C# 使用公钥验证数据(使用 RSA 私钥签名)
[英]C# Verifying data (signed with RSA private key) with public key
问题描述
using BouncyCastle and with help from a stackoverflow question I got this:
使用 BouncyCastle 并在 stackoverflow 问题的帮助下,我得到了这个:
using System.Net.Sockets;
using System.Security.Cryptography;
using Org.BouncyCastle.Crypto.Parameters;
using Org.BouncyCastle.OpenSsl;
... ...
TcpClient client = new TcpClient("127.0.0.1", 1337);
NetworkStream stream = client.GetStream();
StreamWriter writer= new StreamWriter(stream);
StreamReader reader = new StreamReader(stream);
writer.WriteLine("hello");
writer.AutoFlush = true;
string response = Convert.FromBase64String(reader.ReadToEnd()).ToString();
RSACryptoServiceProvider RCP;
var x = new PemReader(File.OpenText(pubkey));
var y = (RsaKeyParameters)x.ReadObject();
RCP = (RSACryptoServiceProvider)RSACryptoServiceProvider.Create();
var pa = new RSAParameters();
pa.Modulus = y.Modulus.ToByteArray();
pa.Exponent = y.Exponent.ToByteArray();
RCP.ImportParameters(pa);
byte[] test = RCP.Decrypt(response, true);
Now, obviously Decrypt will fail, as since I'm trying to decrypt something which was signed (not "encrypted") and definately not by the same "key".现在,显然 Decrypt 会失败,因为我正在尝试解密已签名(未“加密”)的东西,并且肯定不是由相同的“密钥”。 I'm confused since I thought I should use a method like VerifyData() , but this returns a bool and takes arguments I'm not sure I have.我很困惑,因为我认为我应该使用类似VerifyData()的方法,但这会返回一个布尔值并采用 arguments 我不确定我是否有。
What I wish to accomplish is the C# equivalent of openssl rsautl -verify -inkey public.pem -pubin .我希望完成的是 C# 等效于openssl rsautl -verify -inkey public.pem -pubin 。 That is, "decrypt" with the pubkey to verify the contents of said message.也就是说,使用公钥“解密”以验证所述消息的内容。
Am I on the right track here?我在正确的轨道上吗?
- Mik米克
1 个解决方案
解决方案1
0 已采纳 2011-07-17 21:15:01
Actually a decrypt of a signature should never fail unless you specified the wrong encoding parameters - a signature is simply the private-key encrypted hash of the data (typically SHA1);实际上,除非您指定了错误的编码参数,否则签名的解密永远不会失败 - 签名只是数据的私钥加密 hash(通常是 SHA1); the only benefit of using the verify routine is that it decrypts the block and does the hash comparison work for you, if you wanted to be bloody minded you could instead do a decrypt operation with your public key and compare the hash bytes yourself.使用验证例程的唯一好处是它解密了块并为您执行 hash 比较工作,如果您想血腥,您可以使用您的公钥进行解密操作并自己比较 hash 字节。
I'm not actually sure what response is in the context of your program;我实际上不确定您的程序上下文中的response是什么; you should only be passing the RSA data to it, if you're also feeding it the data that was signed in the first place you are doing it wrong - similarly, do check if that function actually accepts a string, in my experience BouncyCastle generally expects a byte[]您应该只将 RSA 数据传递给它,如果您还向它提供了最初签名的数据,那么您做错了- 同样,请检查 function 是否实际上接受字符串,以我的经验 BouncyCastle需要一个byte[]
I'd recommend using SignerUtilities.GetSigner() - it takes a string arg to tell it what sort of signature you're using, I would imagine "SHA1WithRSA" to be right for you.我建议使用SignerUtilities.GetSigner() - 它需要一个字符串 arg 来告诉它您正在使用哪种签名,我想"SHA1WithRSA"适合您。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.