(Engine-Level Function)
| Description: | Generates a digital signature of a handle returned from Hash(). |
| Returns: | Text |
Usage:  |
Script Only. |
| Function Groups: | Cryptography |
| Related to: | CheckSignature | Hash |
| Format: |
GenerateSignature(HashObj [, Key, PaddingType, PadHashAlgorithm, SaltLength) |
| Parameters: |
| HashObj |
|
Required. Handle returned from a call to Hash() |
| Key |
| Optional. CNG (Cryptography New Generation) only. The cryptographic key to be used to sign the data. This must be an asymmetric private key. |
| PaddingType |
|
Optional integer. Can be one of the following values: Value~Meaning 0~No padding is to added to the plaintext data before signing. 1~Padding is added to the data before signing in accordance with the RSASSA-PKCS1-v1_5 scheme. 2~Padding is added to the data before signing in accordance with the RSASSA-PSS scheme. |
|
PadHashAlgorithm |
| Optional text value. The algorithm to be used for padding the data. The hash is then signed. |
| SaltLength |
| Optional integer. Only required for RSASSA-PSS padding. This is the length of the salt used by that scheme. |
| Comments | Using an asymmetric key for signing is quite expensive compared to an HMAC with a symmetric key. For this reason, the data itself is not signed, but hashed and then the hash signed. This is much more efficient. |
Examples
<
{========================== GenerateSignatureSample ==========================}
{ Sample code using GenerateSignature(). }
{=============================================================================}
GenerateSignatureSample
(
Message { Message to sign };
pPublicKeyBlob { Output, set to exported public key blob };
)
[
Protected Constant CALG_RSA_SIGN = 0x2400 { Key type };
Protected Constant PROV_RSA_AES = 24 { Enhanced RSA/AES provider };
Protected Constant KEY_SIZE = 2048 { 2048 bit keys };
Protected Constant PUBLICKEYBLOB = 6 { PUBLICKEYBLOB };
Protected Constant CRYPT_VERIFYCONTEXT = 0xF0000000 { CRYPT_VERIFYCONTEXT };
Protected CSP { Cryptographic context };
Protected HashObj { Intermediate handle returned from Hash() };
Protected Key { Handle to signing key pair };
Protected Signature { RSASSA-PKCS1-v1_5 signature };
]
Sign [
If 1;
[
{ Get cryptographic context }
CSP = GetCryptoProvider(PROV_RSA_AES, Invalid, Invalid, CRYPT_VERIFYCONTEXT);
{ Generate a RSA key pair for signing }
Key = GenerateKey(CSP, CALG_RSA_SIGN, (KEY_SIZE << 16));
{ Export the public key }
*pPublicKeyBlob = ExportKey(Key, PUBLICKEYBLOB);
{ Compute a SHA-256 hash of the message }
Hash(Message, 2 {SHA-256}, Invalid, HashObj, CSP);
{ Generate RSASSA-PKCS1-v1_5 signature }
Signature = GenerateSignature(HashObj);
Return(Signature);
]
]
{ End of GenerateSignatureSample }
>
Hash(HeaderBuffer, 2, Invalid, HashHandle); { Hash the header }
Hash(PayloadBuffer, 2, Invalid, HashHandle); { then the payload }
Signature = GenerateSignature(HashHandle, { Hash to sign }
Certificate.PrivateKey, { Private key to use }
2, { Use PSS padding }
"SHA256", { Padding algorithm }
32); { PSS salt length }
