Collectives™ on Stack Overflow

Find centralized, trusted content and collaborate around the technologies you use most.

Teams

Q&A for work

Connect and share knowledge within a single location that is structured and easy to search.

I'm trying to compute the ECDSA signature of some data in C# (within a Unity project, using Bouncy Castle) using an existing private key (the private key having been generated using openssl ecparam -name prime256v1 -genkey -noout -out eckey.pem in terminal on macOS).

This is for the purpose of connecting to Apple's CloudKit as described under 'Authenticate Web Service Requests' here .

At the moment I'm trying with this, but the CreateKey fails with an IOException extra data found after object , thrown from Asn1Object.cs:24.

string privateKey = "<contents (within the BEGIN and END markers) of the privatekey.pem file I've previously generated>";
var key = PrivateKeyFactory.CreateKey(Encoding.UTF8.GetBytes(privateKey));
var data = Encoding.UTF8.GetBytes("some data here");
var signer = SignerUtilities.GetSigner("SHA256withECDSA");
signer.Init(true, key);
signer.BlockUpdate(data, 0, data.Length);
var signature = signer.GenerateSignature();
Debug.Log(signature);
I've tried keeping the newline characters in the private key string, as well as removing them - both give the same result.
Any assistance in loading the key correctly would be awesome, and then secondly how to correctly call GetSigner to get the correct EDCSA signer to generate the signature I need (as I'm sure SHA256withECDSA is wrong, but I can't see in the source code what I should use).
Edit:
I've tried using PemReader and been able to load the private key. I'm now just trying to work out how to use the correct signer.
                I think you're using the correct signer already. Perhaps check the code here: developer.apple.com/forums/thread/35671 to see if you're building the signature input data correctly, and also base64-encoding the signature itself.
– Peter Dettman
                Dec 8, 2020 at 6:57
                Thanks @PeterDettman, that link and the example code there highlighted the problem I had (incorrectly generating the Base64 hashed signature) after sorting out the private key loading using PemReader.
– sillygalahgames
                Dec 9, 2020 at 1:08
        
Thanks for contributing an answer to Stack Overflow!
Please be sure to answer the question. Provide details and share your research!
But avoid …
Asking for help, clarification, or responding to other answers.
Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.