I have a little problem. I want to verify the integrity of a certificate.
So I did this code:
using System.Security.Cryptography;
using System.Runtime.InteropServices;
using System.Security.Cryptography.X509Certificates;
SHA1Managed sha1 = new SHA1Managed();
RSACryptoServiceProvider csp = null;
AsymmetricAlgorithm rsaAlgo = certificatEnCours.PublicKey.Key;
byte[] data = null;
byte[] hash = null;
string keyPublic = "";
string signatureLikeInteger = "";
bool verif = false;
// ------------- PART 1 -------------
signatureLikeInteger = certificatEnCours.Thumbprint;
data = Convert.FromBase64String(signatureLikeInteger);
// ------------- PART 2 -------------
hash = sha1.ComputeHash(certificatEnCours.RawData);
keyPublic = rsaAlgo.ToXmlString(false);
csp = new RSACryptoServiceProvider();
csp.FromXmlString(keyPublic);
// ------------------------------
verif = csp.VerifyData(hash, CryptoConfig.MapNameToOID("SHA1"), data);
My problem its that i already have the value "false" on my variable "verif".
There is no actual question here. You are right that you are unconditionally ignoring the initial value of verif. More importantly, have you considered using X509Certificate2 to do verification?:
X509Certificate2 x2 = new X509Certificate2(certificatEnCours);
bool verif = x2.Verify();
I think this is wiser than re-inventing the wheel.
EDIT: If you are verifying a chain of certificates I believe you want to use X509Chain and in particular the ChainStatus property.