# Alice, Bob & Eve: Digital signatures using RSA

The RSA algorithm can be used not only for encryption, but also for digital signatures. Digital signature will allow you to verify that certain message was not modified. That's important - _digital signature does not protect data from being modified_! It only allows you to know if it happened, once you verify the signature.

How it works? It's basically reverse encryption. When Alice wants to send Bob signed message:

1. Alice computes hash (today usually using SHA-256) of the message.
2. Alice encrypts the hash using her _private_ key (for real encryption, _public_ key is used). Signature is the encrypted hash.
3. Alice sends the message and the signature to Bob.
4. Bob computes hash of the message using the same algorithm.
5. Bob decrypts the signature using Alice's public key.
6. Bob compares the computed hash with decrypted signature. If the values are equal, the message was not altered.

## Alice

Alice will start with generating RSA key pair:

In [3]:
using System.Security.Cryptography;

const int KEY_SIZE = 2048; // Key size in bits - 2048 is a common choice today

var rsa = RSA.Create(KEY_SIZE);

// Export keys in PEM (text) format
var publicKeyPem = rsa.ExportSubjectPublicKeyInfoPem();
var privateKeyPem = rsa.ExportPkcs8PrivateKeyPem();

// Display the keys
Console.WriteLine("Alice's Private Key:");
Console.WriteLine(privateKeyPem);

Alice's Private Key:
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCnlAtoJNoGteOe
X7qdwWLoPitm8kuzpSANjdP/FXfXgSqWyZ65j5enpKMqzDU80s0G81/gix7SyMRC
pvqV+E1n/LvNcKNueMZoBHTsxzWdzlr3+nKzcX4ynuhbfZJPKSFfCw5bVV/NyZg/
qD0KWMUgoaYVO+ypr+B8GOXqTLoQmGX/cf9swTyi3Bhwb//SUxAnoN2+J+LK1nqG
ZOOBrQgWoFytH8RUcpx1bP0g39jAHcTjBkCI0lG8x3B/9qiO9+y43Vb6mSNEx9Kq
xMUTb1OiY3alEsA3U/QxCC8XN9u0a0CDI8EeEGUhrj5lDh38XFvxezMycJOTlUEg
Cnwiv6QZAgMBAAECggEAVHM8CGDB6y3QpqhxgDzL3mQuNTQXyFGHxKzb0Cn+egEi
+Fhk//iIIbjLba75iUxmfIE7qQoTH4CDv18s21UFlUj9T7va8Lo2qobMceK2d29d
0qhJE3s3cMU6LZkrmW8N3TrSIl70590XN8VN9Z/kv9wWuY64Zo82nvNhMmE2R1Pk
2wboWGApDTYOJBh8kMbxX8FNcBP9W4DSjtBCD0zOkhkzvNaM3TtP93zrOVgoVrUj
3BFfJ4TvokHy/fHwuigHUe8jZMv7GX6O6QgVjubVKNsmePLP5gZW+wWfupBd422a
Ucm0reju1wwUyLhwHS2bQkLuIb+o6s6wqG7FWAmnnQKBgQDFbz0rA9B//Rcet1rd
I0dCfKtyQqZAGJ/mIsk7BQoJN7SBZf/2N9YCbkJeS0/qd1y2xQUUPqDOewc4UQlc
/lW93LtbHNf/f2TK4C8AmFIXs7H9P9IMdq8y70JFLL+dUd35q2ufao/vq3kWzyIP
8iAhy5RLy6B9QzTe38hm4TWUBwKBgQDZSZYypbDNK

In [4]:
Console.WriteLine("Alice's Public Key:");
Console.WriteLine(publicKeyPem);

Alice's Public Key:
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp5QLaCTaBrXjnl+6ncFi
6D4rZvJLs6UgDY3T/xV314EqlsmeuY+Xp6SjKsw1PNLNBvNf4Ise0sjEQqb6lfhN
Z/y7zXCjbnjGaAR07Mc1nc5a9/pys3F+Mp7oW32STykhXwsOW1VfzcmYP6g9CljF
IKGmFTvsqa/gfBjl6ky6EJhl/3H/bME8otwYcG//0lMQJ6DdvifiytZ6hmTjga0I
FqBcrR/EVHKcdWz9IN/YwB3E4wZAiNJRvMdwf/aojvfsuN1W+pkjRMfSqsTFE29T
omN2pRLAN1P0MQgvFzfbtGtAgyPBHhBlIa4+ZQ4d/Fxb8XszMnCTk5VBIAp8Ir+k
GQIDAQAB
-----END PUBLIC KEY-----


The keys are the same for encryption, digital signatures and eventually authentication. The algorithm is the same. But it is unsafe to use single key pair for multiple purposes, although it's technically possible.

Alice will now sign the message. The hashing of message and encryption will happen in the `SignData` method:

In [20]:
var messageText = "Bob, I love you!";
var messageBytes = System.Text.Encoding.UTF8.GetBytes(messageText);
Console.WriteLine($"Original Message: {messageText}");
Console.WriteLine();

// Sign the message
var signatureBytes = rsa.SignData(messageBytes, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
var signatureText = Convert.ToBase64String(signatureBytes, Base64FormattingOptions.InsertLineBreaks);
Console.WriteLine($"Signature:");
Console.WriteLine(signatureText);

Original Message: Bob, I love you!

Signature:
LA9pgk15x2eWfARdifpwwiplWl1uqB8fAAIwyuG085RU+n/IPZDazHVzimcC4s54v1ic9Cstuf2S
TFOC1d252GEBmOeti4eDs8LFCy2CnkpCzGcHxwQn9zxNqCjOehlU2PdXcvVSWYQmuq+K60w6KZAW
7NVdU+mr2CQahxS42GWVa1jMRBTIg2WoHeBqW/7H4e6AeoXdJznAf/uCDlnrzw0EUD76xXZ8jgru
Jc8J9dyrNvXvufrmXXSYq0VKKLGFFnkXnj+mMx2BKPaX92XJdzyY+sNk1BqAgpaxPzOlIk36AFkn
snMIPZU/E9jOMKHFAS7nQmwxK2+/iwXv4/4qVg==


## Bob

Bob needs Alice's public key and then he will use it to verify the message signature. If the message matches the signature, the function will return `true`. Otherwise will return `false`:

In [25]:
// Function to verify the signature
public bool VerifySignature(string publicKeyPem, string messageText, byte[] signatureBytes) {
    // Create RSA instance for verification using the public key
    var rsaForVerification = RSA.Create();
    rsaForVerification.ImportFromPem(publicKeyPem);

    // Convert message text to bytes
    var messageBytes = System.Text.Encoding.UTF8.GetBytes(messageText);

    // Verify the signature
    return rsaForVerification.VerifyData(
        messageBytes,
        signatureBytes,
        HashAlgorithmName.SHA256,
        RSASignaturePadding.Pkcs1);
}

Console.WriteLine($"Is 'Bob, I love you!' valid? {VerifySignature(publicKeyPem, "Bob, I love you!", signatureBytes)}");
Console.WriteLine($"Is 'Bob, I hate you!' valid? {VerifySignature(publicKeyPem, "Bob, I hate you!", signatureBytes)}");

Is 'Bob, I love you!' valid? True
Is 'Bob, I hate you!' valid? False
