X.509 Digital Certificate Newbie Question

Secure Home | Search | About

Lost Password?

General Computer Security

get this group's latest topics as an RSS feed

add this group's latest topics to your My MSN content

add this group's latest topics to your My Yahoo content

add this group's latest topics to your Google content

Subject	Author	Date
X.509 Digital Certificate Newbie Question	sushant.bhatia	04-12-2005

Posted by on April 12, 2005, 3:55 am

If you were Registered and logged in, you could reply and use other advanced thread options

Hi all.

I'm trying to parse a Digital Certificate in .Net v1.1 to get the
signature of it. What I mean is I need to verify the Digital
Certificate. Thus, the process is

1. Get Root Certificate Authority's certificate. RootCert.
2. Get certificate I want to verify (ie. CA issued this certificate).
Lets call it UserCert.
3. Compute hash(data) of UserCert.
4. Use public key in RootCert to decryp the signature of UserCert. The
signature being Encrypted by Root CA of the Hash(data) when generating
the UserCert.

I seem to have a few issues.

1. The root CA's certificate uses 4096bit Public Key. How do I parse
out the Exponent and Modulus. Currently I am using the
X509PublicKeyParser but it keeps throwing an error at
if(i1 < 256 || i1 > 2048)
throw new X509ParserException("Invalid RSA modulus size.");
If I comment out the above lines, I get some modulus and exponent but I
have no way to verify if this is correct.

2. Parsing the signature out of the byte[] of the UserCert is proving
to be difficult. According to Michel Gallant at
http://www.jensign.com/JavaScience/GetTBSCert/index.html, "the actual
PKCS #1 v1.5 signature blob (128 bytes, same size as the public key
modulus corresponding to the private key used to sign this
certificate)". So I tried to create a byte[] of 128 length with the
last 128 bytes of the UserCert. However, when I try to do,

// Verify the signature
if(RSADeformatter.VerifySignature(HashValue, SignedHashValue))
{
Console.WriteLine("The signature is valid");
}
else
{
Console.WriteLine("The signature is not valid");
}

I always get "The signature is not valid". I'm totally clueless as to
why?

I know java can do all this. Java actually has a
java.security.Signature library that parses the signature out of the
UserCert file. They also have libraries that will get the modulus and
exponent out from the public keys. However, I don't want to use java. I
like .Net and need to use that.

Please HELP! I'm going bonkers with this problem!

Cheers.
Sushant Bhatia

Similar Threads	Posted
Digital Machine Certificate - Win XP Pro SP1	May 12, 2004, 1:43 pm
Digital Certificate Expiration Utility	August 14, 2004, 7:53 pm
Question from a newbie -- protecting files	July 20, 2005, 3:01 pm
Newbie question on encryption keys	July 10, 2007, 3:05 am
A basic/newbie question on https.	January 30, 2008, 8:55 pm
Digital Singatures question	September 14, 2005, 6:55 pm
Question about Security Certificate Notices	November 21, 2008, 2:24 pm
Howto setup a certificate authority and create a signed certificate using openssl on Debian sarge	March 16, 2005, 10:39 am
Tunneling newbie?	February 21, 2005, 8:52 pm
Newbie... need basics	August 10, 2006, 8:01 pm

The site map in XML format XML site map