![](/img/trans.png)
[英]How to create a digital signature using SHA256 with ECDSA algorithm in C#
[英]convert signature algorithm from sha1 to sha256 in c#
我有一个网络服务客户端应用程序。 我的网络服务提供商通知我将签名方法从 sha1 更改为 sha256,这是在请求 header 部分。 目前我有一个 CustomSendFilter class,并使用下面的 function 保护传出消息。 我如何转换为 sha 256? 我搜索但还没有找到明确的解决方案。
public override void SecureMessage(SoapEnvelope envelope, Security security)
{
X509SecurityToken signatureToken;
signatureToken = new X509SecurityToken(CertificateManager.ClientCertificate);
security.Tokens.Add(signatureToken);
MessageSignature sig = new MessageSignature(signatureToken);
security.Elements.Add(sig);
security.Timestamp.TtlInSeconds = 60;
Logging.AddToLog(envelope.Envelope.InnerText);
}
您可以通过MessageSignature.SignedInfo.SignatureMethod
设置要使用的签名算法。
不幸的是,在撰写本文时,.NET 框架可能没有对http://www.w3.org/2001/04/xmldsig-more#rsa-sha256的内置支持,但可以使用以下代码修复该问题(贷记 go 至https://gist.github.com/sneal/f35de432115b840c4c1f ):
/// <summary>
/// SignatureDescription impl for http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
/// </summary>
public class RSAPKCS1SHA256SignatureDescription : SignatureDescription
{
/// <summary>
/// Registers the http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 algorithm
/// with the .NET CrytoConfig registry. This needs to be called once per
/// appdomain before attempting to validate SHA256 signatures.
/// </summary>
public static void Register()
{
CryptoConfig.AddAlgorithm(
typeof(RSAPKCS1SHA256SignatureDescription),
"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");
}
/// <summary>
/// .NET calls this parameterless ctor
/// </summary>
public RSAPKCS1SHA256SignatureDescription()
{
KeyAlgorithm = "System.Security.Cryptography.RSACryptoServiceProvider";
DigestAlgorithm = "System.Security.Cryptography.SHA256Managed";
FormatterAlgorithm = "System.Security.Cryptography.RSAPKCS1SignatureFormatter";
DeformatterAlgorithm = "System.Security.Cryptography.RSAPKCS1SignatureDeformatter";
}
public override AsymmetricSignatureDeformatter CreateDeformatter(AsymmetricAlgorithm key)
{
var asymmetricSignatureDeformatter =
(AsymmetricSignatureDeformatter)CryptoConfig.CreateFromName(DeformatterAlgorithm);
asymmetricSignatureDeformatter.SetKey(key);
asymmetricSignatureDeformatter.SetHashAlgorithm("SHA256");
return asymmetricSignatureDeformatter;
}
public override AsymmetricSignatureFormatter CreateFormatter(AsymmetricAlgorithm key)
{
var asymmetricSignatureFormatter =
(AsymmetricSignatureFormatter)CryptoConfig.CreateFromName(FormatterAlgorithm);
asymmetricSignatureFormatter.SetKey(key);
asymmetricSignatureFormatter.SetHashAlgorithm("SHA256");
return asymmetricSignatureFormatter;
}
}
谢谢你的回答。 我有一个 CustomSendFilter class 用于保护请求,如下所示。 我应该在哪里注册算法? 我在调用网络服务 function 之前注册了,在下面的 SecureMessage function 中也注册了,但没有用。
公共 class CustomSendFilter: SendSecurityFilter { 私有字符串 serviceDescription;
public CustomSendFilter(SecurityPolicyAssertion parentAssertion , string serviceDescription)
: base(parentAssertion.ServiceActor, true)
{
this.serviceDescription = serviceDescription;
}
public override SoapFilterResult ProcessMessage(SoapEnvelope envelope)
{
SoapFilterResult result = base.ProcessMessage(envelope);
Logging.SaveSoapEnvelope(envelope, SoapMessageDirection.Out , serviceDescription);
return result;
}
public override void SecureMessage(SoapEnvelope envelope, Security security)
{
X509SecurityToken signatureToken;
signatureToken = new X509SecurityToken(CertificateManager.ClientCertificate);
RSAPKCS1SHA256SignatureDescription.Register();
security.Tokens.Add(signatureToken);
MessageSignature sig = new MessageSignature(signatureToken);
security.Elements.Add(sig);
security.Timestamp.TtlInSeconds = 60;
Logging.AddToLog(envelope.Envelope.InnerText);
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.