VerifySig: Verify a PKCS#1 v1.5 signature

VerifySig is a .NET assembly CryptoAPI console utility which verifies a PKCS#1 v1.5 signature file against a content file using the public key from a specified certificate file, or a certificate within the CryptoAPI MY or ADDRESSBOOK system stores. The user is prompted for the name of a local certificate file, or a search-string representing a certificate SubjectName substring. If a certificate match is found, the modulus and exponent are decoded from the certificate, using P/Invoke techniques, and this data is used to initialize a RSAParameters instance which is then used to instantiate a RSACryptoServiceProvider which in turn is used to instantiate a RSAPKCS1SignatureDeformatter and verify the signature. A verbose command-line switch enables display of details.

Examples:

     verifysig.exe  signature  contentfile
     verifysig.exe  signature  contentfile  V

Java 2 Interop:
Signatures generated using Java 2 java.security.Signature.sign() are in PKCS#1 v1.5 format, and for the same hash algorithm, content and RSA keys, are identical to signatures generated with .NET System.Security.Cryptography.RSAPKCS1SignatureFormatter.CreateSignature().
Certificate files for verification purposes can be easily exported from Java 2 keystores using:

     byte[] keycert = keystore.getCertificate().getEncoded()

CMS/PKCS#7 messages:
Cryptographic Message Syntax (CMS) and PKCS#7 specify a proposed standard for encapsulation of signatures along with certificates and other data. CMS/PKCS#7 messages are not currently supported natively in .NET Framework 1.0/1.1 nor in Java 2 v1.4. However the next release of .NET Framework will have some support for CMS/PKCS#7 messages. CMS/PKCS#7 is currently supported in CAPICOM 2 and the underlying CryptoAPI as well as 3rd party implementations for Java.

Sample non-verbose output

C# Source

Michel I. Gallant
neutron@istar.ca