in my c# test demo, I'm confused about the RSACng,some demo code as bellow:
// demo code start ....
// ========================================================
private static byte[] StringToBytes(string s)
{
int sLen = s.Length;
int bytesLen = sLen / 2;
byte[] bytes = new byte[bytesLen];
int position = 0;
for (int i = 0; i < bytesLen; i++)
{
string abyte = s.Substring(position, 2);
bytes[i] = Convert.ToByte(abyte, 16);
position += 2;
}
return bytes;
}
private static void test() {
RSACng cng = new RSACng(0x800);
if (keyfile == null)
{
cng.FromXmlString("<RSAKeyValue><Modulus>t+l0S0X6piDTHDDpY4bpzV+5k97KRcnWCJT3fbnuqdB4RXaUgJ33BSTXMOLADwRuYFMjvVADvyypu7RcxRFaHc4lfUIDT34cej4aaOiaABCNGCisJr1xrkrJuSMLm8EBZ0apAV5w8dm9f1ZLl2Fk/8HZbpOrQGbVy/QC9fxTEVGpgFwHFqvLmCX+AvOJfleRemTMLHpx6IMzWQqpWSPPSmvkJBr3jKkEXWW2dIcZQknjaQPdpMl1/qc8B8GRZ1RF/l/PRXL4vUeVuoGnVFBVKZIvgYJxm0Mc6ycWyofiuoOgHoXvdeRjiC0LU3a2s9ZoGeJsK2dPCp3e/pNCQ86HrQ==</Modulus><Exponent>AQAB</Exponent><P>39EYY28sGxQ7lT1W3VtvAW75TCvL692JsI7d8/AP93F10H6wvmtROozPm4H6NE/8mNZlsS+CVajRtRqve9pvAkMUfmlSEZ6plUSxGX97fGcwEWeInbG1bmppF2RX3F79M66E3CpzVI2+BMdvbn8x8QSza/efYhWwdRKoTwJKy9c=</P><Q>0ltsnaSbqW4pZz/RwlMaUFsKfMFkAf8gIIxoMrEa+45zVCk75/yUD2MGoodWpONIdSG3EJf8Oh2z4qvmSwSN3vus0+Q9cSDaBKrimPTjbPT6w6cfczBPPP6KPiEG5wK05Z1ON2RnFfNkc88wLVQZdiLuRLXLj5Sg9RWRaFbMOBs=</Q><DP>fjPPBrJ3MkW0WzCdPHAEJdDHbbX8ZGEk9JN6f8RLnIEzp37odlbZFKS1o8Akrz6y9hNegAyD930b0nzbmoDOu33LnoQQrLLEeNCk8/W4Uat1pTq2BAVigoIqA/CmwjIln/C2Jdch9Pl/vf4ezTWXmYnHCgg0rQAB4eHFWde3CT0=</DP><DQ>h/ikmrmeDMSyapTsB0okRjCy9LUk6c15fNCFQc8M+/G2Rn5oxKmVIuUFkuUccnSfj2b9p/I2DXLJpgkrUO5erfXMXyK3PHrZsg6rbedNYk5wESvjvldJwMlfno1Gougy+gDWYCO8JoovMlSIdaRY2O33Sd6g9+xApmsMlH8WfmU=</DQ><InverseQ>RlMaGSEt/jZzhTpxooT6XDV22xDwNIYUqXAc2HPfK9BD2XPSJh+yup2CV5tMzUq88h/69VsqjWwgOdv4VRkRFbSpoQDckzFTxcYXyzbpANhuyHVpaoVNQgEqhjZZ/NcLV4p2fcC8Q4pNsRQHTSha7DAok25oFBrAF2zhfDkZ5tg=</InverseQ><D>Z7/IPiqVEqDT10R0dRQH0zbcLuHxA9uv5Zl74K5CSAP1xWH2tnPmhT1aNBbGt/IM/kQIlmSMKI3elqhR6U43ozbHCVlzGqYPFJryNRp6veyYW/ed3iDi/6rrD4kIpG4GB6fh8YbAen8WGr6o2BY2bt2BdpLRefxJQcw+21vj1JFi+iYEGx9eK9R8smhc7EDyxuKDfXHg+fpBJI02HOjEBTirIzfRyMat5d6Y1Qp+qrpUWmPV4Um+hA3eZnF4yN9cU4jqAMGNr4GfCsSgbrD32qEickZlaDskt4nQzt4689UHlNcXnMeQd3tseiFy5RclioQgARub5ZZcFwvehTjPlQ==</D></RSAKeyValue>");
string str3 = "4D5ED0D50B41043E00ADE7875D7C0A1A076BA6BDD812A352AFE0C0A00626C9BC";
byte[] hash = StringToBytes(str3);
byte[] hash_sign = cng.SignHash(pb, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
// and the code block works just fine: verify pass ...
/*
bool bhevri = cng.VerifyHash(hash, hash_sign, HashAlgorithmName.SHA256, RSASignaturePadding.Pss);
if (bhevri)
{
Console.WriteLine("verify pass\n");
}
else
{
Console.WriteLine("verify fail\n");
}
*/
// save byte[] hash to file hash.bin and byte[] hash_sign to hash_sign.bin ...
// ...
}
}
// demo code end ....
// ========================================================
and then I use openssl to verify hash_sign.bin like this:
- convert the xml-formated keyfile string which is used by "cng.FromXmlString("<keyfile>")"(as above) to a file as test-private.pem,and save it.
- use openssl to generate test-public.pem
- use openssl to verify the file hash_sign.bin with the hashfile hash.bin
I've tried again and again,but unfortunately it fails and the output is "verification failure"
but it just works fine in RSACng verify code(c# democode above: cng.VerifyHash(...) return true...)
I don't known how to explain this.so pls help , thanks !!!