i.e., a cryptographic transformation which takes a message or its hash on input, and produces a digital signature on output. If you need to find out about higher-level signing (such as CMS, CAdES or XML-SIG), please refer to the relevant section of the knowledge base.
The examples below are given for an RSA signature. Similar code can be used for other public key algorithms such as DSA, ECDSA, and Elgamal.
A pair of public and private keys is needed to produce and verify a signature. Specifically, you need a private key to create a signature, and the corresponding public key to verify it. With SecureBlackbox, you can either load pre-generated keys from, e.g., files and X.509 certificates, or generate them from scratch.
When the keys are found, you can proceed with signing.
TElRSAKeyMaterial km = (TElRSAKeyMaterial)cert.KeyMaterial;Note the explicit cast to TElRSAKeyMaterial type, the certificate's KeyMaterial property returns an instance of the parent TElPublicKeyMaterial class.
TElRSAPublicKeyCrypto crypto = new TElRSAPublicKeyCrypto();
crypto.KeyMaterial = km;
crypto.InputIsHash = false;
crypto.HashAlgorithm = SBConstants.Unit.SB_ALGORITHM_DGST_SHA256;
crypto.SignDetached(inputStream, sigStream);When the operation is completed, sigStream will contain the signature of the input data. Find out how to verify the signature in the corresponding article.