[英]How to verify data against signature with public key that uses sha1ecdsa?
Knowing little about cryptography I have great problems with what seems to be a simple task. 对密码学知之甚少我对看似简单的任务有很大的疑问。
I have .pem certificate, bytes of data, and signature of that data. 我有.pem证书,数据字节和该数据的签名。 I want to check if someone changed the data by matching it against signature. 我想通过匹配签名来检查是否有人更改了数据。
My try: 我的尝试:
private bool VerifySignature(byte[] data, byte[] signature)
{
try
{
X509Certificate certificate = new X509Certificate("cert_filename.pem");
if (certificate == null)
return false;
DSACryptoServiceProvider dsa = (DSACryptoServiceProvider)certificate.PublicKey.Key;
return dsa.VerifyData(data, signatureData);
}
catch
{
return false;
}
}
But it gives me an error 但它给了我一个错误
'Algorithm of certificates key is not supported' (System.NotSupportedException). '不支持证书密钥算法'(System.NotSupportedException)。
Looking into loaded certificate it says that the signature algorithm is 'sha1ecdsa'. 查看加载的证书,它表示签名算法是'sha1ecdsa'。
I am trying only to verify data against signature. 我只是想验证数据与签名。 What am I missing here? 我在这里错过了什么? I would like to do it without any external solutions as it seems to be really trivial task. 我想在没有任何外部解决方案的情况下这样做,因为它似乎是非常简单的任务。
Update: I am trying to achieve same functionality as in below Java code: 更新:我正在尝试实现与以下Java代码相同的功能:
private boolean verify(byte[] data, byte[] signature)
{
boolean isLicenseCorrect = false;
Signature sig = Signature.getInstance("SHA1WithECDSA");
sig.initVerify(certificate.getPublicKey());
sig.update(data);
return sig.verify(signature);
}
Although DSA and ECDSA are related, they are not the same. 尽管DSA和ECDSA是相关的,但它们并不相同。 Why not try ECDsaCryptoServiceProvider
? 为什么不试试ECDsaCryptoServiceProvider
? Note that the ECDSA support for Elliptic Curves only includes NIST named curves. 请注意,ECDSA对椭圆曲线的支持仅包括NIST命名曲线。
.NET 4.6.1 added improved support for ECDSA. .NET 4.6.1增加了对ECDSA的改进支持。 While I'm not a fan of your catch-everything-and-return-false, I'll keep it here for comparison: 虽然我不喜欢你的捕获 - 一切都是假的,但我会把它留在这里进行比较:
private bool VerifySignature(byte[] data, byte[] signature)
{
try
{
// new cannot return null, so no point in a null check. It would have thrown.
using (X509Certificate certificate = new X509Certificate("cert_filename.pem"))
using (ECDsa ecdsa = certificate.GetECDsaPublicKey())
using (RSA rsa = certificate.GetRSAPublicKey())
// Improved DSA is 4.6.2
{
// You said the cert was ECDSA-SHA1, but that doesn't mean the original data was.
// I assumed it was.
if (ecdsa != null)
return ecdsa.VerifyData(data, signature, HashAlgorithmName.SHA1);
if (rsa != null)
return rsa.VerifyData(data, signature, HashAlgorithmName.SHA1, RSASignaturePadding.Pkcs1);
return false;
}
}
catch
{
return false;
}
}
Note that in .NET 4.6 the RSA base class has the Sign/Verify methods defined, and in 4.6.1 the ECDsa base class got a similar treatment. 请注意,在.NET 4.6中,RSA基类定义了Sign / Verify方法,在4.6.1中,ECDsa基类得到了类似的处理。 New code shouldn't talk about the *CryptoServiceProvider types unless loading pre-existing named keys. 除非加载预先存在的命名键,否则新代码不应该讨论* CryptoServiceProvider类型。
It's also worth noting that the Get[Algorithm]PublicKey methods return null
when the public key isn't of that algorithm type, so a null-check is warranted. 还值得注意的是,当公钥不是该算法类型时,Get [Algorithm] PublicKey方法返回null
,因此需要进行空检查。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.