Verify signature with public key only (C#)

Question

I have two applications. One that signs a file and the other that verifies.

The signing application does the following:

X509Certificate2 certificate = new X509Certificate2(PROJECT_DIR_PATH + "cert.pfx", "password");

using (RSA rsa = certificate.GetRSAPrivateKey())
{
    signature = rsa.SignData(exeContent, HashAlgorithmName.SHA1, RSASignaturePadding.Pkcs1);
}

cert.pfx is a self-signed certificate, generated with Openssl.

The verifying application:

X509Certificate2 certificate = new X509Certificate2(PROJECT_DIR_PATH + "cert.pfx", "password");

using (RSA rsa = certificate.GetRSAPublicKey())
{
    return rsa.VerifyData(exeContentWithoutSignature, signature, HashAlgorithmName.SHA1, RSASignaturePadding.Pkcs1);
}

As I understand the .pfx file contains public and private key information, thus I should not make it available to anyone. As I know, only the public key is needed for the verification step. How can I use rsa.VerifyData or other functions to verify the signature without exposing my pfx file?

You need them in two separate files and only expose the public key file. — spodger

Chris Chris · Accepted Answer · 2019-03-21T10:15:08

I already had .pfx file that can be generated this way:

openssl req -x509 -days 365 -newkey rsa:2048 -keyout test-key.pem -out test-cert.pem
openssl pkcs12 -export -in test-cert.pem -inkey test-key.pem -out test-cert.pfx

In order to extract a certificate containing only public key following command can be used:

openssl pkcs12 -in test-cert.pfx -clcerts -nokeys -out cert.pem

-clcerts - Only output client certificates.
-nokeys - Don't output private keys.

Cert.pem can be used to create an instance of X509Certificate2:

X509Certificate2 certificate = new X509Certificate2(PROJECT_DIR_PATH + "test-cert.pem");

using (RSA rsa = certificate.GetRSAPublicKey())
{
    return rsa.VerifyData(exeContentWithoutSignature, signature, HashAlgorithmName.SHA1, RSASignaturePadding.Pkcs1);
}

Verify signature with public key only (C#)

1 Answers