# Alice, Bob & Eve: Digital signatures using RSA

The RSA algorithm can be used not only for encryption, but also for digital signatures. Digital signature will allow you to verify that certain message was not modified. That's important - _digital signature does not protect data from being modified_! It only allows you to know if it happened, once you verify the signature.

How it works? It's basically reverse encryption. When Alice wants to send Bob signed message:

1. Alice computes hash (today usually using SHA-256) of the message.
2. Alice encrypts the hash using her _private_ key (for real encryption, _public_ key is used). Signature is the encrypted hash.
3. Alice sends the message and the signature to Bob.
4. Bob computes hash of the message using the same algorithm.
5. Bob decrypts the signature using Alice's public key.
6. Bob compares the computed hash with decrypted signature. If the values are equal, the message was not altered.

## Alice

Alice will start with generating RSA key pair:

In [1]:
using System.Security.Cryptography;

const int KEY_SIZE = 2048; // Key size in bits - 2048 is a common choice today

var rsa = RSA.Create(KEY_SIZE);

// Export keys in PEM (text) format
var publicKeyPem = rsa.ExportSubjectPublicKeyInfoPem();
var privateKeyPem = rsa.ExportPkcs8PrivateKeyPem();

// Display the keys
Console.WriteLine("Alice's Private Key:");
Console.WriteLine(privateKeyPem);

Alice's Private Key:
-----BEGIN PRIVATE KEY-----
MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC8PqjAXLBJw9kC
iPAVM986h4Q5Yj81oj8ukBSCJPy+5E3Np/tMDVgHU1f4T47x/0GqqnM6G0gRUwhz
pE/umOReK63H49ZmUGKu+Dj1oLTob6clW7wylsqU6cy5jtA3eabAZ0/6X1Ef3Du+
gPOlkp40bSNsUSLnR1Lzt8dNbK9cAJT5D9dt093Qy/XntB/Shq8GGp/9+o74jFeb
+rVXnADhm9S8yPrT/VEcgbc5e6TBgy3PdBnIbcRfbNqZ449hnJySSCbVpa5tQewJ
hM8Jmt4nJ48fTlojgojsos/dENhlOJtkoyrsx2NjQMNmfvhvMeZxoZF5HXTbmlSy
zGMVz/XNAgMBAAECggEAR7GVk625dl6gx9ZfmbOn0SLLuQ8yA7tHVPSK2wY7PHi3
KRxRGSX74M5dMrUaPBB7cgR43iiFyhNVpLVvu+9/Cl6YUQj1HwJ+kyT2jJYoUF41
yoSlqJ7FiPGChyldI8OxPpYaX8DtpLS8DFIQeX7dwhnO4/IC2RLRBQF5ZoN+RgtK
NxGlyhK6TTTkVbpiuIGmkOGeoaQM6+Fk4TaDg5OXrWss0cp9RqJsFk3umTuKL7jn
3tmlCC3KtSnZXwduTzTDNGXRgNczeoykLD1asIipPzGd4UoJ7vxtM6/7Pd7+iBhI
77zfE/s1uKPI2ymnenM9GxSPmh650CZVlRchntv6AQKBgQDCJeWXE3r6rkYAzBqO
85BKw2VTb4A0BMbjzq9fjIeEqIuYuzA7ZDd6ygG+gT7mo9nrK/YFdNu7/BoJueM0
eE6xfZ6kz3x5WNkC+gU2LivsGXlyDwaHDL8/lPgSSTHVNhvyQPwvvXlpF7JR6sR9
C3qTrHdNtWaDVZUrkQHVni39+wKBgQD4N09e632Z8

In [2]:
Console.WriteLine("Alice's Public Key:");
Console.WriteLine(publicKeyPem);

Alice's Public Key:
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvD6owFywScPZAojwFTPf
OoeEOWI/NaI/LpAUgiT8vuRNzaf7TA1YB1NX+E+O8f9BqqpzOhtIEVMIc6RP7pjk
Xiutx+PWZlBirvg49aC06G+nJVu8MpbKlOnMuY7QN3mmwGdP+l9RH9w7voDzpZKe
NG0jbFEi50dS87fHTWyvXACU+Q/XbdPd0Mv157Qf0oavBhqf/fqO+IxXm/q1V5wA
4ZvUvMj60/1RHIG3OXukwYMtz3QZyG3EX2zameOPYZyckkgm1aWubUHsCYTPCZre
JyePH05aI4KI7KLP3RDYZTibZKMq7MdjY0DDZn74bzHmcaGReR1025pUssxjFc/1
zQIDAQAB
-----END PUBLIC KEY-----


The keys are the same for encryption, digital signatures and eventually authentication. The algorithm is the same. But it is unsafe to use single key pair for multiple purposes, although it's technically possible.

Alice will now sign the message. The hashing of message and encryption will happen in the `SignData` method:

In [3]:
var messageText = "Bob, I love you!";
var messageBytes = System.Text.Encoding.UTF8.GetBytes(messageText);
Console.WriteLine($"Original Message: {messageText}");
Console.WriteLine();

// Sign the message
var signatureBytes = rsa.SignData(messageBytes, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
var signatureText = Convert.ToBase64String(signatureBytes, Base64FormattingOptions.InsertLineBreaks);
Console.WriteLine($"Signature:");
Console.WriteLine(signatureText);

Original Message: Bob, I love you!

Signature:
W3PbXehb12TKX59/JxGjJTdylTT+BHMAbRqnd8mbOFTp2nIvdfyelDXhTqNjFiIBBpNL62Uq6y6h
hzF4/CwShNzS5km5BO24xp487oGT5s3qPcdt1k/NUFUfIDnatnDIz2sgQhy7TdpOclZ+wvFiI1GW
Z7PPPXxIfaieDGA2lAQz2KC6Z/8ai4Y8teOXUYQS5cUfrc8zroHZIbZV1mgXSQkCnMjXxhvQ8jAa
5TitY8IPkNZZ+D0r35f8Am4rakc81dFSN2GasxoTCg5DCCWKhdYSjk7syCWpC2Z3BQUWZ5TEy/YS
WLCqf2OvlwhXKZVWs3Zn7CIYd33qPLq/UOH8aA==


## Bob

Bob needs Alice's public key and then he will use it to verify the message signature. If the message matches the signature, the function will return `true`. Otherwise will return `false`:

In [4]:
// Function to verify the signature
public bool VerifySignature(string publicKeyPem, string messageText, byte[] signatureBytes) {
    // Create RSA instance for verification using the public key
    var rsaForVerification = RSA.Create();
    rsaForVerification.ImportFromPem(publicKeyPem);

    // Convert message text to bytes
    var messageBytes = System.Text.Encoding.UTF8.GetBytes(messageText);

    // Verify the signature
    return rsaForVerification.VerifyData(
        messageBytes,
        signatureBytes,
        HashAlgorithmName.SHA256,
        RSASignaturePadding.Pkcs1);
}

Console.WriteLine($"Is 'Bob, I love you!' valid? {VerifySignature(publicKeyPem, "Bob, I love you!", signatureBytes)}");
Console.WriteLine($"Is 'Bob, I hate you!' valid? {VerifySignature(publicKeyPem, "Bob, I hate you!", signatureBytes)}");

Is 'Bob, I love you!' valid? True
Is 'Bob, I hate you!' valid? False
