Do you have a question? Post it now! No Registration Necessary. Now with pictures!
April 12, 2005, 7:55 am
rate this thread
I'm trying to parse a Digital Certificate in .Net v1.1 to get the
signature of it. What I mean is I need to verify the Digital
Certificate. Thus, the process is
1. Get Root Certificate Authority's certificate. RootCert.
2. Get certificate I want to verify (ie. CA issued this certificate).
Lets call it UserCert.
3. Compute hash(data) of UserCert.
4. Use public key in RootCert to decryp the signature of UserCert. The
signature being Encrypted by Root CA of the Hash(data) when generating
I seem to have a few issues.
1. The root CA's certificate uses 4096bit Public Key. How do I parse
out the Exponent and Modulus. Currently I am using the
X509PublicKeyParser but it keeps throwing an error at
if(i1 < 256 || i1 > 2048)
throw new X509ParserException("Invalid RSA modulus size.");
If I comment out the above lines, I get some modulus and exponent but I
have no way to verify if this is correct.
2. Parsing the signature out of the byte of the UserCert is proving
to be difficult. According to Michel Gallant at
http://www.jensign.com/JavaScience/GetTBSCert/index.html , "the actual
PKCS #1 v1.5 signature blob (128 bytes, same size as the public key
modulus corresponding to the private key used to sign this
certificate)". So I tried to create a byte of 128 length with the
last 128 bytes of the UserCert. However, when I try to do,
// Verify the signature
Console.WriteLine("The signature is valid");
Console.WriteLine("The signature is not valid");
I always get "The signature is not valid". I'm totally clueless as to
I know java can do all this. Java actually has a
java.security.Signature library that parses the signature out of the
UserCert file. They also have libraries that will get the modulus and
exponent out from the public keys. However, I don't want to use java. I
like .Net and need to use that.
Please HELP! I'm going bonkers with this problem!
- » ssh on command line: force using a group size (prime size) of 1024 (and no...
- — The site's Newest Thread. Posted in » Secure Shell Forum