问题
Does anyone know which signature algorithm is used for RSACryptoServiceProvider.SignHash? I believe it is RSAPKCS1, is that still secure?
Does anyone have an idea of configuring RSASSA-PSS as the signature algorithm for the RSACryptoServiceProvider without using some third-party library like BouncyCastle?
Thanks in advance.
回答1:
RSACryptoServiceProvider can only do PKCS-1 signatures.
In .NET 4.6 a new set of methods was added on the RSA base class which added an RSASignaturePadding parameter. The RSACng class can do RSASSA-PSS via the RSASignaturePadding.Pss value (PSS with MGF-1, MGF digest and PSS digest are both the message digest, and the salt size is the digest size).
.NET 4.6 also added better type-safety to getting keys from certificates, and the new approaches will most likely return RSACng:
using (RSA privateKey = cert.GetRSAPrivateKey())
{
return privateKey.SignHash(hash, HashAlgorithmName.SHA256, RSASignaturePadding.Pss);
}
来源:https://stackoverflow.com/questions/24263388/rsassa-pss-in-c-sharp