[Help] C# Digitally Sign messages?

[ayu]

I am creating an IRC bot in C# and I want to digitally sign my messages that I send to it.
I have done this before in Perl but I can't really find a "stand alone" way of doing it in C#.
I am trying to find a good way to do it with PGP but everything that I find seems to need third party applications and libraries installed, which I want to avoid.

The idea is that I create a special client, that when I use it to send messages to the bot, the client will sign the message with my private key and append the signature to the message and send it to the bot.
The bot will then have the public key embedded in the source code, so that it can just use it from there and verify that the signature is valid and accept the command.
This way I don't have to worry about any authorisation to the bot that can be compromised by the nastyness of the clear text in the IRC protocol.

Anyone have an idea?
Or maybe a different idea than PGP?

At the moment I have implemented it with MD5 hashes, but it's not very secure and pretty easy to break and bypass, but it's at least something for now so that at least it requires some knowledge to bypass it.

Thanks in advance

[ayu]

oh well ...

I still haven't fully solved my problem, but I found something here that I will start with, if anyone is interested.

Code: Select all

http://blogs.msdn.com/b/alejacma/archive/2008/06/25/how-to-sign-and-verify-the-signature-with-net-and-a-certificate-c.aspx

[maboroshi]

Hey cats I am interested in this

However from my research they all want you to use components if you find your answer do post it

[Polynomial]

It's easy in C#, just use the System.Security.Cryptography.RSACryptoServiceProvider class.

Here's some example code:

Code: Select all

Console.Write("Generating RSA keypair... ");
// create RSA object with 2048-bit key size
RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(2048);
// export public key only - this would be distributed with your application
File.WriteAllBytes("public.rsa", rsa.ExportCspBlob(false));
// export pub + priv keypair - this is used for your internal (private) application that generates signatures
File.WriteAllBytes("private.rsa", rsa.ExportCspBlob(true));
Console.WriteLine("Done.");
// dispose RSA object so we can demonstrate loading different key pairs
rsa.Dispose();
Console.Write("Signing message...");
// create and import with priv key
rsa = new RSACryptoServiceProvider();
rsa.ImportCspBlob(File.ReadAllBytes("private.rsa"));
// create an SHA256 object for signing purposes
SHA256Managed sha256 = new SHA256Managed();
byte[] message = Encoding.UTF8.GetBytes("This is my signed message");
// create a signed hash of the message
byte[] signature = rsa.SignData(message, sha256);
// dispose RSA object again
rsa.Dispose();
Console.WriteLine("Done.");
Console.WriteLine("Verifying signature...");
rsa = new RSACryptoServiceProvider();
// this time we're loading the public key only. with only the public key, we can verify but not create signatures.
// this is a perfect way to prove that the message did in fact come from an authenticated source
rsa.ImportCspBlob(File.ReadAllBytes("public.rsa"));
if (rsa.VerifyData(message, sha256, signature))
{
    Console.WriteLine("Signature verified OK!");
}
else
{
    Console.WriteLine("Signature verification failed.");
}
// it pays to clean up!
rsa.Dispose();
sha256.Dispose();
message = null;
signature = null;
GC.Collect();