Digital Signatures

Compact examples for signatures. → Details: Signature Scenarios

RSA Hybrid Signature

using var rsa = RSA.Create(4096);
byte[] data = Encoding.UTF8.GetBytes("Data to sign");
 
// Hybrid signature (RSA + ML-DSA)
byte[] signature = rsa.SignData(data,
    HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1,
    CryptoMode.Hybrid);
 
// Verify
bool valid = rsa.VerifyData(data, signature,
    HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1,
    CryptoMode.Hybrid);

ECDSA Hybrid Signature

using var ecdsa = ECDsa.Create(ECCurve.NamedCurves.nistP384);
byte[] data = Encoding.UTF8.GetBytes("Data to sign");
 
byte[] signature = ecdsa.SignData(data,
    HashAlgorithmName.SHA384, CryptoMode.Hybrid);
 
bool valid = ecdsa.VerifyData(data, signature,
    HashAlgorithmName.SHA384, CryptoMode.Hybrid);

CMS/PKCS#7 Signature

var cert = new X509Certificate2("signing.pfx", "password");
byte[] content = File.ReadAllBytes("document.pdf");
 
var contentInfo = new ContentInfo(content);
var signedCms = new SignedCms(contentInfo, detached: true);
 
var signer = new CmsSigner(cert);
signer.DigestAlgorithm = new Oid("2.16.840.1.101.3.4.2.1"); // SHA-256
 
signedCms.ComputeSignature(signer, CryptoMode.Hybrid);
byte[] signature = signedCms.Encode();

→ Details: Sign Document

Verify Signature

var signedCms = new SignedCms();
signedCms.Decode(signatureBytes);
signedCms.CheckSignature(verifySignatureOnly: true);
 
foreach (var signerInfo in signedCms.SignerInfos)
{
    var cert = signerInfo.Certificate;
    bool hasPq = cert.HasPqSignature();
}

→ Details: Verify Signature

Signature Types

Type	Usage	API
RSA Hybrid	Legacy compatibility	RsaExtensions
ECDSA Hybrid	Modern, compact	ECDsaExtensions
ML-DSA Pure	PQ-only	MlDsaSigner
CMS/PKCS#7	Documents	SignedCmsExtensions

« <- Quick Reference | -> Signature Scenarios (Details) »

Wolfgang van der Stille @ EMSR DATA d.o.o. - Post-Quantum Cryptography Professional

quickreference, signatures, rsa, ecdsa, cms, hybrid

Inhaltsverzeichnis