[英]Digital signature in c# without using BouncyCastle
Without using 3rd party BouncyCastle library, is there a way to read a custom private key and sign the message ? 在不使用第三方BouncyCastle库的情况下,有没有办法读取自定义私钥并对消息签名? (sha256 hash+encryption using private key)
(使用私钥进行sha256哈希+加密)
Technically, yes. 从技术上讲,是的。 Depending on what kind of key you have the answer gets more tricky.
根据您拥有哪种键,答案会变得更加棘手。
Edit (2019-Oct): .NET Core 3.0 has built-in support for all of these formats, in their DER-encoded (vs PEM-encoded) forms. 编辑(2019年10月):. NET Core 3.0以DER编码(相对于PEM编码)形式对所有这些格式均提供内置支持。 I'm adding the .NET Core 3.0+ answers after a sub-heading within each file format.
我在每种文件格式的子标题后添加.NET Core 3.0+答案。
If you have this type of file, and you're on .NET 4.6 or higher, then yes. 如果您拥有这种类型的文件,并且您使用的是.NET 4.6或更高版本,则可以。 You need to have the DER encoded (vs PEM encoded) data blob (see below if it's PEM).
您需要具有DER编码(相对于PEM编码)的数据blob(如果是PEM,请参见下文)。
using (CngKey key = CngKey.Import(blob, CngKeyBlobFormat.Pkcs8PrivateBlob))
using (RSA rsa = new RSACng(key))
{
return rsa.SignData(data, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
}
4.6 is required for for RSA, 4.6.1 for ECDSA, 4.6.2 for DSA. RSA需要4.6,ECDSA需要4.6.1,DSA需要4.6.2。
The ImportPkcs8PrivateKey
method is declared on AsymmetricAlgorithm
, and all asymmetric built-in types ( RSA
, DSA
, ECDsa
, ECDiffieHellman
) support it. ImportPkcs8PrivateKey
方法在AsymmetricAlgorithm
上声明,并且所有非对称内置类型( RSA
, DSA
, ECDsa
, ECDiffieHellman
)都支持该方法。
using (RSA rsa = RSA.Create())
{
rsa.ImportPkcs8PrivateKey(blob, out _);
return rsa.SignData(data, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
}
Congratulations, your private key transport is strong. 恭喜,您的私钥传输很强大。 Sadly, this requires the maximum amount of code to be written if you want to actually handle it.
可悲的是,如果您想实际处理它,则需要编写最大数量的代码。 You don't want to handle it.
您不想处理它。 You really, really, want to
你真的,真的,想要
See How is a private key encrypted in a pem certificate? 请参阅如何在pem证书中加密私钥? , and then continue to the next section for the primer on the hard way.
,然后继续进行下一部分的入门。 You have a lot more work than it will talk about, though.
但是,您要做的工作比谈论的要多得多。 You need to read the file, understand the encryption scheme and parameters, decrypt the blob, then use CNG for reading the PKCS#8, or just keep diving down the rabbit hole and enjoy your file parser.
您需要阅读文件,了解加密方案和参数,解密Blob,然后使用CNG读取PKCS#8,或者只是继续钻探兔子洞并享受文件解析器的乐趣。
The ImportEncryptedPkcs8PrivateKey
method is declared on AsymmetricAlgorithm
, and all asymmetric built-in types ( RSA
, DSA
, ECDsa
, ECDiffieHellman
) support it. ImportEncryptedPkcs8PrivateKey
方法在AsymmetricAlgorithm
上声明,并且所有非对称内置类型( RSA
, DSA
, ECDsa
, ECDiffieHellman
)都支持该方法。
using (RSA rsa = RSA.Create())
{
rsa.ImportEncryptedPkcs8PrivateKey(password, blob, out _);
return rsa.SignData(data, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
}
You're at the unfortunate confluence of "relatively simple" and "relatively hard" that is known to math majors as "an exercise left to the reader". 不幸的是,“相对简单”和“相对困难”的融合被数学专业的学生称为“留给读者的练习”。
Strongly consider doing the PFX approach from EncryptedPrivateKeyInfo. 强烈考虑使用EncryptedPrivateKeyInfo的PFX方法。 Alternatively, you can do this in custom code.
或者,您可以在自定义代码中执行此操作。 Custom code?
自定义代码? Okay, let's do this.
好吧,让我们这样做。 The reference texts that you need at this point are
此时您需要的参考文本是
Okay, let's proceed. 好吧,让我们继续。
byte[]
for the key object. byte[]
作为键对象。 For step 4, there are some things to be careful about. 对于步骤4,有些事情要小心。 Specifically, the ASN.1/DER INTEGER components have two rules that RSAParameters does not like.
具体来说,ASN.1 / DER INTEGER组件具有RSAParameters不喜欢的两个规则。
.NET wants the values as big-endian byte arrays (which is the same byte order as the DER encoding) with the following relationship: .NET希望这些值成为具有以下关系的大端字节数组(与DER编码的字节顺序相同):
The ImportRSAPrivateKey
method is declared on RSA
, and since it parses data and calls ImportParameters
it works for all RSA
derived types (assuming they already supported parameter import). ImportRSAPrivateKey
方法在RSA
上声明,并且由于它解析数据并调用ImportParameters
因此它适用于所有RSA
派生类型(假设它们已经支持参数导入)。
using (RSA rsa = RSA.Create())
{
rsa.ImportRSAPrivateKey(blob, out _);
return rsa.SignData(data, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
}
Determine what RFC defines the ASN.1 structure for your key format, then keep that in mind and evaluate the RSAPrivateKey section. 确定哪种RFC为您的密钥格式定义了ASN.1结构,然后牢记这一点并评估RSAPrivateKey部分。
DSAParameters and ECParameters each have their own spatial expectations. DSAParameters和ECParameters每个都有自己的空间期望。
Some of these include not-always-elegant, but frequently functioning code: 其中一些包括并非总是优雅但经常运行的代码:
Microsoft provides a class SignedXML to sign files. Microsoft提供了一个SignedXML类来对文件进行签名。 To know more, checkout https://msdn.microsoft.com/en-us/library/system.security.cryptography.xml.signedxml(v=vs.110).aspx
要了解更多信息,请检出https://msdn.microsoft.com/zh-cn/library/system.security.cryptography.xml.signedxml(v=vs.110).aspx
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.