C#中的数字签名
[英]Digital signature in C#
问题描述
So I have a server and a clients. 
所以我有一个服务器和一个客户端。 And I have a task/problem with security. 而且我有一个安全方面的任务/问题。 Conversation between server and client: Client : Give me config file, Server! 服务器和客户端之间的对话:客户端:给我配置文件,服务器! Server : Sending config file with digital signature Client : Receive data 服务器:发送带有数字签名的配置文件客户端:接收数据
So, What approach should I choose? 那么,我应该选择哪种方法?
- Generate private and public keys(server side). 生成私钥和公钥(服务器端)。
- Save private key in the xml-file (TIP1) 将私钥保存在xml文件(TIP1)中
- Clients will be spread with public key(which was generate together with private key) 客户将使用公钥(与私钥一起生成)传播
than, when clients will send request to server : 1. Server get private key from xml-file(TIP1) and send config file + digital signature(encrypt by private key) 2. Client receive response from server and verify digital signature by public key 相比之下,客户端向服务器发送请求时:1.服务器从xml-file(TIP1)获取私钥并发送配置文件+数字签名(通过私钥加密)2.客户端从服务器接收响应并通过公钥验证数字签名
How can I implement this idea in C# ? 如何在C#中实现这个想法? Keys(private and public) I'll be generate by special program. 密钥(私有和公共)我将通过特殊程序生成。 So private key I'll be save in xml-file. 因此,私钥将保存在xml文件中。
ADDITIONALLY 另外
I wrote some class that maybe do work that I want : 我写了一些也许可以做我想做的课:
public class Cryptography
{
private const string CONTAINER_NAME = "MyContainer";
private static RSACryptoServiceProvider rsa;
private static MD5 md5;
private static void AssignParameter()
{
CspParameters cspParams;
cspParams = new CspParameters();
cspParams.KeyContainerName = CONTAINER_NAME;
cspParams.Flags = CspProviderFlags.UseMachineKeyStore;
rsa = new RSACryptoServiceProvider(cspParams);
}
static Cryptography()
{
md5 = MD5.Create();
}
public static byte[] CreateSignature(byte[] data, string pathToKey)
{
AssignParameter();
StreamReader reader = new StreamReader(pathToKey);
string privateKeyXML = reader.ReadToEnd();
rsa.FromXmlString(privateKeyXML);
reader.Close();
RSAPKCS1SignatureFormatter RSAform = new RSAPKCS1SignatureFormatter(rsa);
RSAform.SetHashAlgorithm("MD5");
byte[] hashData = md5.ComputeHash(data);
return RSAform.CreateSignature(hashData);
}
public static bool VerifySignature(byte[] originalData, byte[] data, string pathToKey)
{
StreamReader reader = new StreamReader(pathToKey);
string publicKeyXML = reader.ReadToEnd();
rsa.FromXmlString(publicKeyXML);
reader.Close();
RSAPKCS1SignatureDeformatter RSAdeform = new RSAPKCS1SignatureDeformatter(rsa);
RSAdeform.SetHashAlgorithm("MD5");
byte[] hashOriginalData = md5.ComputeHash(originalData);
return RSAdeform.VerifySignature(hashOriginalData, data);
}
public static void AssignNewKey()
{
AssignParameter();
StreamWriter writer = new StreamWriter(@"D:\cryptography\privatekey.xml");
string privatePrivateKeyXML = rsa.ToXmlString(true);
writer.Write(privatePrivateKeyXML);
writer.Close();
writer = new StreamWriter(@"D:\cryptography\publickey.xml");
string publicOnlyKeyXML = rsa.ToXmlString(false);
writer.Write(publicOnlyKeyXML);
writer.Close();
}
}
What do you think ? 你怎么看 ?
1 个解决方案
解决方案1
0 2011-07-25 07:49:24
无需重新设计轮子,您可以简单地使用WCF的传输或消息安全性并完成它-除非出于任何原因当然不能使用WCF。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.