M
Marian Dvorsky
There are two methods in RSACryptoServiceProvider to verify signed data:
VerifyData(byte[] buffer, object halg, byte[] signature)
VerifyHash(byte[] rgbHash, string str, byte[] rgbSignature)
What is not clear to me is, why the second method (VerifyHash()) needs OID
of used
hash algorithm. Probably, it is used to compare it to the OID saved in a
signature.
But, when there is OID to compare to, then why VerifyData needs the
HashAlgorithm
object instance, when the OID of used hash algorithm is written in
signature?
If my assumptions are right, then VerifyData needs only buffer and
signature. It can decode
OID of used hash algorithm from a signature and compute hash with apropriate
HashAlgorithm.
Can anybody clarify that to me?
Thanks.
Marian
VerifyData(byte[] buffer, object halg, byte[] signature)
VerifyHash(byte[] rgbHash, string str, byte[] rgbSignature)
What is not clear to me is, why the second method (VerifyHash()) needs OID
of used
hash algorithm. Probably, it is used to compare it to the OID saved in a
signature.
But, when there is OID to compare to, then why VerifyData needs the
HashAlgorithm
object instance, when the OID of used hash algorithm is written in
signature?
If my assumptions are right, then VerifyData needs only buffer and
signature. It can decode
OID of used hash algorithm from a signature and compute hash with apropriate
HashAlgorithm.
Can anybody clarify that to me?
Thanks.
Marian