堆栈内存溢出
  简体   繁体   English

使用 PEM 文件创建 DSA 签名

[英]Create DSA Signature using PEM file

 原文  2022-08-09 12:08:45       .net/ digital-signature/ private-key/ pem/ dsa

问题描述

TL;DR... how can I create a DSA signature using a PEM private key file using.Net Framework 4.5.2 TL;DR ...我如何使用.Net Framework 4.5.2 使用 PEM 私钥文件创建 DSA 签名

I apologise up front... this is all completely new to me, as I've never had to deal with encryption like this.我先道歉......这对我来说是全新的,因为我从来没有处理过这样的加密。 So please be gentle!所以请温柔一点!

Details...细节...

I'm working with an old ASP.Net project using.Net Framework 4.5.2... yes, I'm very aware it's out of life, but is not something I can do anything about at this time .我正在使用.Net Framework 4.5.2 处理一个旧的 ASP.Net 项目......是的,我很清楚它已经过时了,但目前我无能为力

I need to send data to an API where part of that data (a "signature" made up of other piece of known data) is encrypted using DSA with a private key provided by the client... and yes, I'm very aware that RSA should now be used, but that is what the client is demanding .我需要将数据发送到 API,其中部分数据(由其他已知数据组成的“签名”)使用 DSA 和客户端提供的私钥进行加密......是的,我很清楚现在应该使用 RSA,但这正是客户所要求的

The private key has been provided in a PEM format file (ie file starts with -----BEGIN DSA PRIVATE KEY----- )私钥已在 PEM 格式文件中提供(即文件以-----BEGIN DSA PRIVATE KEY-----开头)

I've discovered the AsnKeyParser class from codeproject.com but I have so far failed to work out how to use that class with a PEM format file.从 codeproject.com 中发现了 AsnKeyParser class但到目前为止我还没有弄清楚如何将 class 与 PEM 格式文件一起使用。

This (purposefully) confusing answer highlights my confusion and lack of understanding.这个(故意)令人困惑的答案突出了我的困惑和缺乏理解。

Can anybody, please, give me a pointer to how I can achieve this, as I've wasted a full day on my investigations without any real success?任何人都可以请给我一个指导我如何实现这一目标,因为我已经浪费了一整天的时间进行调查而没有任何真正的成功?

Do I need to convert the Base64-decoded certificate (between the headers) from DER to ASN.1 before passing it to the AsnKeyParser class?我是否需要将 Base64 解码的证书(在标头之间)从 DER 转换为 ASN.1,然后再将其传递给AsnKeyParser class? If so, how?如果是这样,怎么做?

(If necessary, I can consider creating an external service using a more recent.Net version, that I can call from the 4.5.2 code... but would prefer it to be wrapped into a single project.) (如有必要,我可以考虑使用更新的 .Net 版本创建一个外部服务,我可以从 4.5.2 代码中调用它......但更希望将它包装到一个项目中。)

Edit...编辑...

As requested by @Topaco, here is an example key pair supplied by the customer, who tells me (somewhat ambiguously) that according to Google: DSA Key Size: 2048 bits ...根据@Topaco 的要求,这是客户提供的示例密钥对,他告诉我(有点模棱两可) according to Google: DSA Key Size: 2048 bits ......

-----BEGIN DSA PRIVATE KEY-----
MIIBugIBAAKBgQDzGuacD99b5uI/yv8k9B0ayApGge79XN18K3NDals1M/ae31Aa
REiT3pM2Vy+rwZqMXkAjdvBRbAAIWULCPmwlJ25IHBg9zZmK0NymS3qaKd5g3LFC
QXRmOLEVhv0TkZAFmi3u71nvDY35hD5S1OlxXp317MIz8U6/usJhtHjQywIVAKAF
qSaXNbaXLei/kNvHeEMxJvPzAoGAcq8gQ4T1o+xkj7ilhEv1XxiAjKJAZao15JOc
G6D9itSkDTZk/4WftDdIwWV8cYCG6PHmbvGi4i/2Z/LIixnuqWJTUG/EpiXf2RAV
47wgUjGmKtIbpUURSGE+XFfYf5R63hmLp2Jn40NqU9OlAScCDEAqN62YB6+Kua71
/ngDzNACgYBUgc3Gw85Amc2BpFruGsUkB4spnonmueq5HV3bcYIxvrO03UTQovTi
8yvQRUPYSIfCzgS2800ntwizZ6NCwUj6lda6YVBZWw8rg7D9HYoD9aOz4GtN57Da
qml0C3Tqh/1wZI5K+lmyDJfex/nQ4iGQoCmzKftWf13x1iCKM08ULwIUZ8Ig9WT9
Q3BcHfdOKLqa3nbYXCw=
-----END DSA PRIVATE KEY-----

-----BEGIN PUBLIC KEY-----
MIIBtjCCASsGByqGSM44BAEwggEeAoGBAPMa5pwP31vm4j/K/yT0HRrICkaB7v1c
3Xwrc0NqWzUz9p7fUBpESJPekzZXL6vBmoxeQCN28FFsAAhZQsI+bCUnbkgcGD3N
mYrQ3KZLepop3mDcsUJBdGY4sRWG/RORkAWaLe7vWe8NjfmEPlLU6XFenfXswjPx
Tr+6wmG0eNDLAhUAoAWpJpc1tpct6L+Q28d4QzEm8/MCgYByryBDhPWj7GSPuKWE
S/VfGICMokBlqjXkk5wboP2K1KQNNmT/hZ+0N0jBZXxxgIbo8eZu8aLiL/Zn8siL
Ge6pYlNQb8SmJd/ZEBXjvCBSMaYq0hulRRFIYT5cV9h/lHreGYunYmfjQ2pT06UB
JwIMQCo3rZgHr4q5rvX+eAPM0AOBhAACgYBUgc3Gw85Amc2BpFruGsUkB4spnonm
ueq5HV3bcYIxvrO03UTQovTi8yvQRUPYSIfCzgS2800ntwizZ6NCwUj6lda6YVBZ
Ww8rg7D9HYoD9aOz4GtN57Daqml0C3Tqh/1wZI5K+lmyDJfex/nQ4iGQoCmzKftW
f13x1iCKM08ULw==
-----END PUBLIC KEY-----

1 个解决方案

解决方案1
 1  2022-08-10 08:22:42

For DSA, .NET Framework 4.5.2 is very limited concerning key size (max. 1024 bits, see here ) and digest (only SHA1, see here ).对于 DSA,.NET 框架 4.5.2 在密钥大小(最大 1024 位,请参见此处)和摘要(仅 SHA1,请参见此处)方面非常有限。

For this reason, it makes more sense to use a more capable third-party provider such as BouncyCastle from the start.出于这个原因,从一开始就使用功能更强大的第三方提供商(例如 BouncyCastle)更有意义。 BouncyCastle also provides PemReader for convenient import of PEM encoded keys. BouncyCastle 还提供PemReader以方便导入 PEM 编码的密钥。

Import:进口:

using Org.BouncyCastle.OpenSsl;
using Org.BouncyCastle.Crypto;
...
string privDsaPem = @"-----BEGIN DSA PRIVATE KEY-----
                    MII...
                    -----END DSA PRIVATE KEY-----";
PemReader pemReader = new PemReader(new StringReader(privDsaPem));
AsymmetricCipherKeyPair dsaKeyPair = (AsymmetricCipherKeyPair)pemReader.ReadObject();
AsymmetricKeyParameter dsaPrivParams = dsaKeyPair.Private;

Signing:签署:

using Org.BouncyCastle.Security;
using Org.BouncyCastle.Crypto;
using System;
...
ISigner sig = SignerUtilities.GetSigner("SHA256withDSA");
sig.Init(true, dsaPrivParams);
sig.BlockUpdate(message, 0, message.Length);
byte[] signatureBC = sig.GenerateSignature();           // ASN.1/DER format
Console.WriteLine(Convert.ToBase64String(signatureBC)); // e.g. MEYCIQDDznPDx5YjsszeOvNbvX2pgTDP4qtkOXMlNo+9B9+xsAIhAKOf8G16Z7uFLlevnC1DzUE+Op5XmwoxbK6my/RjEIRG

For the posted solution applies:对于发布的解决方案适用:

  • The DSA signature is returned in ASN.1/DER encoded format (and therefore can be loaded in an ASN.1 parser eg https://lapo.it/asn1js/ ). DSA 签名以 ASN.1/DER 编码格式返回(因此可以加载到 ASN.1 解析器中,例如https://lapo.it/asn1js/ )。
  • As digest SHA256 is applied.应用摘要 SHA256。

Regarding signature format and digest, consider the following:关于签名格式和摘要,请考虑以下几点:

A DSA signature consists of two parts, r and s , see here . DSA 签名由两部分组成, rs ,请参见此处 There are different formats for DSA signatures. DSA 签名有不同的格式。 In the above solution, the r and s values of the signature are provided in ASN.1/DER encoded format.在上述解决方案中,签名的rs值以 ASN.1/DER 编码格式提供。 Another format is IEEE P.1363, where r and s are concatenated.另一种格式是 IEEE P.1363,其中rs连接在一起。 See here for the relation of both formats and a conversion between them.有关两种格式的关系以及它们之间的转换,请参见此处

Besides SHA256, BouncyCastle supports other digests for DSA, see SignerUtilities.cs for more digests and identifiers.除了 SHA256,BouncyCastle 还支持 DSA 的其他摘要,请参阅SignerUtilities.cs了解更多摘要和标识符。

Both sides must apply the same digest for a successful verification and, to avoid unnecessary conversions, should use the same signature format if possible.双方必须应用相同的摘要才能成功验证,并且为避免不必要的转换,应尽可能使用相同的签名格式。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何从私钥创建签名? -DSA - How to create a signature from Private Key? - DSA 如何使用C#.NET在PEM文件中使用P-256密钥计算ECDSA签名? - How to compute the ECDSA signature using a P-256 key in a PEM file using C#.NET? 如何使用BouncyCastle(C#)以ASN.1格式导入DSA签名 - How to import DSA signature in ASN.1 format using BouncyCastle (C#) 验证C#中使用BER / DER编码的ASN.1格式的DSA签名 - Verify a DSA signature in C# that's using BER/DER encoded ASN.1 format 将.NET XML格式的DSA非对称密钥转换为PEM格式 - Convert DSA asymmetric key in .NET XML format to PEM format 无法从 C# 中的 PEM 文件创建 CngKey - Unable to create a CngKey from a PEM file in C# 使用BouncyCastle和私有PEM文件的RSA解密不起作用 - RSA Decryption using BouncyCastle with private PEM file not working 如何使用Codedom在方法签名中创建带有'new'关键字的方法 - How to Create a Method with 'new' keyword in its method signature using codedom 使用文件签名(.NET)中的幻数验证文件类型的解决方案? - A solution to validate a file type using magic number in file signature (.NET)? 如何从 PEM 文件中获取私钥? - how to get private key from PEM file?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM