Home/ Questions/Q 5994687
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-22T23:51:13+00:00

PHP code verifies iPizza signature from bank: $key = openssl_pkey_get_public (file_get_contents ($preferences[‘bank_certificate’])); if (!openssl_verify

  • 0

PHP code verifies iPizza signature from bank:

$key = openssl_pkey_get_public (file_get_contents ($preferences['bank_certificate'])); 
if (!openssl_verify ($data, $signature, $key)) { 
    trigger_error ("Invalid signature", E_USER_ERROR); 
    }

I tried to convert it to ASP .NET using

SHA1CryptoServiceProvider sha1 = new SHA1CryptoServiceProvider();
X509Certificate2 cert = new X509Certificate2(HttpContext.Current.Request.MapPath("~/App_Data/bankert.crt"), "");
RSACryptoServiceProvider rsaCryptoIPT = new RSACryptoServiceProvider();
rsaCryptoIPT.ImportCspBlob(cert.RawData);
if (!rsaCryptoIPT.VerifyData(data, CryptoConfig.MapNameToOID("SHA1"), signature))
    throw new InvalidOperationException("Invalid signature from bank ");

but line rsaCryptoIPT.ImportCspBlob(cert.RawData) causes Cryptography.CryptographicException invalid provider version:

  StackTrace:
       at System.Security.Cryptography.CryptographicException.ThrowCryptogaphicException(Int32 hr)
       at System.Security.Cryptography.Utils._ImportCspBlob(Byte[] keyBlob, SafeProvHandle hProv, CspProviderFlags flags, SafeKeyHandle& hKey)
       at System.Security.Cryptography.Utils.ImportCspBlobHelper(CspAlgorithmType keyType, Byte[] keyBlob, Boolean publicOnly, CspParameters& parameters, Boolean randomKeyContainer, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle)
       at System.Security.Cryptography.RSACryptoServiceProvider.ImportCspBlob(Byte[] keyBlob)
...

How to fix ?

bank_certificate file contains

—–BEGIN CERTIFICATE—– MIIDRTCCAq6gAwIBAgIBADANBgkqhkiG9w0BAQQFADB7MQswCQYDVQQGEwJFRTEO
….
C82uR/wUZJDw9kj+R1O46/byG8yA+S9FVw==
—–END CERTIFICATE—–

UPDATE: I changed code according to tyranid answer to

var cert = new X509Certificate2(HttpContext.Current.Request.MapPath("~/App_Data/banksert.crt"), "");
var rsaCryptoIPT = (RSACryptoServiceProvider)cert.PublicKey.Key;
var sha1 = new SHA1CryptoServiceProvider();
if (!rsaCryptoIPT.VerifyData(data, sha1, signature))
  throw new InvalidOperationException("Invalid signature from bank ");

This code causes Invalid signature from bank exception. Inspecting cert object in shows cert data.
How to fix this so that signature is validated?
Debugger shows that bank cert valid date has expired. Maybe this causes error or VerifyDate second parameter is wrong.

I can successfully sign the data and bank accepts signature using code

SHA1CryptoServiceProvider sha1 = new SHA1CryptoServiceProvider();
X509Certificate2 cert = new X509Certificate2(HttpContext.Current.Request.MapPath("~/App_Data/P12File.p12"), "");
RSACryptoServiceProvider rsaCryptoIPT = (RSACryptoServiceProvider)cert.PrivateKey;
byte[] binSignature = rsaCryptoIPT.SignData(binData, sha1);

Verifying bank signature should be reverse to this process, same algorithms are used. How to verify signature ?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Do you have Enhanced crypto provider installed?
    Actually, to not depend on crypto providers, you can use other libraries, which implements all the cryptography stuff in native code. I know about EldoS SecureBlackbox (which is commercial), and Bouncy Castle (free one), however there can be other libraries on market.

    • 0