Cryptography Using .NET: Digital Signatures

1. Digital Signatures.  The .NET Framework supports two algorithms for digital signature schemes: the RSA signature and the Digital Signature Algorithm (DSA.) The required classes are DSACryptoServiceProvider and RSACryptoServiceProvider for the DSA and RSA implementation, respectively.  To create an instance of the DSA algorithm class, dsa, you should use DSACryptoServiceProvider dsa = new DSACryptoServiceProvider(); and the object instantiation of the RSACryptoServiceProvider class is similar.

The default characteristics of a digital signature provided by the .NET framework will be different each time a message is signed, even though the message is not changed.  This randomness, in the DSA case, is caused by random numbers generated by the .NET Framework. In the RSA case, the public-private key pair and other performance-enhancement parameters is randomly generated each time a message is signed, thus obtaining different signatures. Unfortunately, how to manually set the key and some random parameters is not documented in the MSDN library. However, this would not be a big problem since having keys generated randomly by a computer instead of assigning these values manually is prefered.  For example, in the RSA case, the public-private key pair used in .NET Framework is a set of large numbers with 1024-bit keys.

2. Signing and Verifying Data.  The .NET Framework provides methods for signing and verifying data, which can be seen below. 

Algorithm Action Method Return type
DSA Sign SignData(byte[ ] data); byte [ ]
  Verify VerifyData(byte[ ] data, byte[ ] sig); bool
RSA Sign SignData(byte[ ] data, object h_alg); byte [ ]
  Verify VerifyData(byte[ ] data, object h_alg, byte[ ] sig); bool

The value sig denotes a byte array of the signature obtained after signing the message data, which is found in the verifyData methods.  In RSA scheme, an instance of the hashing algorithm class need to be created fist, and then specified in both the SignData and VerifyData methods, which is denoted by the h_alg. The return type, bool, is a Boolean value, which equals one if the signature is valid, and equals zero otherwise.

3. Transmitting Cryptographic Parameters Between Applications.  The .NET Framework provides methods for exporting and importing public or private parameters stored in the DSAParametersand RSAParametersstructures.  You more infirmation on this topic you can look in the MSDN documentation for more details, but you do not need to know about all the members of these structures.  As mentioned before, a digital signature created by .NET is random. The DSA signature relies on random numbers.  Unfortunately, the MSDN library does not explain a definition of each parameter, and the following notation is not conventional. The public parameters (byte array type) are P, Q, J, G, and Seed, which are of a byte array type.  The private parameters are X and Y.  All parameters are members of the DSAParameters structure.

For the RSA signature, the public-private key pair is randomly generated, and stored in the RSAParameters structure. The public key members are Modulus and Exponent and the private key is D.  How do you import or export these parameters?  For example, Alice signs a message, and then transmits her public parameters to Bob so that he can use these parameters to verify the message if it comes from Alice.

There are two ways to achieve this.  The first is to use the ExportParameters and ImportParameters methods After the signature has been created, Alice exports her algorithm parameters as DSAParameters para = dsa.ExportParameters(bool); ,where bool denotes a string of Boolean value (i.e., true or false). The argument is false if you want to export only the public parameters, and is true to export both the public and private parameters. These two Boolean cases are used for both the DSA and RSA signatures. After exporting parameters, you can access some parameters, e.g., the byte array P as para.P.  The other application (e.g., Bobís) can simply obtain these parameters by using dsa_Bob.ImportParameters(para);

For RSA, the Import and export procedures are the same.  You will use the ToXmlString and FromXmlString methods.  The .NET framework also provides an alternative, which is more convenient, to transmit algorithm parameters between applications with an XML (Extensible Markup Language) string. Analogous to the ExportParameters method, we can use the ToXmlString(bool) method to create and return an XML string representation of the algorithm parameters, where bool denotes a string of Boolean value as described above. For example, the RSA key pair parameters can be exported as string key_pair = rsa.ToXmlString(bool);
,where rsa is an instance of the RSACryptoServiceProvider class.  Similar to the ImportParameters above, these parameters can be obtained by using rsa_Bob.FromXmlString(key_pair);