How to store digital signature of file or text in C#?

1
votes

I am trying to digitally sign a file (Irrespective of extension) and it's NOT Xml file. So, SignedXml file of C# is not useful. I am able to generate signature by making use of the SHA256 and RSACryptoServiceProvider.SignHash. Now the issues where and how to store the generated digital-signature. Is there any standard or any API in .Net to store the digital signatures?

Update: Want to sign the data and share with the customer so that they can verify with any standardized tool. We are signing and someone else will be verifying. The file which we are sharing does not support signature like how XML or PDF supports. That is the problem. Yup, we have byte array after signature. So if customer wants to verify the signature, where is the information relating to the HASH algorithm and public certificate information that need to be verified with? For sharing the HASH, Public Certificate, Signature... am searching whether there is any standard mechanism

XML Signature Standard but I don't know whether there is any C# or .Net Core API which could do it for other resource types.

2
c#.netcryptographydigital-signature
There is no standarts where to store digital signatures. The same way there is no standarts where to store phrases "Hello World!". It's just a sequence of bytes - there is no special room for it. Store it where you need it, for example at the end of your file. - vasily.sib
The signature is a byte array, you could store it in your database as an binary column, but there is no standard on how to store data. Do whatever suits best your scenario. @vasily.sib Looks like is not only going to sign files, but also text/strings so your suggestion could not fit OP needs - Cleptus
@bradbury9, the very first sentence is telling me that OP is going to "sign a file (Irrespective of extension)", but it is irrelevant. If you sign a file, or a string, or any another bunch of bytes - there is no special place where you should store this signature. You may store it in DB, or in the same or another file, or in the system registry, or on the net cloud, or even in alternate data stream. It's all about your needs. - vasily.sib
Guys stop fighting. I have updated my question for more clarity. - Suman
@Suman Both of them agree though that there is no standard about storing the digital signature. You say you're using RSACryptoServiceProvider.SignHash, it should be obvious when you see the RSACryptoServiceProvider.VerifyHash also just ask for byte array, it doesn't care where you store them. - Martheen

2 Answers

0
votes

Use a container format like the Cryptographic Message Syntax or CMS or use OpenPGP. Of course, you will have to indicate that you use this to the receiver, but that's just how it is. CMS is probably easiest since Microsoft provides a .NET API for that. The resulting signature will contain the algorithm specifications and such. Moreover, there is an implementation in OpenSSL and e.g. BouncyCastle for Java.

0
votes

Assuming your want to create signatures in EU under eIDAS framework and want to produce .asice files then there are a few c# libraries like https://github.com/ks-no/fiks-asice-dotnet

If it was Java then I would definitely recommend https://github.com/open-eid/digidoc4j