Inhaltsverzeichnis

Signatures Namespace

Namespace: WvdS.System.Security.Cryptography.Signatures

Contains extension methods for digital signatures with PQ support.

Classes

Class Description
SignatureExtensions Extensions for RSA, ECDsa, and X509Certificate2 signatures
SignedDataExtensions Extensions for CMS/PKCS#7 SignedCms
HybridSignatureInfo Container for hybrid signature data
PqSignedCmsHelper High-level API for PQ-capable CMS operations

Extended Types

.NET Type Extension Class
System.Security.Cryptography.RSA1) SignatureExtensions
System.Security.Cryptography.ECDsa2) SignatureExtensions
System.Security.Cryptography.Pkcs.SignedCms3) SignedDataExtensions

Signature Modes

Mode Classic ML-DSA Usage
Classic Yes - Standard .NET behavior
Hybrid Yes Yes Maximum security
PostQuantum - Yes Pure post-quantum

Hybrid Signature Format

In Hybrid mode, two signatures are created: 

+------------------------------------------+
| Hybrid Signature                         |
+------------------------------------------+
| [4 Bytes] Length of classic signature    |
| [n Bytes] Classic signature (RSA/ECDSA)  |
| [m Bytes] PQ signature (ML-DSA)          |
+------------------------------------------+
Component Typical Size
RSA-2048 signature 256 bytes
ECDSA P-256 signature ~70 bytes
ML-DSA-65 signature 3,293 bytes
Hybrid RSA ~3,553 bytes

Example

using WvdS.System.Security.Cryptography;
using WvdS.System.Security.Cryptography.Signatures;
 
CryptoConfig.DefaultMode = CryptoMode.Hybrid;
 
using var rsa = RSA.Create(2048);
byte[] data = Encoding.UTF8.GetBytes("Data to sign");
 
// Create hybrid signature
byte[] signature = rsa.SignData(
    data,
    HashAlgorithmName.SHA256,
    RSASignaturePadding.Pkcs1);
 
// Verify
bool valid = rsa.VerifyData(
    data,
    signature,
    HashAlgorithmName.SHA256,
    RSASignaturePadding.Pkcs1);

SignatureExtensions Methods

RSA Extensions

Method Parameters Return
SignData(data, hash, padding, mode) byte[], HashAlgorithmName, RSASignaturePadding, CryptoMode? byte[]
SignData(stream, hash, padding, mode) Stream, HashAlgorithmName, RSASignaturePadding, CryptoMode? byte[]
VerifyData(data, sig, hash, padding, mode) byte[], byte[], HashAlgorithmName, RSASignaturePadding, CryptoMode? bool

ECDsa Extensions

Method Parameters Return
SignData(data, hash, mode) byte[], HashAlgorithmName, CryptoMode? byte[]
VerifyData(data, sig, hash, mode) byte[], byte[], HashAlgorithmName, CryptoMode? bool

Standalone ML-DSA

Method Parameters Return
GenerateMlDsaKeyPair() - (byte[] PublicKey, byte[] PrivateKey)
SignMlDsa(data, privateKey) byte[], byte[] byte[]
VerifyMlDsa(data, sig, publicKey) byte[], byte[], byte[] bool

See Also

, ,

Wolfgang van der Stille @ EMSR DATA d.o.o. - Post-Quantum Cryptography Professional

1)
Microsoft Docs: https://learn.microsoft.com/dotnet/api/system.security.cryptography.rsa
2)
Microsoft Docs: https://learn.microsoft.com/dotnet/api/system.security.cryptography.ecdsa
3)
Microsoft Docs: https://learn.microsoft.com/dotnet/api/system.security.cryptography.pkcs.signedcms