堆栈内存溢出
  简体   繁体   English

使用RSA C#签名和验证签名

[英]Signing and verifying signatures with RSA C#

 原文  2011-12-08 20:31:00       c#/ encoding/ rsa/ signing

问题描述

I recently posted about issues with encrypting large data with RSA, I am finally done with that and now I am moving on to implementing signing with a user's private key and verifying with the corresponding public key. 我最近发布了有关使用RSA加密大数据的问题,我最终完成了这一点,现在我继续使用用户的私钥实现签名并使用相应的公钥进行验证。 However, whenever I compare the signed data and the original message I basically just get false returned. 但是,每当我比较签名数据和原始消息时,我基本上只会返回false。 I am hoping some of your could see what I am doing wrong. 我希望你的一些人能看出我做错了什么。

Here is the code: 这是代码: 

public static string SignData(string message, RSAParameters privateKey)
    {
        //// The array to store the signed message in bytes
        byte[] signedBytes;
        using (var rsa = new RSACryptoServiceProvider())
        {
            //// Write the message to a byte array using UTF8 as the encoding.
            var encoder = new UTF8Encoding();
            byte[] originalData = encoder.GetBytes(message);

            try
            {
                //// Import the private key used for signing the message
                rsa.ImportParameters(privateKey);

                //// Sign the data, using SHA512 as the hashing algorithm 
                signedBytes = rsa.SignData(originalData, CryptoConfig.MapNameToOID("SHA512"));
            }
            catch (CryptographicException e)
            {
                Console.WriteLine(e.Message);
                return null;
            }
            finally
            {
                //// Set the keycontainer to be cleared when rsa is garbage collected.
                rsa.PersistKeyInCsp = false;
            }
        }
        //// Convert the a base64 string before returning
        return Convert.ToBase64String(signedBytes);
    }

So that is the first step, to sign the data, next I move on to verifying the data: 这是签署数据的第一步,接下来我将继续验证数据: 

public static bool VerifyData(string originalMessage, string signedMessage, RSAParameters publicKey)
    {
        bool success = false;
        using (var rsa = new RSACryptoServiceProvider())
        {
            byte[] bytesToVerify = Convert.FromBase64String(originalMessage);
            byte[] signedBytes = Convert.FromBase64String(signedMessage);
            try
            {
                rsa.ImportParameters(publicKey);

                SHA512Managed Hash = new SHA512Managed();

                byte[] hashedData = Hash.ComputeHash(signedBytes);

                success = rsa.VerifyData(bytesToVerify, CryptoConfig.MapNameToOID("SHA512"), signedBytes);
            }
            catch (CryptographicException e)
            {
                Console.WriteLine(e.Message);
            }
            finally
            {
                rsa.PersistKeyInCsp = false;
            }
        }
        return success;
    }

And here is the test client: 这是测试客户端: 

public static void Main(string[] args)
    {
        PublicKeyInfrastructure pki = new PublicKeyInfrastructure();
        Cryptograph crypto = new Cryptograph();
        RSAParameters privateKey = crypto.GenerateKeys("email@email.com");

        const string PlainText = "This is really sent by me, really!";

        RSAParameters publicKey = crypto.GetPublicKey("email@email.com");

        string encryptedText = Cryptograph.Encrypt(PlainText, publicKey);

        Console.WriteLine("This is the encrypted Text:" + "\n " + encryptedText);

        string decryptedText = Cryptograph.Decrypt(encryptedText, privateKey);

        Console.WriteLine("This is the decrypted text: " + decryptedText);

        string messageToSign = encryptedText;

        string signedMessage = Cryptograph.SignData(messageToSign, privateKey);

        //// Is this message really, really, REALLY sent by me?
        bool success = Cryptograph.VerifyData(messageToSign, signedMessage, publicKey);

        Console.WriteLine("Is this message really, really, REALLY sent by me? " + success);

    }

Am I missing a step here? 我在这里错过了一步吗? According to the Cryptography API and the examples there, I shouldn't manually compute any hashes, since I supply the algorithm within the method call itself. 根据Cryptography API和那里的例子,我不应该手动计算任何哈希值,因为我在方法调用本身内提供算法。

Any help will be greatly appreciated. 任何帮助将不胜感激。

1 个解决方案

解决方案1
 25 已采纳  2011-12-08 20:45:59

Your problem is at the beginning of the VerifyData method: 您的问题出现在VerifyData方法的开头: 

public static bool VerifyData(string originalMessage, string signedMessage, RSAParameters publicKey)
{
    bool success = false;
    using (var rsa = new RSACryptoServiceProvider())
    {
        //Don't do this, do the same as you did in SignData:
        //byte[] bytesToVerify = Convert.FromBase64String(originalMessage);
        var encoder = new UTF8Encoding();
        byte[] bytesToVerify = encoder.GetBytes(originalMessage);

        byte[] signedBytes = Convert.FromBase64String(signedMessage);
        try
        ...

For some reason you switched to FromBase64String instead of UTF8Encoding.GetBytes . 出于某种原因,您切换到FromBase64String而不是UTF8Encoding.GetBytes

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 使用PHP进行RSA签名并使用C#进行验证 - RSA Signing with PHP and verifying with C# RSA 签名与 Python 验证与 C# - RSA signing with Python verifying with C# 使用多个签名在 C# 中验证已签名的 XML - Verifying signed XML in C# with multiple signatures 无法验证XML文件的签名,包括c#中的注释 - Trouble verifying signatures of XML files INCLUDING COMMENTS in c# 使用 .Net 进行 RSA 签名并使用 OpenSSL 命令进行验证 - RSA Signing with .Net and verifying with OpenSSL command 在 C# 中验证什么是在 Java (RSA) 中签名的问题 - Problem verifying in C# what was signed in Java (RSA) C# 使用公钥验证数据(使用 RSA 私钥签名) - C# Verifying data (signed with RSA private key) with public key 使用rsa验证来自c#节点的签名数据 - Verifying signed data from node in c# using rsa 在 C# 中验证 Crypto Node.JS 生成的 RSA 签名 - Verifying a RSA signature made by Crypto Node.JS in C# C#支持对单个XML元素进行RSA SHA 256签名 - C# Support for RSA SHA 256 signing for individual XML elements
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM