Sign a file using a private key in .NET

Question

How do I sign a file using .NET and how do I then validate that the generated key is a valid one once I read it?

My goal is to have a text file with some values and a generated key. I then want to be able to check that generated key in the file to make no one has tampered with the values in the file once I sent the file to a customer.

Update: Found it here with some help from the answers.

Answer 1

Try this:

class Program
{
    static byte[] Sign(string message, RSAParameters key)
    {
        RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();
        rsa.ImportParameters(key);

        byte[] toSign = Encoding.Unicode.GetBytes(message);
        return rsa.SignData(toSign, "SHA1");
    }

    static bool Verify(string message, byte[] signature, RSAParameters key)
    {
        RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();
        rsa.ImportParameters(key);

        byte[] toVerify = Encoding.Unicode.GetBytes(message);
        return rsa.VerifyData(toVerify, "SHA1", signature);
    }

    static void Main(string[] args)
    {
        string message = "Let's sign this message.";

        RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(); // Creates a new RANDOM key.
        RSAParameters privatekey = rsa.ExportParameters(true);
        RSAParameters publickey = rsa.ExportParameters(false);

        byte[] signature = Sign(message, privatekey);

        if (Verify(message, signature, publickey))
        {
            Console.WriteLine("It worked!");
        }
    }
}

It's important to note that a new public/private keypair is generated everytime you start this program. In order to do what you want, you'll want to save the public/private keypair before using it at both ends. Your public key is the only thing you need to verify, so your private key will not be published to the client.

You might want to take a look at ExportParameters or ExportCspBlob to accomplish saving/loading the public/private keypair.