How to implement NCryptSignHash and NCryptVerifySignature in C#?

SUBRAMANIAN Prabhakaran 1 Reputation point
2021-12-08T06:59:39.787+00:00

Hi Team,
How to implement CNG Key storage functions NCryptSignHash and NCryptVerifySignature in C#?

https://learn.microsoft.com/en-us/windows/win32/seccng/cng-key-storage-functions

Please share me code in C#.

Regards,
Prabs

Windows API - Win32
Windows API - Win32
A core set of Windows application programming interfaces (APIs) for desktop and server applications. Previously known as Win32 API.
2,387 questions
C#
C#
An object-oriented and type-safe programming language that has its roots in the C family of languages and includes support for component-oriented programming.
10,098 questions
.NET Runtime
.NET Runtime
.NET: Microsoft Technologies based on the .NET software framework.Runtime: An environment required to run apps that aren't compiled to machine language.
1,109 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Junjie Zhu - MSFT 13,971 Reputation points Microsoft Vendor
    2021-12-08T08:05:36.777+00:00

    Hello,
    Welcome to Microsoft Q&A!

    In C# you can use the SignHash and VerifyHash methods of the RSACryptoServiceProvider class, which computes the signature for the specified hash value and verifies that a digital signature is valid. Here is an example of verify signature.

     public static void VerifyLegacySignVerifyHash(bool useLegacySign, bool useLegacyVerify)  
            {  
                byte[] dataHash, signature;  
      
                using (HashAlgorithm hash = SHA256.Create())  
                {  
                    dataHash = hash.ComputeHash(TestData.HelloBytes);  
                }  
      
                using (var rsa = new RSACryptoServiceProvider())  
                {  
                    rsa.ImportParameters(TestData.RSA2048Params);  
      
                    signature = useLegacySign ?  
                        rsa.SignHash(dataHash, "SHA256") :  
                        rsa.SignHash(dataHash, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);  
                }  
      
                bool verified;  
      
                using (var rsa = new RSACryptoServiceProvider())  
                {  
                    rsa.ImportParameters(  
                        new RSAParameters  
                        {  
                            Modulus = TestData.RSA2048Params.Modulus,  
                            Exponent = TestData.RSA2048Params.Exponent,  
                        });  
      
                    verified = useLegacyVerify ?  
                        rsa.VerifyHash(dataHash, "SHA256", signature) :  
                        rsa.VerifyHash(dataHash, signature, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);  
                }  
      
                Assert.True(verified);  
            }  
    

    You can also load ncrypt.dll in c# by DllImport ,@Castorix31 already answered in your last question.

    Thank you.


    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


  2. Junjie Zhu - MSFT 13,971 Reputation points Microsoft Vendor
    2021-12-10T07:27:00.487+00:00

    In fact, the method of calling them is the same. I suggest you have a look at Castorix31's reply in your last qusetion How to implement NCryptEncrypt and NCryptDecrypt methods in C# using Microsoft Key Storage Provider? , Here is code sample [https://github.com/itbetaw/TPlus-.netCore-/search?q=NCryptSignHash].

        [DllImport("ncrypt.dll", CharSet=CharSet.None, ExactSpelling=false)]  
        public static extern uint NCryptSignHash(SafeNCryptKeyHandle hKey, ref BCrypt.BCRYPT_PSS_PADDING_INFO pPaddingInfo, byte[] pbHashValue, int cbHashValue, byte[] pbSignature, int cbSignature, out uint pcbResult, uint dwFlags);  
          
        [DllImport("ncrypt.dll", CharSet=CharSet.None, ExactSpelling=false)]  
        public static extern uint NCryptVerifySignature(SafeNCryptKeyHandle hKey, ref BCrypt.BCRYPT_PSS_PADDING_INFO pPaddingInfo, byte[] pbHashValue, int cbHashValue, byte[] pbSignature, int cbSignature, uint dwFlags);  
    
    0 comments No comments