Hash digest

For interoperability with the openssl dgst command, we can use the  DidiSoft.OpenSsl.OpenSslDigest class. The provided methods can create hash digest, signatures with private keys and HMAC (hashed message authentication code.

Hash digest

Signing with a private key

Hash digest

Hash digest is just produced by applying a hash function over the input data.

Raw hash as byte array is produced with the OpenSslDigest.Hash method. If we need a hexadecimal representation of the hash like the one produced with openssl dgst -hex then the OpenSslDigest.HashAsHex method shall be used instead.

Hash of a string

C# example

DidiSoft.OpenSsl.OpenSslDigest dgst = new DidiSoft.OpenSsl.OpenSslDigest();
byte[] digest = dgst.Hash(HashAlgorithm.Sha1, "Hello World");
Console.WriteLine(OpenSslUtil.ToHexString(digest));

VB.NET example

Dim dgst As New DidiSoft.OpenSsl.OpenSslDigest()
Dim digest As Byte() = dgst.Hash(HashAlgorithm.Sha1, "Hello World")
Console.WriteLine(OpenSslUtil.ToHexString(digest))

Hash of a File

C# example

DidiSoft.OpenSsl.OpenSslDigest dgst = new DidiSoft.OpenSsl.OpenSslDigest();
byte[] digest = dgst.Hash(HashAlgorithm.Sha1, new FileInfo("myfile.dat"));
Console.WriteLine(OpenSslUtil.ToHexString(digest));

VB.NET example

Dim dgst As New DidiSoft.OpenSsl.OpenSslDigest()
Dim digest As Byte() = dgst.Hash(HashAlgorithm.Sha1, New FileInfo("myfile.dat"))
Console.WriteLine(OpenSslUtil.ToHexString(digest))

Hash of a Stream

C# example

DidiSoft.OpenSsl.OpenSslDigest dgst = new DidiSoft.OpenSsl.OpenSslDigest();
using (Stream s = File.OpenRead("myfile.dat"))
{
  byte[] digest = dgst.Hash(HashAlgorithm.Sha1, s);
  Console.WriteLine(OpenSslUtil.ToHexString(digest));
}

VB.NET example

Dim dgst As New DidiSoft.OpenSsl.OpenSslDigest()
Using s As Stream = File.OpenRead("myfile.dat")
  Dim digest As Byte() = dgst.Hash(HashAlgorithm.Sha1, New FileInfo("myfile.dat"))
  Console.WriteLine(OpenSslUtil.ToHexString(digest))
End Using

Hash of a byte array

C# example

DidiSoft.OpenSsl.OpenSslDigest dgst = new DidiSoft.OpenSsl.OpenSslDigest();
byte[] data = new byte[] { 1, 2, 3, 4, 5 };
byte[] digest = dgst.Hash(HashAlgorithm.Sha1, data);
Console.WriteLine(OpenSslUtil.ToHexString(digest));

VB.NET example

Dim dgst As New DidiSoft.OpenSsl.OpenSslDigest()
Dim input As Byte() = New Byte() {1, 2, 3, 4, 5}
Dim digest As Byte() = dgst.Hash(HashAlgorithm.Sha1, input)
Console.WriteLine(OpenSslUtil.ToHexString(digest))

Signing with a private key and verifying with a public key

Signing with a private key performed with the OpenSslDigest.Sign methods are equivalent of openssl dgst -sign. An additional benefit provided by this method is that the format of the private key doesn’t have to be specified, as it is determined by the library.
Verifying a signature with the OpenSslDigest.Verify methods are similar to openssl dgst -verify.

Sign/verify a string

The signature produced when signing a String message can be a hexadecimal string or base-64 encoded (using OpenSslDigest.SignString) or a byte array (OpenSslDigest.SignStringRaw). The example below illustrates both approaches:

C# example

using System;
using DidiSoft.OpenSsl;
 
public class SignVerifyString
{
 public static void Demo()
 {
  string inputData = "Hello world";
 
  OpenSslDigest dgst = new OpenSslDigest();
  // Equivalent of openssl dgst -sha256 -sign Data\private_key.pem
  byte[] signature = dgst.SignStringRaw(inputData, @"Data\private_key.pem", HashAlgorithm.Sha256);
 
  bool base64Encode = true;
  // Equivalent of openssl dgst -sha256 -sign Data\private_key.pem -hex
  string signatureAsBase64 = dgst.SignString(inputData, @"Data\private_key.pem", HashAlgorithm.Sha256, base64Encode);
 
  bool signatureCheck = dgst.VerifyString(inputData, signature, @"Data\public.crt", HashAlgorithm.Sha256);
 }
}

VB.NET example

Imports System
Imports DidiSoft.OpenSsl
 
Public Class SignVerifyString
 Public Shared Sub Demo()
  Dim inputData As String = "Hello world"
 
  Dim dgst As New OpenSslDigest()
  // Equivalent of openssl dgst -sha256 -sign Data\private_key.pem
  Dim signature As Byte() = dgst.SignStringRaw(inputData, "Data\private_key.pem", HashAlgorithm.Sha256)
 
  ' Equivalent of openssl dgst -sha256 -sign Data\private_key.pem -hex
  Dim signatureInBase64 As String = dgst.SignString(inputData, "Data\private_key.pem", HashAlgorithm.Sha256, base64Encode:=True)
 
  Dim signatureCheck As Boolean = dgst.VerifyString(inputData, signature, "Data\public.crt", HashAlgorithm.Sha256)
 End Sub
End Class

Sign/verify a File

C# example

using System;
using DidiSoft.OpenSsl;
 
public class SignVerifyFile
{
 public static void Demo()
 {
  OpenSslDigest dgst = new OpenSslDigest();
  // Equivalent of openssl dgst -sha256 -sign Data\private_key.pem ...
  dgst.SignFile(@"Data\Input.txt", @"Data\private_key.pem", @"Data\signature.sig", HashAlgorithm.Sha256);
 
  bool signatureCheck = dgst.VerifyFile(@"Data\Input.txt", @"Data\signature.sig", @"Data\public.crt", HashAlgorithm.Sha256);
 }
}

VB.NET example

Imports System
Imports DidiSoft.OpenSsl
 
Public Class SignVerifyFile
 Public Shared Sub Demo()
  Dim dgst As New OpenSslDigest()
  ' Equivalent of openssl dgst -sha256 -sign Data\private_key.pem ...
  dgst.SignFile("Data\Input.txt", "Data\private_key.pem", "Data\signature.sig", HashAlgorithm.Sha256)
 
  Dim signatureCheck As Boolean = dgst.VerifyFile("Data\Input.txt", "Data\signature.sig", "Data\public.crt", HashAlgorithm.Sha256)
 End Sub
End Class

Sign/verify a Stream

C# example

using System;
using System.IO;
using DidiSoft.OpenSsl;
 
public class SignVerifyStream
{
 public static void Demo()
 {
  byte[] signature;
 
  OpenSslDigest dgst = new OpenSslDigest();
  using (Stream inputStream = File.OpenRead(@"Data\Input.txt"))
  {
	signature = dgst.SignStream(inputStream, @"Data\private_key.pem", HashAlgorithm.Sha256);
  }
 
  // since the content and verification certificate are inside we don't need other parameters
  using (Stream inputStream = File.OpenRead(@"Data\Input.txt"))
  {
	bool verifiedSignature = dgst.VerifyStream(inputStream, signature, @"Data\public.crt");
  }
 }
}

VB.NET example

Imports System
Imports System.IO
Imports DidiSoft.OpenSsl
 
Public Class SignVerifyStream
 Public Shared Sub Demo()
  Dim signature As Byte()
 
  Dim dgst As New OpenSslDigest()
  Using inputStream As Stream = File.OpenRead("Data\Input.txt")
   signature = dgst.SignStream(inputStream, "Data\private_key.pem", HashAlgorithm.Sha256)
  End Using
 
  ' since the content and verification certificate are inside we don't need other parameters
  Using inputStream As Stream = File.OpenRead("Data\Input.txt")
   Dim verifiedSignature As Boolean = dgst.VerifyStream(inputStream, signature, "Data\public.crt")
  End Using
 End Sub
End Class

Sign/verify a byte array

C# example

using System;
using DidiSoft.OpenSsl;
 
public class SignVerifyByteArray
{
 public void Demo()
 {
  OpenSslDigest dgst = new OpenSslDigest();
  byte[] data = new byte[] { 1, 2, 3 };
 
  byte[] signature = dgst.SignBytes(data, @"Data\private_key.pem", HashAlgorithm.Sha256);
  bool signatureCheck = dgst.VerifyBytes(data, signature, @"Data\public.crt");
 }
}

VB.NET example

Imports System
Imports DidiSoft.OpenSsl
 
Public Class SignVerifyByteArray
 Public Sub Demo()
  Dim dgst As New OpenSslDigest()
  Dim data As Byte() = New Byte() {1, 2, 3}
 
  Dim signature As Byte() = dgst.SignBytes(data, "Data\private_key.pem", HashAlgorithm.Sha256)
  Dim signatureCheck As Boolean = dgst.VerifyBytes(data, signature, "Data\public.crt")
 End Sub
End Class

Summary

This tutorial chapter discussed how to create hash digest in similar to OpenSSL dgst command. When creating digest based signatures, the signature algorithm is selected depending on the asymmetric algorithm of the private key.