使用预先存在的私钥对文件签名以创建证书(C#)
[英]Using a pre-existing private key to sign file to create a certificate (C#)
问题描述
I have read round all the articles on StackOverflow and while a lot of them come close to the solution I want, none appear to work. 
我已经阅读了关于StackOverflow的所有文章,尽管其中有许多文章都接近我想要的解决方案,但似乎都没有用。
I simply want to take an existing private key to create a signature of a piece of data. 我只是想利用一个现有的私钥来创建一段数据的签名。 This then becomes part of a data file which includes a header describing the parameters used. 然后,它成为数据文件的一部分,该文件包括描述所用参数的标头。 Next comes the signed version of a datafile, lastly the datafile itself (a hex file). 接下来是数据文件的签名版本,最后是数据文件本身(十六进制文件)。 Concatentation of files is not the issue, generating a certificate using the private and public key pairs I have is. 文件的合并不是问题,使用我拥有的私钥和公钥对生成证书是没有问题的。 The keys are of the format ("-----BEGIN PRIVATE KEY-----") I can generate signature files easily enough from scratch, but the software that will read the final file is expecting a 256 bye signature, whereas mine (using RSA-256) is only producing 32 byte signatures. 密钥的格式为(“ ----- BEGIN PRIVATE KEY -----”),我可以很容易地从头开始生成签名文件,但是读取最终文件的软件期望使用256 bye签名,而我的(使用RSA-256)仅产生32个字节的签名。 It only has access to the public key for decryption and validation of the file signature. 它只能访问公用密钥以解密和验证文件签名。
I have come up across a number of errors such as keysets not being valid, not existing, the ComputeHash function not working and causing a crash. 我遇到了许多错误,例如键集无效,不存在,ComputeHash函数无法正常工作并导致崩溃。 I suspect I need to provide more information to my RSACryptographicService through CSPParameters but am not sure what is necessary and sufficient to do so. 我怀疑我需要通过CSPParameters向我的RSACryptographicService提供更多信息,但是不确定这样做是否必要和足够。 I would like to avoid digging into the mathematics behind the algorithm such as manually setting/reading the modulus / P/Q values etc. Can anyone propose a simple way to do this or tell me where I am going wrong? 我想避免深入研究算法背后的数学原理,例如手动设置/读取模数/ P / Q值等。有人可以提出一种简单的方法来做到这一点,或者告诉我我要去哪里了吗? Code is available on request. 可根据要求提供代码。
1 个解决方案
解决方案1
2 已采纳 2018-09-19 11:28:23
The comments you are getting saying 256-byte signature is too long are absurd. 您得到的评论说256字节签名太长是荒谬的。 Ignore those. 忽略那些。
256 bit (32 bytes) would be a very small signature, that cannot be correct. 256位(32字节)将是一个很小的签名,这是不正确的。 I believe what you're actually looking for is 2048-bit (256-byte) RSA signatures. 我相信您真正要寻找的是2048位(256字节)RSA签名。 Those are more sensible by today's standards (though a step larger doesn't hurt). 按照当今的标准,这些设置更为合理(尽管增大一点不会造成伤害)。
In terms of importing your key, and not setting key components manually, you should look into "PEM" format RSA keys. 在导入密钥而不是手动设置密钥组件方面,您应该查看“ PEM”格式的RSA密钥。 There are several nuget packages out there to handle them. 有几个nuget软件包可以处理它们。 Otherwise you can strip the header/footer and decode the base64 yourself and import the key components with some of the built in X509 classes. 否则,您可以剥离页眉/页脚并自行解码base64,并使用一些内置的X509类导入关键组件。
.NET does not natively support PEM format keys, and as such, I recommend using a reputable crypto library such as BouncyCastle, as they support PEM key parsing in their RSA algorithms. .NET本机不支持PEM格式密钥,因此,我建议使用信誉良好的加密库,例如BouncyCastle,因为它们在其RSA算法中支持PEM密钥解析。
This existing stackoverflow link describes how to import keys in BouncyCastle: Reading PEM RSA Public Key Only using Bouncy Castle 这个现有的stackoverflow链接描述了如何在BouncyCastle中导入密钥: 仅使用Bouncy Castle读取PEM RSA公共密钥
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.