====== Signatures Namespace ======
**Namespace:** ''WvdS.System.Security.Cryptography.Signatures''
Contains extension methods for digital signatures with PQ support.
----
===== Classes =====
^ Class ^ Description ^
| SignatureExtensions | Extensions for RSA, ECDsa, and X509Certificate2 signatures |
| SignedDataExtensions | Extensions for CMS/PKCS#7 SignedCms |
| HybridSignatureInfo | Container for hybrid signature data |
| PqSignedCmsHelper | High-level API for PQ-capable CMS operations |
----
===== Extended Types =====
^ .NET Type ^ Extension Class ^
| ''System.Security.Cryptography.RSA''((Microsoft Docs: https://learn.microsoft.com/dotnet/api/system.security.cryptography.rsa)) | SignatureExtensions |
| ''System.Security.Cryptography.ECDsa''((Microsoft Docs: https://learn.microsoft.com/dotnet/api/system.security.cryptography.ecdsa)) | SignatureExtensions |
| ''System.Security.Cryptography.Pkcs.SignedCms''((Microsoft Docs: https://learn.microsoft.com/dotnet/api/system.security.cryptography.pkcs.signedcms)) | SignedDataExtensions |
----
===== Signature Modes =====
| Mode | Classic | ML-DSA | Usage |
| Classic | Yes | - | Standard .NET behavior |
| Hybrid | Yes | Yes | Maximum security |
| PostQuantum | - | Yes | Pure post-quantum |
----
===== Hybrid Signature Format =====
In Hybrid mode, two signatures are created:
+------------------------------------------+
| Hybrid Signature |
+------------------------------------------+
| [4 Bytes] Length of classic signature |
| [n Bytes] Classic signature (RSA/ECDSA) |
| [m Bytes] PQ signature (ML-DSA) |
+------------------------------------------+
^ Component ^ Typical Size ^
| RSA-2048 signature | 256 bytes |
| ECDSA P-256 signature | ~70 bytes |
| ML-DSA-65 signature | 3,293 bytes |
| **Hybrid RSA** | **~3,553 bytes** |
----
===== Example =====
using WvdS.System.Security.Cryptography;
using WvdS.System.Security.Cryptography.Signatures;
CryptoConfig.DefaultMode = CryptoMode.Hybrid;
using var rsa = RSA.Create(2048);
byte[] data = Encoding.UTF8.GetBytes("Data to sign");
// Create hybrid signature
byte[] signature = rsa.SignData(
data,
HashAlgorithmName.SHA256,
RSASignaturePadding.Pkcs1);
// Verify
bool valid = rsa.VerifyData(
data,
signature,
HashAlgorithmName.SHA256,
RSASignaturePadding.Pkcs1);
----
===== SignatureExtensions Methods =====
==== RSA Extensions ====
^ Method ^ Parameters ^ Return ^
| ''SignData(data, hash, padding, mode)'' | byte[], HashAlgorithmName, RSASignaturePadding, CryptoMode? | byte[] |
| ''SignData(stream, hash, padding, mode)'' | Stream, HashAlgorithmName, RSASignaturePadding, CryptoMode? | byte[] |
| ''VerifyData(data, sig, hash, padding, mode)'' | byte[], byte[], HashAlgorithmName, RSASignaturePadding, CryptoMode? | bool |
==== ECDsa Extensions ====
^ Method ^ Parameters ^ Return ^
| ''SignData(data, hash, mode)'' | byte[], HashAlgorithmName, CryptoMode? | byte[] |
| ''VerifyData(data, sig, hash, mode)'' | byte[], byte[], HashAlgorithmName, CryptoMode? | bool |
==== Standalone ML-DSA ====
^ Method ^ Parameters ^ Return ^
| ''GenerateMlDsaKeyPair()'' | - | (byte[] PublicKey, byte[] PrivateKey) |
| ''SignMlDsa(data, privateKey)'' | byte[], byte[] | byte[] |
| ''VerifyMlDsa(data, sig, publicKey)'' | byte[], byte[], byte[] | bool |
----
===== See Also =====
* [[.:x509certificates:start|X509Certificates Namespace]]
* [[.:keyexchange|KeyExchange Namespace]]
* [[.:start|API Overview]]
{{tag>namespace signatures ml-dsa}}
----
//Wolfgang van der Stille @ EMSR DATA d.o.o. - Post-Quantum Cryptography Professional//