-1

I'm trying to implement a licensing system using RSA.
The principle is simple: backend generates and signs a license using the private key of a certificate, front end verifies the license with the provided signature to ensure integrity and origin of the license.
The backend is an asp.net mvc (classic, not core) web site. The front end is javascript/typescript leveraging jsrsasign library.
Here is my signing method (backend) :

var binarySerializedLicense = Encoding.Unicode.GetBytes(serializedLicense);
var rsaEncryptor = (RSACryptoServiceProvider)_signingCertificate.PrivateKey;
var signatureData = rsaEncryptor.SignData(binarySerializedLicense, new SHA1CryptoServiceProvider());
var signature = ByteArrayToString(signatureData);

Here is my verify method (backend) :

var signatureData = StringToByteArray(signature);
var licenseData = Encoding.Unicode.GetBytes(serializedLicense);
var rsaEncryptor = (RSACryptoServiceProvider)_signingCertificate.PrivateKey;
var isLicenseValid = rsaEncryptor.VerifyData(licenseData, new SHA1CryptoServiceProvider(), signatureData);

I took the Hex Converting methods from this post
Now I have a frontend POC implementation of jsrsasign.

<script type="text/javascript">
    function verifyData() {

        var pem = "-----BEGIN PUBLIC KEY-----\
    ...\
    im7MVM73FyE6BFb2cv3IZWUCAwEAAQ==\
    -----END PUBLIC KEY-----";
        var sig = new KJUR.crypto.Signature({ "alg": "SHA1withRSA" });
        sig.init(pem);
        sig.updateString($("#data").val());
        var isValid = sig.verify($("#signature").val());
        alert(isValid);
    }
    function signData() {
        var pem = "-----BEGIN PRIVATE KEY-----\
        ...\
        -----END PRIVATE KEY-----";
        var sig = new KJUR.crypto.Signature({ "alg": "SHA1withRSA" });
        sig.init(pem);
        sig.updateString($("#data").val());
        $("#signature").val(sig.sign());
    }
    $(function () {
        $("#verify").click(function () {
            verifyData();
        });
        $("#sign").click(function () {
            signData();
        });
    });
</script>

Signature <input type='text' id='signature' /><br />
Data <input type='text' id='data' /><br />
<button id="verify">Verify</button>
<button id="sign">Sign</button>

The problem I'm having is that the Signature generated by jsrsasign and the one generated by the asp.net mvc site are different.
Each sign/verify roundtrip works with both technologies.
I've been playing with encoding and a bunch of things but I couln't get it to work. So my question is: How can I get this scenario to work properly?

Community
  • 1
  • 1
baywet
  • 4,377
  • 4
  • 20
  • 49

1 Answers1

0

As I suspected it was an encoding issue. After wondering around a few more hours I finally made it work replace Encoding.Unicode by Encoding.UTF8

baywet
  • 4,377
  • 4
  • 20
  • 49