1

I need to support the following signature:

Sign the UTF-8 representation of the input using SHA256withRSA (also known as RSASSA-PKCS1-V1_5-SIGN with the SHA-256 hash function) with the private key obtained from the Google Developers Console. The output will be a byte array.

The following code fails, with "Invalid algorithem specified". Is this a limitation of .NET? Here is a snippet of my code:

var rsa2 = new RSAPKCS1SignatureFormatter(rsa);
rsa2.SetHashAlgorithm("SHA256");
bytes = rsa2.CreateSignature(bytes);

The above requirement is from computing the signature for a Server to Server Applications for Google API.

https://developers.google.com/accounts/docs/OAuth2ServiceAccount#computingsignature

Thanks for any help.

Karl..

Here is the code that signs the JWT. I've removed the use of RSAPKC1SingatureFormatter class and using another HASHCompute method in an effort to get something to work (still not working)

I'm not sure this is correct and unfortunately my response from the Rest service is always the same "Invalid Grant" so hard to tell. 

public string Generate(string HeadJWT, string ContentJWT, X509Certificate2 certificate)
{

  var bytes = Utility.getBytes(HeadJWT);
  var base64Head = Utility.Base64UrlEncode(bytes);

  // base64 Url Encode Payload (Json Content)
  bytes = Utility.getBytes(ContentJWT);
  var base64Payload = Utility.Base64UrlEncode(bytes);

  var secureInputValue = String.Format("{0}.{1}", base64Head, base64Payload);
  bytes = Stub.Jwt.Utility.getBytes(secureInputValue);
  bytes = Stub.Jwt.Utility.ComputeHMACSha265(bytes, certificate.PublicKey.EncodedKeyValue.RawData);

  _signature = Stub.Jwt.Utility.Base64UrlEncode(bytes);

  return String.Format("{0}.{1}.{2}", base64Head, base64Payload, _signature);
}
kstubs
  • 808
  • 4
  • 18
  • Any reason your not using the Google dot net client lib? Will make things easer for you. – Linda Lawton - DaImTo May 05 '14 at 06:49
  • Yes, I'm interested in learning the Google RESTful Api over learning the client lib. The documentation for Service Account seems straight forward enough, its just not working for some reason :| I'm including code here that generates the signed JWT.. – kstubs May 05 '14 at 06:54

1 Answers1

1

This cannot be a limitation of .NET in general, as the example Microsoft code seems to use "SHA256" itself. But it could be a limitation of your particular runtime.

Maarten Bodewes
  • 90,524
  • 13
  • 150
  • 263
  • My runtime, or the source private key? The private key comes from Google Server to Server application development console. I'm hoping someone with similar experience has been down this path and can help. This seems so trivial to follow but the trouble is in the details obviously. – kstubs May 05 '14 at 03:47
  • As a follow up to this, please see this thread in which I demonstrate 3 signing tests, one of which is a simple signing tests (like suggested here) that indeed works. So now I'm left with the question (does Google's certificate support signing SHA256) http://stackoverflow.com/questions/23501320/signing-data-with-google-service-account-private-key-fails – kstubs May 06 '14 at 18:11
  • Unfortunately I don't know the answer to that. If you take a look at my profile you will see that I've probably already scan all encryption and crypto Q/A :) – Maarten Bodewes May 06 '14 at 18:46
  • I appreciate the follow up owlstead. – kstubs May 06 '14 at 19:02