如何在C#中验证数字签名
[英]How to verify digital signature in C#
问题描述
I am new here.
我刚来这地方。
I am learning the digital signature in C#.我正在学习 C# 中的数字签名。 The certificates are generated followed by this document .生成证书后是本文档。 Other documents I read: RSACng , X509Certificate2 .我阅读的其他文件: RSACng , X509Certificate2 。
I am working on Windows 10 Pro 1809, .Net Core 2.1, VSCode.我正在使用 Windows 10 Pro 1809、.Net Core 2.1、VSCode。
class Program
{
static void Main(string[] args)
{
var passwd = "password";
// Get client certificate.
var clientCertPath = @"./Certificates/test.pfx";
var clientCert = new X509Certificate2(clientCertPath, passwd);
// Get server certificate.
var serverCertPath = @"./Certificates/test.cer";
var serverCert = new X509Certificate2(serverCertPath);
// Generate data.
var translateResultData = BuildData();
var content = String.Join('&', translateResultData.Select(p => String.Join('=', p.Key, p.Value)));
// Sign
var sign = SignatureUtil.Sign(data: content, clientCert: clientCert);
// translateResultData.TryAdd(key: "sign", value : sign);
// Copy content ONLY for test.
var checkSign = sign;
var checkContent = content;
// Verify
var valid = SignatureUtil.Verify(data: checkContent, signature: checkSign, serverCert: serverCert);
System.Console.WriteLine(valid);
}
}
public class SignatureUtil
{
public static string Sign(string data, X509Certificate2 clientCert)
{
using(var privateKey = clientCert.GetRSAPrivateKey())
{
var dataByteArray = Encoding.UTF8.GetBytes(data);
var signatureByteArray = privateKey.SignData(
data: dataByteArray,
hashAlgorithm: HashAlgorithmName.SHA256,
padding: RSASignaturePadding.Pkcs1);
return Convert.ToBase64String(signatureByteArray);
}
}
public static bool Verify(string data, string signature, X509Certificate2 serverCert)
{
try
{
using(var publicKey = serverCert.GetRSAPublicKey())
{
var dataByteArray = Encoding.UTF8.GetBytes(data);
var signatureByteArray = Convert.FromBase64String(signature);
return publicKey.VerifyData(
data: dataByteArray,
signature: signatureByteArray,
hashAlgorithm: HashAlgorithmName.SHA256,
padding: RSASignaturePadding.Pkcs1);
}
}
catch (System.Exception)
{
return false;
}
}
}
Expected result: valid should be true because I am checking the original data.预期结果: valid应该是true因为我正在检查原始数据。
Fact: The Verify method always returns false even the original data are passed.事实:即使传递了原始数据, Verify方法也始终返回false 。
Can you tell me what I did wrong?你能告诉我我做错了什么吗?
1 个解决方案
解决方案1
2 2019-06-19 05:59:35
I cannot tell you what is going wrong in your code since I cannot reproduce it.我不能告诉你你的代码出了什么问题,因为我无法重现它。 Here is a very detailed answer how you can sign using RSA and SHA256. 这是如何使用 RSA 和 SHA256 进行签名的非常详细的答案。 Your approach and the one described in this answer are conceptually the same, but maybe there is a difference in your code compared to this answer.您的方法和本答案中描述的方法在概念上是相同的,但与本答案相比,您的代码可能有所不同。
And here is a example how in my company certificates associated with smart cards are used for signing and verifying signatures.这是我公司如何使用与智能卡关联的证书进行签名和验证签名的示例。 One big difference is that we do not store the signature as a string but rather keep it as an array of bytes.一个很大的区别是我们不将签名存储为字符串,而是将其保存为字节数组。
public byte[] SignData(byte[] data)
{
using (var sha256 = SHA256.Create())
{
using (var rsa = Certificate.GetRSAPrivateKey())
{
return rsa.SignData(data, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1)
}
}
}
public bool VerifySignature(byte[] data, byte[] signature)
{
using (var sha256 = SHA256.Create())
{
using (var rsa = Certificate.GetRSAPublicKey())
{
return rsa.VerifyData(data, signature, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1)
}
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.