Is this enough for signing data?

Question

Searching for how signing is done I've come across some fairly elaborate code samples. But the following code seems to be enough. Is there something missing here like a salt for example, or are salts unnecessary when just signing? I'm not encrypting, just signing.

RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();

byte[] data = Encoding.ASCII.GetBytes("hello");
byte[] signature = rsa.SignData(data, "SHA1");

byte[] dataTest = Encoding.ASCII.GetBytes("hello");
bool verified = rsa.VerifyData(dataTest, "SHA1", signature);
if (verified) Text = "True"; else Text = "Untrue";

Answer 1

Are salts unnecessary when just signing?

Salting is necessary if your task is to prevent precomputation of hashes of known messages where the hash is being used as a shared secret. If that's not your application then there is no need to salt.

If you do not understand why you need a salt, see my series of articles on that topic:

http://blogs.msdn.com/b/ericlippert/archive/tags/salt/

Is there something missing here?

Yes, the most important step is missing. How are you going to communicate the public key? The security of the whole system relies upon that step, which you have not even mentioned.

Suppose Alice wishes to send a message to Bob and Bob wishes to verify that it came from Alice. They do the following:

• Alice creates a key pair and securely stores the private key.
• Alice publishes the public key.
• Bob obtains Alice's public key.
• Alice publishes a message.
• Alice hashes the message and encrypts the hash with her private key.
• Bob reads the message.
• Bob reads the encrypted hash.
• Bob decrypts the encrypted hash with Alice's public key.
• Bob hashes the message.
• Bob compares the decrypted hash to the message hash. If they match, then Bob knows that the message was vouched for by Alice.

Is this correct?

No. The conclusion is incorrect. The conclusion should be:

• Bob compares the decrypted hash to the message hash. If they match, then Bob knows that the message was vouched for by someone who possessed the private key that matches the public key that Bob believes is Alice's public key.

The original conclusion is only correct if Bob has additional evidence that he has Alice's public key. Because Bob could be in this situation:

• Alice creates a key pair and securely stores the private key.
• Mallory creates a key pair and security stores the private key.
• Alice publishes the public key.
• Mallory intercepts Alice's publication and replaces Alice's public key with Mallory's public key.
• Bob obtains Mallory's public key but believes it is Alice's.

And now the whole thing has gone to hell. Mallory can now publish messages that Bob believes come from Alice, and Alice cannot!

You have to say how you are going to securely publish the public key. The entire system relies on two things: that the private keys stay private, and that there is some mechanism by which public keys can be correctly associated with their owners.