Hashing, Signing and Encryption using an X509 Certificate from the Certificate Store

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Seb (sebastiengarrioch_at_boardex.com)
Date: 07/30/04 

Date: 30 Jul 2004 09:35:11 -0700

Hi All,

I have been having a really hard time with X509Certificates. I have
installed WSE 2.0 on my workstation and I am using a certificate
stored in my local machine certificate store.
 
Goal:
 
Use a Server Authentication Certificate stored in my server's Local
Machine Store to encrypt a SQL connection string stored in the
registry using the public key, create a SHA-1 hash of the cipher and
sign the cipher using my private key. The signature is then stored in
the registry as a binary value along with the encrypted connection
string.
 
Sample code:
 
private void Encryt()
{
byte[] clearConn;
byte[] cipherConn;
byte[] signature;
byte[] hash;
 
X509CertificateStore store;
      store = X509CertificateStore.LocalMachineStore(X509CertificateStore.MyStore);
      store.OpenRead();
      X509CertificateCollection certColl = store.Certificates;
      foreach (X509Certificate cert in certColl)
      {
            // I have my own customized Item class
Item itemCert = new Item();
            itemCert.Certificate = cert;
            itemCert.SetName();
            listBox1.Items.Add(itemCert);
}
 
// I have some other code to select the appropriate certificate, not
relevant here.
 
// We will use the public key to encrypt the SQL Connection string.
RSAParameters lockConn = cert.Key.ExportParameters(false);
// Instantiate the cryptographic service provider (RSA).
RSACryptoServiceProvider csp = new RSACryptoServiceProvider();
// Set the algorhythm parameters, encryption key, length, etc.
// lockConn recieved these parameters above.
csp.ImportParameters(lockConn);
// Convert the connection string to an array of bytes.
clearConn = ASCIIEncoding.ASCII.GetBytes("SQL Connection");
 
// Encrypt the SQL connection string
cipherConn = csp.Encrypt(clearConn, false);
 
// Create a hash of the encrypted data.
SHA1Managed sm = new SHA1Managed();
hash = sm.ComputeHash(cipherConn);
 
// Sign the hash.
RSAPKCS1SignatureFormatter sf = new
RSAPKCS1SignatureFormatter(cert.Key);
sf.SetHashAlgorithm("SHA1");
signature = sf.CreateSignature(cipherConn);
}
 
The problem:
 
When I try to sign the hash it gives me an invalid OID exception and
crashes the app. I have looked everywhere on the MSDN site for
something to help me with this but have not been able to find
anything. Also it will not let me use the private key to decrypt the
data. This has been really frustrating and I would greatly appreciate
any help you could provide.
 
Thanks,

Relevant Pages

  • Re: How to use GET method to encrypted the password to transfer?
    ... someone suggested you need to get a ssl certificate and use https:// to ... transfer it encrypted, they cost money, if you just want to encrypt the ... md5($password); md5 encryption is irreversable. ... It IS true the hash value can NOT be used to compute a unique ...
    (comp.lang.php)
  • RE: EFS File Share Help
    ... And your roaming profile cannot work properly. ... If user tries to encrypt a remote file/folder stored ... user, and subsequently requests, or generates a self-signed EFS ... The certificate and private key are loaded in a local profile ...
    (microsoft.public.windows.server.sbs)
  • Re: Security flaw in how Outlook verifies digital signatures
    ... > Security Flaw with Digital signatures in Microsoft Outlook - ... > Emails in Microsoft Outlook digitally signed with S/MIME using either ... > a commercial personal certificate like Verisign or using a certificate ... whom the certificate was assigned that used it to sign or encrypt the ...
    (microsoft.public.outlook)
  • Re: About EFS and local certificate that I want to export in SBS
    ... It's probably not a good practice to let users encrypt data otherwise, ... It's a two-second thing to install the CA - on the SBS ... I just have to do what you say if I have a certificate authority ...
    (microsoft.public.windows.server.sbs)
  • Re: Public Encryption Key
    ... encrypt the message with the recipient's public key (or ... the two can be combined by: first do a digital signature of the ... certificate, certifying the validity of the assertion (ex: ...
    (sci.crypt)