We Keep Coding

How do I sign with HashiCorp Vault

i don't know if this question is very easy and I just didn't figure it out how to sign with HashiCorp-Vault´s Api VaultSharp, but I am despairing.
The entire Documentation with examples can be found here: https://github.com/rajanadar/VaultSharp
Encryption and Decryption works fine. Only Signing is a problem.
Code for Encryption:
public byte[] EncryptData(byte[] data, string keyName)
{
SecretsEngine transitSecretsEngine = new SecretsEngine
{
Type = SecretsEngineType.Transit,
Path = path
};
Client.V1.System.MountSecretBackendAsync(transitSecretsEngine).Wait();
Client.V1.Secrets.Transit.CreateEncryptionKeyAsync(keyName, new CreateKeyRequestOptions()
{
Exportable = true
}, path).Wait();
EncryptRequestOptions encryptOptions = new EncryptRequestOptions
{
Base64EncodedPlainText = Convert.ToBase64String(data),
ConvergentEncryption = true,
};
Secret<EncryptionResponse> encryptionResponse = Client.V1.Secrets.Transit.EncryptAsync(keyName,
encryptOptions, path).Result;
string cipherText = encryptionResponse.Data.CipherText;
return Encoding.Unicode.GetBytes(cipherText);
}
Code for Decryption:
public byte[] DecryptData(string ciphertext, string keyName)
{
DecryptRequestOptions decryptOptions = new DecryptRequestOptions
{
CipherText = ciphertext,
};
Secret<DecryptionResponse> decryptionResponse = Client.V1.Secrets.Transit.DecryptAsync(keyName,
decryptOptions, path).Result;
return Convert.FromBase64String(decryptionResponse.Data.Base64EncodedPlainText);
}
Here is my Code Trial for signing:
public byte[] Sign(byte[] plaintextBytes, string keyName)
{
byte[] hash = ComputeHash(plaintextBytes,SHA256.Create());
GCKMS.SignatureOptions options = new GCKMS.SignatureOptions()
{
Digest = Convert.ToBase64String(hash),
};
Secret<GCKMS.SignatureResponse> result = Client.V1.Secrets.GoogleCloudKMS.SignAsync(keyName,
options).Result;
return Encoding.Unicode.GetBytes(result.Data.Signature);
}
The Error is:
VaultSharp.Core.VaultApiException: {"errors":["no handler for route
'gcpkms/sign/Manuel'"]}
Last but not least my Code for validating the signature:
public bool ValidateSignature(byte[] plaintextByte, byte[] signature, string keyName)
{
GCKMS.VerificationOptions option = new GCKMS.VerificationOptions
{
Digest = Encoding.Unicode.GetString(ComputeHash(plaintextByte)),
Signature = Encoding.Unicode.GetString(signature)
};
Secret<GCKMS.VerificationResponse> result =
Client.V1.Secrets.GoogleCloudKMS.VerifyAsync(keyName, option).Result;
return result.Data.Valid;
}
I am not sure but this could be because I don't use a SecretsEngine with a Path. I could not find any SecretsEngine for GoogleCloudKms.
Useful information:
I generate the Path with Guid.NewGuid().ToString();.
ComputeHash is a self written Function that computes the Hash with a give Algorithm. The
default algorithm is SHA256.
GCMS is a short version of the Namespace VaultSharp.V1.SecretsEngines.GoogleCloudKMS
Any ideas and suggestions are very welcome.
Thanks in advance!

Although Vault offers convenient signature with Transit, the C# wrapper you are using does not support it.
Google KMS does offer signature, but its interface is more complex: you have to do the hash yourself and keep track of the key versions.
What I suggest is that you play a trick on your API wrapper:
Leave your encryption and decryption code as-is
Write to the the Transit backend as if it was a KV store version 1
Get your signature by sending your payload as the input parameter
You still have to base64 your data before sending it to Vault, to avoid binary encoding issues.
So assuming that:
You want to sign the text StackOverflow
The transit back-end is mounted under transit
Your signature key is named my-key
This should get you started:
var value = new Dictionary<string, object> { "input", Convert.ToBase64String(Encoding.UTF8.GetBytes("StackOverflow")) } };
var writtenValue = await vaultClient.V1.Secrets.KeyValue.V1.WriteSecretAsync("sign/my-key", value, "transit");

How to use Poloniex API with C# for getting real-time price data

I am using C# code for connecting to Poloniex website, a
cryptocurrency exchange. I have two keys, the first is API key, the last is created by Poloniex and sent me via email. I used the first
key for PublicKey and the last for PrivateKey. PublicKey and
PrivateKey on the ApiKeys.cs class. When I executed the program, I
got the error
Additional information: The remote server returned an
error: (403) Forbidden".
The link for the [PoloniexApi.Net] project(https://github.com/kripod/PoloniexApi.Net)
struct ApiKeys
{
// WARNING: In order not to expose the changes of this file to git, please
// run the following command every time you clone the repository:
// git update-index --assume-unchanged "PoloniexApi.Net.Demo\ApiKeys.cs"
internal const string PublicKey = "mypublickey";
internal const string PrivateKey = "myprivatekey";
}
PublicKey: API key on the Poloniex
PrivateKey: The key Poloniex sent to email

It is necessary to take the exception block. Example:
try
{
var curr = CurrencyPair.Parse(Scurr);
var trade = await PoloniexClient.Trading.GetTradesAsync(curr);
dataGridTradeHistory.Rows.Clear();
foreach (var trd in trade)
{
dataGridTradeHistory.Rows.Add(trd.Time, trd.Type, trd.IdOrder.ToString(),
trd.PricePerCoin, trd.AmountBase, trd.AmountQuote);
}
}
catch { }

How to validate a certificate chain from a specific root CA in C#

I have a certificate chain that looks like this: root CA -> intermediate CA -> client certificate. How can I validate that a received certificate is explicitly created by "root CA"?
To validate the whole chain is not a problem. This can be done like this:
X509Certificate2 rootCert = new X509Certificate2(rootCertFile);
X509Certificate2 intermediateCert = new X509Certificate2(intermediateCertFile);
X509Certificate2 clientCert = new X509Certificate2(clientCertFile);
chain.ChainPolicy.ExtraStore.Add(rootCert);
chain.ChainPolicy.ExtraStore.Add(intermediateCert);
if(chain.Build(clientCert))
{
// ... chain is valid
}
The issue here is that the certificate gets validated against the (Windows) certificate store but I just want to validate it against a specific root CA.
I also thought that it would be possible to check if the chain.ChainElements contains my expected root CA. But what if someone sends me a valid chain from a different root CA and just adds the my expected root CA?

The certificate chain API checks that each element signed the preceding element, so there's no way that someone can just tack your root CA on the end (provided you're not using something like a 384-bit RSA key with MD5 signatures, in which case they can just forge your signature).
You can encode any extra checks that you like, such as that you know none of your chains will exceed length 3 (though you could just have encoded that in your root CA's X509 Basic Constraints extension).
if (!chain.Build(cert))
{
return false;
}
if (chain.ChainElements.Length > 3)
{
return false;
}
X509Certificate2 chainRoot = chain.ChainElements[chain.ChainElements.Length - 1].Certificate;
return chainRoot.Equals(root);
If you prefer the last line could be return root.RawData.SequenceEquals(chainRoot.RawData); (ensure they have the same bytes).
Some things of note:
When you call X509Chain.Build() every X509Certificate2 object it returns via an X509ChainElement is a new object. You may wish to Dispose any of the objects you aren't returning (which may be all of them).
Even when chain.Build returns false it will populate the ChainElements array so you can inspect why.
The X509Chain object itself is Disposable, you likely want to Dispose it (which you might already be doing outside of your snippet).
Disposing the chain won't Dispose any of the created certificates, since you could have been holding an object reference already.

The X509Chain does not work reliably for scenarios where you do not have the root certificate in the trusted CA store on the machine.
Others will advocate using bouncy castle. I wanted to avoid bringing in another library just for this task, so I wrote my own.
As see in RFC3280 Section 4.1 the certificate is a ASN1 encoded structure, and at it's base level is comprised of only 3 elements.
The "TBS" (to be signed) certificate
The signature algorithm
and the signature value
Certificate ::= SEQUENCE {
tbsCertificate TBSCertificate,
signatureAlgorithm AlgorithmIdentifier,
signatureValue BIT STRING
}
C# actually has a handy tool for parsing ASN1, the System.Formats.Asn1.AsnDecoder.
Using this, we can extract these 3 elements from the certificate to verify the chain.
The first step was extracting the certificate signature, since the X509Certificate2 class does not expose this information and it is necessary for the purpose of certificate validation.
Example code to extract the signature value part:
public static byte[] Signature(
this X509Certificate2 certificate,
AsnEncodingRules encodingRules = AsnEncodingRules.BER)
{
var signedData = certificate.RawDataMemory;
AsnDecoder.ReadSequence(
signedData.Span,
encodingRules,
out var offset,
out var length,
out _
);
var certificateSpan = signedData.Span[offset..(offset + length)];
AsnDecoder.ReadSequence(
certificateSpan,
encodingRules,
out var tbsOffset,
out var tbsLength,
out _
);
var offsetSpan = certificateSpan[(tbsOffset + tbsLength)..];
AsnDecoder.ReadSequence(
offsetSpan,
encodingRules,
out var algOffset,
out var algLength,
out _
);
return AsnDecoder.ReadBitString(
offsetSpan[(algOffset + algLength)..],
encodingRules,
out _,
out _
);
}
The next step is to extract the TBS certificate. This is the original data which was signed.
example code to extract the TBS certificate data:
public static ReadOnlySpan<byte> TbsCertificate(
this X509Certificate2 certificate,
AsnEncodingRules encodingRules = AsnEncodingRules.BER)
{
var signedData = certificate.RawDataMemory;
AsnDecoder.ReadSequence(
signedData.Span,
encodingRules,
out var offset,
out var length,
out _
);
var certificateSpan = signedData.Span[offset..(offset + length)];
AsnDecoder.ReadSequence(
certificateSpan,
encodingRules,
out var tbsOffset,
out var tbsLength,
out _
);
// include ASN1 4 byte header to get WHOLE TBS Cert
return certificateSpan.Slice(tbsOffset - 4, tbsLength + 4);
}
You may notice that when extracting the TBS certiifcate I needed to include the ASN1 header in the data, this is because the signature of the TBS Certificate INCLUDES this data (this annoyed me for a while).
For the first time in history, Microsoft does not impede us with their API design, and we are able to obtain the Signature Algorithm directly from the X509Certificate2 object. Then we just need to decide to what extent we are going to implement different hash algorithms.
var signature = signed.Signature();
var tbs = signed.TbsCertificate();
var alg = signed.SignatureAlgorithm;
// https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-gpnap/a48b02b2-2a10-4eb0-bed4-1807a6d2f5ad
switch (alg)
{
case { Value: var value } when value?.StartsWith("1.2.840.113549.1.1.") ?? false:
return signedBy.GetRSAPublicKey()?.VerifyData(
tbs,
signature,
value switch {
"1.2.840.113549.1.1.11" => HashAlgorithmName.SHA256,
"1.2.840.113549.1.1.12" => HashAlgorithmName.SHA384,
"1.2.840.113549.1.1.13" => HashAlgorithmName.SHA512,
_ => throw new UnsupportedSignatureAlgorithm(alg)
},
RSASignaturePadding.Pkcs1
) ?? false;
case { Value: var value } when value?.StartsWith("1.2.840.10045.4.3.") ?? false:
return signedBy.GetECDsaPublicKey()?.VerifyData(
tbs,
signature,
value switch
{
"1.2.840.10045.4.3.2" => HashAlgorithmName.SHA256,
"1.2.840.10045.4.3.3" => HashAlgorithmName.SHA384,
"1.2.840.10045.4.3.4" => HashAlgorithmName.SHA512,
_ => throw new UnsupportedSignatureAlgorithm(alg)
},
DSASignatureFormat.Rfc3279DerSequence
) ?? false;
default: throw new UnsupportedSignatureAlgorithm(alg);
}
As shown in the code above, https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-gpnap/a48b02b2-2a10-4eb0-bed4-1807a6d2f5ad is a good resource to see the mapping of algorithms and OIDs.
Another thing you should be aware of is that there are some articles out there that claim that for elliptical curve algorithms, microsoft expects a R,S formatted key instead of a DER formatted key. I tried to convert the key to this format but it ultimately didn't work. What I discovered was that it was necessary to use the DSASignatureFormat.Rfc3279DerSequence parameter.
Additional certificate checks, like "not before" and "not after", or CRL and OCSP checks can be done in addition to the chain verification.

ASP.Net equivalent of openssl_private_decrypt and openssl_pkey_get_private

I want to decrypt text in ASP.Net.
The working code to decrypt the text in PHP is:
function rsaDecryption($dataEncrypted, &$dataDecrypted)
{
// Decrypt argument
$key = openssl_pkey_get_private(RsaKeyPrivate, RsaKeyPassphrase);
if (FALSE == $key)
{
echo("Failed to get the private key<br />\n");
return false;
}
if(!openssl_private_decrypt($dataEncrypted, $dataDecrypted, $key))
{
echo("Failed to decrypt message.<br />\n");
return false;
}
return TRUE;
}
I saw several articles on the web, but none was clear to me. This article (16319559) is the opposite than what I asked, but that was not really clear either.
The private key looks something like this
String myPrivateKey = "-----BEGIN RSA PRIVATE KEY-----\n<whole bunch of characters>==\n-----END RSA PRIVATE KEY-----
What are the equivalent C# methods?
UPDATE:
I created a method using a couple of answers.
Decode string-based key using PEM function, see here.
OpenSSL code, DecodeRsaPrivateKey() and GetIntegerSize(), see here.
I also needed the following:
String strArgHtmlDecoded = HttpUtility.UrlDecode(dataEncrypted);
Byte[] byArgNo64 = Convert.FromBase64String(strArgHtmlDecoded);
That results in
Byte[] byArgDecrypted = oProviderRsa.Decrypt(byArgNo64, false);
strDecrypted = Encoding.Default.GetString(byArgDecrypted);

I figured it out.
The answer was a collection of code from various places.
The link in the comment was part of it. I saw that same article once before, but without the other code, I did not see the relevance.
See my update for the final answer.

RSA Encryption causes errors

I'm hoping you can help me with a weird error I've been getting while trying to implement a QueryString encryption module using RSA for my encryption type. My question is 2 fold:
Can you help me resolve the errors I'm getting?
Do you recommend something other than RSA to encrypt a QueryString?
Background/Important info:
I created an object called QueryString, which i store in the session (and which uses the SessionID to generate keys/salt). I instantiate it on Session Start, which generates the keys, and it naturally dies on Session.Abandon... I retrieve it in my BasePage and use it in my pages afterword much like i would a normal querystring (QueryString[key] for gets and stuff)... I store my Public and Private keys in the object itself, as internal properties to the object.
Another important thing is that my web site has a lot of grids, whithin which a record rows that contain links, and so they all have to be encrypted before they are set (href=...)... so the QueryString object i created can get taxed quite a bit and quite quickly (while looping with OnRowCreated or something to encrypt the hrefs).
The error(s):
i am currently getting intermittent errors, that cannot be reproduced (they happen at random... trust me... very random), of the following types when i try to either Encrypt or Decrypt:
Error type 1: CreateProvHandle
Error type 2: The specified file could not be found.
Error type 3: Attempted to perform an unauthorized operation.
For errors 1 and 2, i managed to deal with it so far by simply recursively calling the method (encrypt or decrypt) that caused it and they usually only recurse once (max i've had is 3 using my metrics) and the error magically disappears... so i blamed it on too many calls too fast to the object itself or something... but if someone has any clue as to why this would happen or how to solve this, i would love to take the recursing out of my methods and truly throw when a major exception occurs instead. On top of that i told my RSA params not to persist anything in the CSP store and so i thought the file thing didn't matter but apparently not...
For error 3, i simply cannot get my head around it! My RSA parameters say not to persist anything in the CSP so i don't know how, when or why it would even try to access files (yes, i am repeating myself!), let alone files that are restricted or that the user wouldn't have access to? Please help me!!
Here's some code for my RSA params... maybe you'll find something there that doesn't jive with what i'm trying to do (generate the keys once on object instantiation, store the object in the session, and use that from that point on/disconnect from anything remote/calls to server processes that are not part of the site or .NET)?
public static void AssignParameter()
{
const int PROVIDER_RSA_FULL = 1;
const string CONTAINER_NAME = "ICareContainer";
CspParameters cspParams;
cspParams = new CspParameters(PROVIDER_RSA_FULL);
cspParams.KeyContainerName = CONTAINER_NAME;
cspParams.Flags = CspProviderFlags.UseMachineKeyStore;
cspParams.ProviderName = "Microsoft Strong Cryptographic Provider";
CryptoKeyAccessRule rule = new CryptoKeyAccessRule("everyone", CryptoKeyRights.FullControl, AccessControlType.Allow);
cspParams.CryptoKeySecurity = new CryptoKeySecurity();
cspParams.CryptoKeySecurity.SetAccessRule(rule);
rsa = new RSACryptoServiceProvider(cspParams);
rsa.PersistKeyInCsp = false;
rsa.KeySize = 1024;
}
public static string[] GetKeys()
{
AssignParameter();
string[] keys = new string[2];
//privatekey
keys[0] = rsa.ToXmlString(true);
//publickey
keys[1] = rsa.ToXmlString(false);
return keys;
}
public static string EncryptData(string data2Encrypt, string key)
{
AssignParameter();
string publicOnlyKeyXML = key;
rsa.FromXmlString(publicOnlyKeyXML);
//read plaintext, encrypt it to ciphertext
byte[] plainbytes = System.Text.Encoding.Default.GetBytes(data2Encrypt);
byte[] cipherbytes = rsa.Encrypt(plainbytes, false);
return Convert.ToBase64String(cipherbytes);
}
public static string DecryptData(string data2Decrypt, string key)
{
AssignParameter();
byte[] getpassword = Convert.FromBase64String(data2Decrypt);
string publicPrivateKeyXML = key;
rsa.FromXmlString(publicPrivateKeyXML);
//read ciphertext, decrypt it to plaintext
byte[] plain = rsa.Decrypt(getpassword, false);
return System.Text.Encoding.Default.GetString(plain);
}

Ah yes... stupid mistake (aren't they always?):
Normal Class
Static Crypto Class
End Static
End Normal
Can you find the problem and why i was getting collision errors? I've changed the Static to be Normal and all is well in my neck of the woods.
Cheers!