[C# .NET] Certificates question

[growse]

I'm trying to figure out how to do something with data signing and C# .net.

I've got a CA using Microsoft Server 2003 CA, and the web console works so that users can generate their own certificates and store the keys locally. Now, if Alice (for example ) wants to send some data to Bob, she takes the data, and using .NET's RSACryptoServiceProvider she signs the data.

My problem is that when Bob gets the data and the signature, how does he (a) get Alice's certificate from the CA, and (b) know that it's Alice's certificate that he needs?

I've thought about the (b) problem and concluded that Alice needs to send her name, or something unique about her, that would allow Bob to get the right cert.

But my main problem is programatically getting that cert from the CA. I can't expect every user to have every other user's cert installed. The only thing every user has is the CA cert. So, does Alice send her cert (signed by the CA) along with the message? Then Bob gets it, verifies Alice's cert with the CA cert, and then uses Alice's cert to verify the message? If so, how do I verify a signed certificate using RSACryptoServiceProvider?

 

[dan0r2]

Not 100% on your requirements digital signatures and data encryption are quite different. Heres a basic example of digital signatures.

The problem...
Bob is at home and is going to be cooking for Alice tonight. Bob has asked Alice to send him the recipe for her favourite meal. Alice wants to ensure that Bob not only receives her recipe but also is pretty damn certain it came from her.

Before Alice can do this she must using RSA obtain the following:
- Private key (kept in Alice's biometric safe that only she has access to)
- Public key (sent to all Alice's friends)

Alice only has to do this once, and is now able to sign any documents she wishes to send - to Bob or anyone else.

Alice now wishes to send Bob 'recipe.doc'. For this document a file hash is calculated (document fingerprint). This is then used to sign the document by encrypting this using Alice's private key. This gives Alice a digital signature for this document.

The document is then sent to Bob via email as attachment with the digital signature and public key at the bottom of the email.

Bob checks his email and notices Alice's document - 'recipe.doc'. First he finds the digital signature and public key. Next he calculates the file hash (document fingerprint) of the document. Using Alice's public key he decrypts the digital signature and compares this result with the file hash he calculated. They match and now he is pretty damn certain it is from Alice and can now start cooking.


Enter Mallory....
Mallory is jealous that Bob is cooking for Alice. While Bob is out at the bank Mallory sneaks into Bob's house and uses his computer. Mallory sees the email from Alice and opens it:
- 2 slices of toast
- 1 tin of baked beans

Mallory edits 'recipe.doc' to the following and saves it:
- 2 slices of toast
- 1 tin of spam

Mallory now makes a quick exit leaving Bob's house as he left it. When Bob returns he checks his email and notices Alice's document - 'recipe.doc'. First he finds the digital signature and public key. Next he calculates the file hash (document fingerprint) of the document. Using Alice's public key he decrypts the digital signature and compares this result with the file hash he calculated. They DON'T match and he knows this isn't the document Alice sent!


Enter Mallory (act 2)....
Mallory sends Bob a digitally signed (using her own RSA keys) file via email - '10_reasons_I_hate_Bob.doc'. Mallory sends this from Alice's email account.

Bob checks his email, performs all the jazz and the results match. Bob starts to get worried... until he notices that Alice seems to have a new public key - it doesn't match any of her previous emails. Bob phones Alice and asks if she has recently got a new public key - she replies 'no' and Bob now knows it was not Alice who sent the email and mentions nothing about it.

 

[growse]

I understand signatures, and I understand encryption. I'm just thinking about the implementation, and how specifically it can be done with C# .NET. I've decided that attaching the certificate to my data along with the signature is the right thing to do. The receiver would have to then check the validity of the certificate, by checking that it's signed by the root CA (for which everyone has a cert).

The System.Security.Cryptography.X509 namespace has some useful bits in it for processing certificates - I just need to figure out how to get it to play with RSACryptoServiceProvider and then I can get on with signing stuff.