Developer DocumentationHTTP POSTHTTP Secure POST ProcessGenerating and Verifying an RSA Digital Signature

This guide explains how to generate and verify an RSA digital signature for Cvent HTTP Secure POST.

You need to provide a Base64-encoded RSA digital signature of a SHA-1 hash of a plain text string p, where p is similar to "email=person@example.com;timestamp=01/23/2010 15:34:30;".

You need to create a digital signature that meets these criteria in your system.

Below you’ll find an example of creating this signature in C#:

using System;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;

namespace myNamespace
{
    class myClass
    {
        static void Main(string[] args)
        {
            // Plaintext to sign
            string email = "person@example.com";
            string timestamp = System.DateTime.Now.ToUniversalTime().ToString("MM/dd/yyyy HH:mm:ss");
            string plaintext = "email=" + email + ";timestamp=" + timestamp + ";";

            // String that will contain RSA digital signature
            string RSADigitalSignature = "";

            RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();

            try
            {
                // Get private key certificate
                string privateKeyFilePath = "path to private key.pfx file, e.g., /privateKey.pfx";
                byte[] privateKeyFileBytes = System.IO.File.ReadAllBytes(privateKeyFilePath);
                string privateKeyFilePassword = "password you created for private key.pfx file";

                X509Certificate2 privateKeyCert = new X509Certificate2(privateKeyFileBytes, privateKeyFilePassword);

                // Create RSA digital signature from private key, and encode in Base64
                rsa = (RSACryptoServiceProvider)privateKeyCert.PrivateKey;
                byte[] plaintextBytes = System.Text.Encoding.ASCII.GetBytes(plaintext);
                byte[] hashOfPlaintextBytes = (new SHA1Managed()).ComputeHash(plaintextBytes);
                byte[] digitalSignatureBytes = rsa.SignHash(hashOfPlaintextBytes, "SHA1");
                RSADigitalSignature = Convert.ToBase64String(digitalSignatureBytes);
            }
            catch (Exception e)
            {
                Console.WriteLine(e.Message);
            }
            finally
            {
                rsa.PersistKeyInCsp = false;
            }
        }
    }
}

Set the Signature field of the HTTP POST form to RSADigitalSignature in the reg_signature form field. This string typically contains a few hundred characters.

Note

It’s your responsibility to handle any exceptions raised during this process.

When Cvent receives a post from an account configured with HTTP Secure POST, it performs a similar process:

using System;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;

namespace myNamespace
{
 class myClass
 {
 static void Main(string[] args)
 {
 // Plaintext to sign
 string email = "person@example.com";
 string timestamp = System.DateTime.Now.ToUniversalTime().ToString("MM/dd/yyyy HH:mm:ss");
 string plaintext = "email=" + email + ";timestamp=" + timestamp + ";";

            // String that will contain RSA digital signature
            string RSADigitalSignature = "";

            RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();

            try
            {
                // Get private key certificate
                string privateKeyFilePath = "path to private key.pfx file, e.g., /privateKey.pfx";
                byte[] privateKeyFileBytes = System.IO.File.ReadAllBytes(privateKeyFilePath);
                string privateKeyFilePassword = "password you created for private key.pfx file";

                X509Certificate2 privateKeyCert = new X509Certificate2(privateKeyFileBytes, privateKeyFilePassword);

                // Create RSA digital signature from private key, and encode in Base64
                rsa = (RSACryptoServiceProvider)privateKeyCert.PrivateKey;
                byte[] plaintextBytes = System.Text.Encoding.ASCII.GetBytes(plaintext);
                byte[] hashOfPlaintextBytes = (new SHA1Managed()).ComputeHash(plaintextBytes);
                byte[] digitalSignatureBytes = rsa.SignHash(hashOfPlaintextBytes, "SHA1");
                RSADigitalSignature = Convert.ToBase64String(digitalSignatureBytes);
            }
            catch (Exception e)
            {
                Console.WriteLine(e.Message);
            }
            finally
            {
                rsa.PersistKeyInCsp = false;
            }
        }
    }
}

By following these steps, you can generate and verify an RSA digital signature for Cvent HTTP Secure POST.

Next Steps

Read Generating Private Key & Public Key Pair.

Last updated on