堆栈内存溢出
  简体   繁体   English

验证 c# 中分离的 pgp 签名

[英]Verify a detached pgp signature in c#

 原文  2019-10-08 12:39:29       c#/ pgp

问题描述

here's what I have:这就是我所拥有的:

  • A big file called update.zip一个名为 update.zip 的大文件
  • A text file called update.zip.sha256sum containing...yes you guessed it, currently it's "204f687dae2e9b66afce079b29abf935949e31de838aa4f5bd8f9b4440fadf2d update.zip" (1 row)一个名为 update.zip.sha256sum 的文本文件包含...是的,你猜对了,目前它是“204f687dae2e9b66afce079b29abf935949e31de838aa4f5bd8f9b4440fadf2d update.zip”(1 行)
  • A 3rd file called update.zip.sha256sum.asc containing "-----BEGIN PGP SIGNATURE----- Version: GnuPG v1... -----END PGP SIGNATURE-----" so only the signature.第三个文件名为 update.zip.sha256sum.asc 包含“-----BEGIN PGP SIGNATURE----- 版本:GnuPG v1 ... -----END PGP SIGNATURE-----”所以只有签名。 All these are on a website.所有这些都在一个网站上。
  • Then, of course I have the public key to verify the signature.然后,当然我有公钥来验证签名。 I made it a resource inside the project, as it's not going to change.我将它作为项目内部的资源,因为它不会改变。

What I need to do from code: check the update.zip's not been tempered with.我需要从代码中执行的操作:检查 update.zip 是否经过调整。 Therefore check the signature, which confirms the file update.zip.sha256sum is ok, so I can use the sha256 inside it to compare with the one I calculate.因此检查签名,确认文件 update.zip.sha256sum 是可以的,所以我可以使用其中的 sha256 与我计算的比较。 All pretty basic.都很基本。 Problem is: the verify method always returns false.问题是:verify 方法总是返回 false。 Doing it from the desktop app works, so the files are ok for sure.从桌面应用程序执行此操作是可行的,因此文件肯定没问题。

What I did: of course I read all the similar questions here, specially this .我做了什么:当然我在这里阅读了所有类似的问题,特别是这个 I also read all the bouncy castle documentation.我还阅读了所有充气城堡文档。 That was fast and easy - there is NONE.那是快速和容易的 - 没有。

Finally I used one of the examples, namly the one under..\crypto\test\src\openpgp\examples\DetachedSignatureProcessor.cs最后,我使用了其中一个示例,即..\crypto\test\src\openpgp\examples\DetachedSignatureProcessor.cs 下的一个

so here is the (failing) code:所以这是(失败的)代码:

    private static bool VerifySignature(string fileName, Stream inputStream, Stream keyIn)
    {
        inputStream = PgpUtilities.GetDecoderStream(inputStream);

        PgpObjectFactory pgpFact = new PgpObjectFactory(inputStream);
        PgpSignatureList p3 = null;
        PgpObject o = pgpFact.NextPgpObject();

        p3 = (PgpSignatureList)o;


        PgpPublicKeyRingBundle pgpPubRingCollection = new PgpPublicKeyRingBundle(
            PgpUtilities.GetDecoderStream(keyIn));
        Stream dIn = GetStream(fileName);
        PgpSignature sig = p3[0];
        PgpPublicKey key = pgpPubRingCollection.GetPublicKey(sig.KeyId);
        sig.InitVerify(key);

        int ch;
        while ((ch = dIn.ReadByte()) >= 0)
        {
            sig.Update((byte)ch);
        }

        dIn.Close();

        if (sig.Verify())
        {
            Console.WriteLine("signature verified.");
            return true;
        }
        else
        {
            Console.WriteLine("signature verification failed.");
            return false;
        }
    }

    public static Stream GetStream(string stringData)
    {
        MemoryStream stream = new MemoryStream();
        StreamWriter writer = new StreamWriter(stream);
        writer.Write(stringData);
        writer.Flush();
        stream.Position = 0;
        return stream;
    }

The code runs through joyfully but always chooses the "signature verification failed."代码运行愉快,但总是选择“签名验证失败”。 route.路线。

What I'm not sure of is whether I miss some steps or whether I'm using the wrong ingredients.我不确定是我错过了一些步骤还是我使用了错误的成分。 The 3 I use are the plain text sha256sum file (fileName), the signature file sha256sum.asc (inputStream) and the public key (keyIN).我使用的3个是纯文本sha256sum文件(fileName),签名文件sha256sum.asc(inputStream)和公钥(keyIN)。

1 个解决方案

解决方案1
 0  2019-10-28 11:06:31

Finally I solved it.最后我解决了。 But don't ask which step made the difference;-)但不要问哪个步骤有所作为;-)

 public static bool VerifySignature(string fileName, Stream inputStream, Stream keyIn)
    {
        PgpPublicKeyRingBundle pgpPubRingCollection = new PgpPublicKeyRingBundle(keyIn);
        PgpPublicKey pubicKey = pgpPubRingCollection.GetPublicKey(4100000000000000000);    //once I knew the right one, I put it here directly as it won't change anyway
        Stream signaturStrom = PgpUtilities.GetDecoderStream(inputStream);
        PgpObjectFactory pgpWTFactory = new PgpObjectFactory(signaturStrom);
        PgpSignature signtr = ((PgpSignatureList)pgpWTFactory.NextPgpObject())[0];
        signtr.InitVerify(pubicKey);

        try
        {
            Stream dIn = ReadStream(fileName);  // get stream from ext. file

            int ch;
            while ((ch = dIn.ReadByte()) >= 0)
            {
                signtr.Update((byte)ch);
            }
            dIn.Close();

        }
        catch (Exception ex)
        {
            return false;
        }
        if (signtr.Verify())
        {
            Console.WriteLine("signature verified.");
            return true;
        }
        else
        {
            Console.WriteLine("signature verification failed.");
            return false;
        }
    }

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 验证未分离的PKCS签名 - verify non detached PKCS signature 无法在C#中签名/验证签名 - Fail to Sign/Verify signature in C# 无法验证在C#中创建的签名 - Unable to verify signature created in C# 以编程方式验证 C# 中 .exe 的数字签名 - Programmatically verify digital signature of .exe in C# 无法在C#中验证PyOpenSSL签名 - Can't verify PyOpenSSL signature in C# 验证 JWT 令牌 c# 的签名 - verify signature of JWT Token c# 如何在C#中验证数字签名 - How to verify digital signature in C# c#如何验证签名JWT? - c# How to verify signature JWT? 仅使用公钥验证签名 (C#) - Verify signature with public key only (C#) C#如何验证JWT令牌上的签名? - C# How to verify signature on JWT token?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM