.NET Core 2.0 Crypto sample not working - Error Cng v4.3 uses Algorithms v4.3 higher than referenced Algorithms v4.2

Question

So I'm trying to get a sample compiling from .NET Core Api Docs ECDsaCng Class. I got compile errors about are you missing an assembly. I downloaded .NET Core 2.0 and then added reference to newly installed C:\Program Files\dotnet\shared\Microsoft.NETCore.App\2.0.0\System.Security.Cryptography.Cng.dll and some terms turned from black to light blue showing token recgonition but I got compile errors, I'm guessing this is a versioning issue.

I started again from scratch after I installed .NET Core 2.0 in case people are wondering. So this is a project created newly by the New Project Wizard with a fresh install. So I'm stuck now (I'm the kind of guy who'll close all the windows and open them up again).

The code is given below. and a typical error message is given as a block quote underneath.

// https://learn.microsoft.com/en-gb/dotnet/api/system.security.cryptography.ecdsacng?view=netcore-2.0
using System;
using System.IO;
using System.Security.Cryptography;
using System.Text;

//Added Dependencies/Reference to C:\Program Files\dotnet\shared\Microsoft.NETCore.App\2.0.0\System.Security.Cryptography.Cng.dll;

Namespace DotNetCoreEllipticCurveDigitalSignerConsl
{
    class Alice
    {
        public static void Main(string[] args)
        {
            Bob bob = new Bob();
            using (ECDsaCng dsa = new ECDsaCng())
            {
                dsa.HashAlgorithm = CngAlgorithm.Sha256;
                bob.key = dsa.Key.Export(CngKeyBlobFormat.EccPublicBlob);

                byte[] data = new byte[] { 21, 5, 8, 12, 207 };

                byte[] signature = dsa.SignData(data);

                bob.Receive(data, signature);
            }
        }


    }
    public class Bob
    {
        public byte[] key;

        public void Receive(byte[] data, byte[] signature)
        {
            using (ECDsaCng ecsdKey = new ECDsaCng(CngKey.Import(key, CngKeyBlobFormat.EccPublicBlob)))
            {
                if (ecsdKey.VerifyData(data, signature))
                    Console.WriteLine("Data is good");
                Else
                    Console.WriteLine("Data is bad");
            }
        }
    }
}

Severity Code Description Project File Line Suppression State Error CS1705 Assembly 'System.Security.Cryptography.Cng' with identity 'System.Security.Cryptography.Cng, Version=4.3.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a' uses 'System.Security.Cryptography.Algorithms, Version=4.3.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a' which has a higher version than referenced assembly 'System.Security.Cryptography.Algorithms' with identity 'System.Security.Cryptography.Algorithms, Version=4.2.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a' DotNetCoreEllipticCurveDigitalSignerConsl c:\users\simon\documents\visual studio 2017\Projects\DotNetCoreEllipticCurveDigitalSignerConsl\DotNetCoreEllipticCurveDigitalSignerConsl\CSC 1 Active

EDIT: Adding csproj file as per request in comments

<Project Sdk="Microsoft.NET.Sdk">

  <PropertyGroup>
    <OutputType>Exe</OutputType>
    <TargetFramework>netcoreapp1.1</TargetFramework>
  </PropertyGroup>

  <ItemGroup>
    <Reference Include="System.Security.Cryptography.Cng">
      <HintPath>..\..\..\..\..\..\..\Program Files\dotnet\shared\Microsoft.NETCore.App\2.0.0\System.Security.Cryptography.Cng.dll</HintPath>
    </Reference>
  </ItemGroup>

</Project>

EDIT: I have manually edited csproj file to TargetFramework netcoreapp2.0 as per this blog Rick Strahl (MVP) Upgrading to .NET Core 2.0 Preview Upon reoping the project there was a delay an in the Output window output from Package Manager said Restoring NuGet packages... and the status bar said Installing Microswoft.NET.Core.App 2.0.0. Then the compilation error red squigglies disappeared.

And now it compiles, good news. Bad news is there is now a runtime error

Answer 1

I created a new .NET Core 2 Console App on a Windows 10 machine, referenced System.Security.Cryptography.Cng as a NuGet package and copied your code.

I got a NullReferenceException. The problem is, the ECDSA algorithm doesn't seem to know the hash algorithm, as it doesn't get it from the public key... Setting it manually works for me:

class Alice
{
    public static void Main(string[] args)
    {
        Bob bob = new Bob();
        using (ECDsaCng dsa = new ECDsaCng())
        {
            dsa.HashAlgorithm = CngAlgorithm.Sha256;
            bob.key = dsa.Key.Export(CngKeyBlobFormat.EccPublicBlob);

            byte[] data = new byte[] { 21, 5, 8, 12, 207 };

            byte[] signature = dsa.SignData(data);

            bob.Receive(data, signature);
        }
    }


}
public class Bob
{
    public byte[] key;

    public void Receive(byte[] data, byte[] signature)
    {
        using (ECDsaCng ecsdKey = new ECDsaCng(CngKey.Import(key, CngKeyBlobFormat.EccPublicBlob)))
        {
            // set hash algorithm manually here
            ecsdKey.HashAlgorithm = CngAlgorithm.Sha256;
            if (ecsdKey.VerifyData(data, signature))
                Console.WriteLine("Data is good");
            else
                Console.WriteLine("Data is bad");
        }
    }
}

Answer 2

You should not be adding direct references to files in the SDK. What you need to do is add a reference to the package System.Security.Cryptography.Cng, then it will detect that you are using a package you have locally and use it instead of downloading a new copy.