Inhaltsverzeichnis

Namespace Signatures

Namespace: WvdS.System.Security.Cryptography.Signatures

Contiene Extension Methods per firme digitali con supporto PQ.

Classi

Classe Descrizione
SignatureExtensions Extension per firme RSA, ECDsa e X509Certificate2
SignedDataExtensions Extension per CMS/PKCS#7 SignedCms
HybridSignatureInfo Container per dati di firma ibrida
PqSignedCmsHelper API high-level per operazioni CMS PQ-ready

Tipi estesi

Tipo .NET Classe Extension
System.Security.Cryptography.RSA1) SignatureExtensions
System.Security.Cryptography.ECDsa2) SignatureExtensions
System.Security.Cryptography.Pkcs.SignedCms3) SignedDataExtensions

Modalita di firma

Modalita Classico ML-DSA Utilizzo
Classic ? - Comportamento standard .NET
Hybrid ? ? Massima sicurezza
PostQuantum - ? Puramente post-quantum

Formato firma ibrida

In modalita Hybrid vengono generate due firme: 

+---------------------------------------------+
| Firma ibrida                                |
+---------------------------------------------+
| [4 Bytes] Lunghezza firma classica          |
| [n Bytes] Firma classica (RSA/ECDSA)        |
| [m Bytes] Firma PQ (ML-DSA)                 |
+---------------------------------------------+
Componente Dimensione tipica
Firma RSA-2048 256 Bytes
Firma ECDSA P-256 ~70 Bytes
Firma ML-DSA-65 3.293 Bytes
Hybrid RSA ~3.553 Bytes

Esempio

using WvdS.System.Security.Cryptography;
using WvdS.System.Security.Cryptography.Signatures;
 
CryptoConfig.DefaultMode = CryptoMode.Hybrid;
 
using var rsa = RSA.Create(2048);
byte[] data = Encoding.UTF8.GetBytes("Dati da firmare");
 
// Creare firma ibrida
byte[] signature = rsa.SignData(
    data,
    HashAlgorithmName.SHA256,
    RSASignaturePadding.Pkcs1);
 
// Verificare
bool valid = rsa.VerifyData(
    data,
    signature,
    HashAlgorithmName.SHA256,
    RSASignaturePadding.Pkcs1);

Metodi SignatureExtensions

Extension RSA

Metodo Parametri Ritorno
SignData(data, hash, padding, mode) byte[], HashAlgorithmName, RSASignaturePadding, CryptoMode? byte[]
SignData(stream, hash, padding, mode) Stream, HashAlgorithmName, RSASignaturePadding, CryptoMode? byte[]
VerifyData(data, sig, hash, padding, mode) byte[], byte[], HashAlgorithmName, RSASignaturePadding, CryptoMode? bool

Extension ECDsa

Metodo Parametri Ritorno
SignData(data, hash, mode) byte[], HashAlgorithmName, CryptoMode? byte[]
VerifyData(data, sig, hash, mode) byte[], byte[], HashAlgorithmName, CryptoMode? bool

ML-DSA Standalone

Metodo Parametri Ritorno
GenerateMlDsaKeyPair() - (byte[] PublicKey, byte[] PrivateKey)
SignMlDsa(data, privateKey) byte[], byte[] byte[]
VerifyMlDsa(data, sig, publicKey) byte[], byte[], byte[] bool

Vedi anche

, ,

Wolfgang van der Stille @ EMSR DATA d.o.o. - Post-Quantum Cryptography Professional

1)
Microsoft Docs: https://learn.microsoft.com/dotnet/api/system.security.cryptography.rsa
2)
Microsoft Docs: https://learn.microsoft.com/dotnet/api/system.security.cryptography.ecdsa
3)
Microsoft Docs: https://learn.microsoft.com/dotnet/api/system.security.cryptography.pkcs.signedcms