RSAFormatter.SetHashAlgorithm();

But we got our HashValue[] with SHA.Does RSAFormatter.SetHashAlgorithm() again do a SHA operation?

I have spent the past day trying to figure out the difference between using the RSAPKCS1SignatureFormatter to generate the Signature and creating a hash (SHA1) an then using RSACryptoServiceProvider to encrypt.

When you setting the hash algorithm on the formatter RSAFormatter.SetHashAlgorithm("SHA1"); before the encryption takes place, a hash still NEEDS to be generated using the algorithm indicated as it expects to ge the Hash Value. It's a little misleading but it may just use the "SHA1" string to verify whether the hash it was provided was truly an SHA1 has. I don't know.

This is per the document specification provided in this thread.

Steps:

1. EMSA-PKCS1-v1_5 encoding: Apply the EMSA-PKCS1-v1_5 encoding operation (Section 9.2) to the message M to produce an encoded message EM of length k octets:

EM = EMSA-PKCS1-v1_5-Encode (M, k) .

If the encoding operation outputs “message too long,” output “message too long” and stop. If the encoding operation outputs “intended encoded message length too short,” output “RSA modulus too short” and stop.

2. RSA signature:

a. Convert the encoded message EM to an integer message representative m (see Section 4.2):

m = OS2IP (EM) .

b. Apply the RSASP1 signature primitive (Section 5.2.1) to the RSA private key K and the message representative m to produce an integer signature representative s:

s = RSASP1 (K, m) .

c. Convert the signature representative s to a signature S of length k octets (see Section 4.1):

S = I2OSP (s, k) .

3. Output the signature S.

So, the general idea is, if you're creating a signature use the RSAFormatter approach. If you really need to encrypt the data, then use the RSACryptoServiceProvider.Encrypt() method.

-Paul