[英]How to verify a signature in .net generated in Android
問題如下:
我在Android(Xamarin.Droid)中生成密鑰:
public IPublicKey CreateKey(string keyID) { /*KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance( KeyProperties.KEY_ALGORITHM_RSA, "AndroidKeyStore"); keyPairGenerator.initialize( new KeyGenParameterSpec.Builder( "key1", KeyProperties.PURPOSE_SIGN) .setDigests(KeyProperties.DIGEST_SHA256, KeyProperties.DIGEST_SHA512) .setSignaturePaddings(KeyProperties.SIGNATURE_PADDING_RSA_PSS) .build()); KeyPair keyPair = keyPairGenerator.generateKeyPair(); Signature signature = Signature.getInstance("SHA256withRSA/PSS"); signature.initSign(keyPair.getPrivate()); // The key pair can also be obtained from the Android Keystore any time as follows: KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore"); keyStore.load(null); PrivateKey privateKey = (PrivateKey)keyStore.getKey("key1", null); PublicKey publicKey = keyStore.getCertificate("key1").getPublicKey();*/ //App.Current.MainPage.DisplayAlert("Info", "Creating a new key pair", "Ok"); // UTILIZANDO RSA KeyPairGenerator kpg = KeyPairGenerator.GetInstance(KeyProperties.KeyAlgorithmRsa, KEYSTORE_NAME); kpg.Initialize( new KeyGenParameterSpec.Builder(keyID, KeyStorePurpose.Sign) .SetSignaturePaddings(KeyProperties.SignaturePaddingRsaPss) .SetDigests(KeyProperties.DigestSha1) .Build() ); KeyPair keyPair = kpg.GenerateKeyPair(); Log.Debug(TAG, "New key created for fingerprint authentication"); return keyPair.Public; }
然后我生成一個簽名:
KeyStore.PrivateKeyEntry PKentry = (KeyStore.PrivateKeyEntry)_keystore.GetEntry(keyID, null); IPublicKey pk = (IPublicKey)PKentry.Certificate.PublicKey; //this.pk = pk; privKey = PKentry.PrivateKey; //cipher.Init(Cipher.EncryptMode, privKey); //byte[] output = cipher.DoFinal(Encoding.UTF8.GetBytes(input)); //String s = new string(cipher.DoFinal(input)); // signature Signature sig = Signature.GetInstance("SHA1withRSA/PSS"); sig.InitSign(privKey); byte[] inputDataToSign = Encoding.UTF8.GetBytes(input); sig.Update(inputDataToSign); byte[] signatureBytes = sig.Sign();
然后我將密鑰和簽名發送到ASP.net wep API 2服務器。 客戶端響應生成:
RegistrationResponse registrationResponse = new RegistrationResponse(); string fcparams = Utils.Base64Encode(JsonConvert.SerializeObject(finalChallengeParams)); registrationResponse.fcParams = fcparams; byte[] signedData = sign(fcparams, registrationRequest.username, facetID); registrationResponse.signedData = signedData; registrationResponse.Base64key = convertPublicKeyToString(publicKey); ... ... private string convertPublicKeyToString(IPublicKey publicKey) { string publicKeyString = Base64.EncodeToString(publicKey.GetEncoded(), 0); return publicKeyString; }
我使用改裝金塊發送。 這是我在服務器端收到HTTPRequest時使用的代碼:
[Route("regResponse/")]
[HttpPost]
public IHttpActionResult ProcessClientRegistrationResponse([FromBody] RegistrationResponse registrationResponse)
{
//byte[] publicKeyBytes = Convert.FromBase64String(registrationResponse.Base64key);
byte[] publicKeyBytes = registrationResponse.Base64key;
AsymmetricKeyParameter asymmetricKeyParameter = PublicKeyFactory.CreateKey(publicKeyBytes);
RsaKeyParameters rsaKeyParameters = (RsaKeyParameters)asymmetricKeyParameter;
RSAParameters rsaParameters = new RSAParameters();
rsaParameters.Modulus = rsaKeyParameters.Modulus.ToByteArrayUnsigned();
rsaParameters.Exponent = rsaKeyParameters.Exponent.ToByteArrayUnsigned();
RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();
rsa.ImportParameters(rsaParameters);
/*****/
string alg = rsa.SignatureAlgorithm;
byte[] signedData = registrationResponse.signedData;
byte[] fcParamsBytes = Encoding.UTF8.GetBytes(registrationResponse.fcParams);
RSACng rsaCng = new RSACng();
rsaCng.ImportParameters(rsaParameters);
SHA1Managed hash = new SHA1Managed();
byte[] hashedData;
hashedData = hash.ComputeHash(signedData);
/*********/
bool rsaCngDataOk1 = rsaCng.VerifyData(fcParamsBytes, signedData, HashAlgorithmName.SHA1, RSASignaturePadding.Pss);
bool rsaCngDataOk2 = rsaCng.VerifyData(fcParamsBytes, signedData, HashAlgorithmName.SHA1, RSASignaturePadding.Pss);
bool rsaCngDataOk3 = rsaCng.VerifyData(hashedData, signedData, HashAlgorithmName.SHA1, RSASignaturePadding.Pss);
bool rsaCngDataOk4 = rsaCng.VerifyData(hashedData, signedData, HashAlgorithmName.SHA1, RSASignaturePadding.Pss);
bool rsaCngHashOk1 = rsaCng.VerifyHash(hashedData, signedData, HashAlgorithmName.SHA1, RSASignaturePadding.Pss);
bool dataOK1 = rsa.VerifyData(fcParamsBytes, new SHA1CryptoServiceProvider(), signedData);
bool dataOk2 = rsa.VerifyData(fcParamsBytes, signedData, HashAlgorithmName.SHA1, RSASignaturePadding.Pkcs1);
bool hashOk = rsa.VerifyHash(hashedData, CryptoConfig.MapNameToOID("SHA1"), signedData);
return Ok(true);
}
每個布爾都是錯誤的。 我認為問題顯然在公鑰上。 問題是,
我的方法publickey.encode()會做什么? 我認為它將我的公鑰轉換為byte []表示形式(來源: Android開發人員Key Info )
如何將收到的密鑰的byte []表示形式轉換為正確的RSA密鑰?
算法有問題嗎? 我不這么認為,但我們永遠不知道...
我找不到解決方案。 我搜尋了從.net或c#中的字符串導入公鑰的方法,以及將Android公鑰導出為string或byte []的方法,但是對於這些具體問題沒有太多幫助...
@James K Polk給了我解決方案。 顯然,C#不能與PSS填充一起很好地工作。 我只需要將其更改為PKCS1。 我也將摘要算法也更改為SHA512。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.