Saturday, November 22, 2008  
Google
Web pcquest.com

CIOL Network sites

Search by Issue | CD Search | Sitemap | Advanced Search

"Ad: Nortel data network solutions are 40% more energy efficient" "Ad:Discover Green Intelligence, make your business strong"
   
 Home > Developer

Signing & Enveloping Files using .NET 2.0

Continued from page: 1

Monday, August 13, 2007

Verifying signatures
To verify the message, first associate the content of the message with the SignedCms message by constructing a ContentInfo object with the file byte content. Use that to construct a SignedCms object by using, for example, the SignedCms constructor.

Set the second parameter to true to indicate that the message is detached. Decode the encoded SignedCms message to be verified, using the Decode method. Finally, check the signature as previously described.

Now convert the stored signature file into a byte array as follows:

byte[] bufferfile = File.ReadAllBytes(FileBase);
byte[] buffersignature =
File.ReadAllBytes(FileToVerify);

Place signature buffer in a ContentInfo object.

ContentInfo contentInfo = new ContentInfo(bufferfile);

Now Instantiate a SignedCms object with the ContentInfo above. Set the detached content file upon which the signature is based.

SignedCms signedCms = new SignedCms(contentInfo, true);

Decode buffersignature bytes into the pkcs7 object.

signedCms.Decode(buffersignature);

Now check for the detached signature; the CheckSignature function should return a 'true' value.

signedCms.CheckSignature(true);

Display the first signing certificate.

signedCms.Certificates[0].Display();

The verification method can be viewed in the source code.

Enveloping and decrypting a file using digital signature certificates
Enveloping a file involves the use of a message encryption key with a symmetric encryption algorithm such as triple DES. Then the public key extracted from the X.509 certificate of the receiver is used to encrypt the encryption key of the encrypted file. The resulting encrypted file can only be decrypted after the receiver, who alone has access to the X.509 certificate's private keys, decrypts the symmetrical key. So, the sender just needs to have the certificate of the receiver installed in his key store. Typically, a certificate belonging to other individuals, installed in a Windows machine, is found in the 'AddressBook' store. We can search for certificates belonging to the recipient in our 'AddressBook' store:

X509Certificate2Collection certColl = storeAddressBook. Certificates.Find(X509FindType.FindBySubjectName, recipientName, false);

In case certificates of the receiver are found in the machine store by the above function then we choose the first certificate from the returned array, 'certColl[0].' We can now instantiate an EnvelopedCms object with the required content.

EnvelopedCms envelopedCms =

new EnvelopedCms(contentInfo);

We then set the CmsRecipient object through the following commands:

CmsRecipient recipient1 = new CmsRecipient(SubjectIdentifierType.IssuerAndSerialNumber, recipientCert);

The EnvelopedCms.Encrypt(CmsRecipientCollection) method encrypts the contents of the CMS/PKCS #7 message using the information for the specified list of recipients. The method then automatically extracts the public key from the certificate and uses that key to encrypt the symmetric encryption keys.

envelopedCms.Encrypt(recipient1);

The method returns a byte array which can be serialized and stored as an encrypted file on the disk. The file can then be sent to the receiver who would decrypt the message using his private key, which corresponds to the public key used to encrypt the file. The enveloped object can then be encoded as a byte array for serialization and sent to the sender. At the receiver's end the received enveloped object would be decoded. The EnvelopedCms.Decode (System.Byte[]) method decodes the specified enveloped CMS/PKCS #7 message and resets all member variables in the EnvelopedCms object.

Then the EnvelopedCms.Decrypt() method decrypts the contents of decoded enveloped messages. The EnvelopedCms.Decrypt() method searches the current user and computer 'MY stores' for the appropriate certificate and private key. The method searches for private keys in the 'MY' certificate store for the certificate and uses the associated private key to decrypt the message. In case no private keys are found the message is not decrypted and an exception is thrown.

envelopedCms.Decode(encodedEnvelopedCms);

envelopedCms.Decrypt(envelopedCms.RecipientInfos[0]);

The decrypted byte array can then be saved as a file.

Conclusion
.NET 2.0 provides comprehensive support for digital signature certificate based signing and encryption than .NET 1.1. The new classes provided by the pkcs namespace provides comprehensive out of the box functionalities that enables developers to build very secure applications utilizing the PKI technologies more quickly. With the features exposed in the article the developers should be able to integrate rapidly the file signing capabilities with the new classes in .NET 2.0.

Suvir Misra, Indian Revenue Service (Customs and Central Excise)

Page(s)   1  2  



Untitled 1


Does your business have Green Intelligence

What is SDSIASWODB?

No.1 Linux platform for SAP Applications
   
 


 
 

Magazine Subscription | RQS | Contact Us | Team PCQuest

 
 
 
 
   

Copyright © CyberMedia. All rights reserved.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.
Usage of this web site is subject to terms and conditions.
Broken links? Problems with site? Send email to webmasterciol@cybermedia.co.in