RSA Signature with Azure Key cannot be verified by .NET 4.8, but working with .NET 6

[filmar25]

Hello,

Our architecture is like that :

• Web Application .NET 6 (License generator)
• .NET Standard dll (Licensing generator)
• Web Application ASP.NET MVC 4.7.2 (Distributed application)
• .NET Standard dll (Licensing validator)

So we have a solution that contains all work to manage Licensing. We generate two nuget package for the two dlls, then we add package to both applications.

The .NET 6 Web Application references both dll generator and validator

Our ASP.NET MVC 4.7.2 distributed application references only the dll validator

The byte[] license generated by .NET 6 is signed with Azure Key Vault key 4096 bits:

CryptographyClient.SignData(SignatureAlgorithm.PS512...

The dll validator make this operation :

using (var rsa = RSA.Create()) { rsa.FromXmlString(LicensePublicKeyXml); return rsa.VerifyData(license.ToBytes(), license.Signature, HashAlgorithmName.SHA512, RSASignaturePadding.Pss); }

This code is working well if I use a console application .NET 6, but not with a console application .NET Framework 4.7.2 or 4.8 :

System.Security.Cryptography.CryptographicException: 'Specified padding mode is not valid for this algorithm.'

For both console applications I use the same license byte[]

Can anyone can explain why it is not working in .NET 4.7.2 or 4.8 ?

Thank you !

[akoeplinger]

RSA.Create() on .NET Framework will use RSACryptoServiceProvider as the underlying implementation which doesn't support this mode: https://stackoverflow.com/questions/45696437/net-rsa-sign-data-error-with-pss-padding

It looks like if you pass a key size e.g. RSA.Create(4096) then .NET Framework will use RsaCng underneath which supports that mode.

[filmar25]

Thank you for your answer akoeplinger !

RSA.Create(4096) is not a valid construction in .NET Standard.

But, I change implementation to use RSACng and now it is working well.

Thank you again !