堆棧內存溢出
  簡體   English   中英

如何在Android中生成的.net中驗證簽名

[英]How to verify a signature in .net generated in Android

 原文  2017-11-13 15:46:17       c#/ android/ xamarin.forms/ rsa/ public-key-exchange

問題描述

問題如下:

  • 我在Android(Xamarin.Droid)中生成密鑰: 

      public IPublicKey CreateKey(string keyID) { /*KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance( KeyProperties.KEY_ALGORITHM_RSA, "AndroidKeyStore"); keyPairGenerator.initialize( new KeyGenParameterSpec.Builder( "key1", KeyProperties.PURPOSE_SIGN) .setDigests(KeyProperties.DIGEST_SHA256, KeyProperties.DIGEST_SHA512) .setSignaturePaddings(KeyProperties.SIGNATURE_PADDING_RSA_PSS) .build()); KeyPair keyPair = keyPairGenerator.generateKeyPair(); Signature signature = Signature.getInstance("SHA256withRSA/PSS"); signature.initSign(keyPair.getPrivate()); // The key pair can also be obtained from the Android Keystore any time as follows: KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore"); keyStore.load(null); PrivateKey privateKey = (PrivateKey)keyStore.getKey("key1", null); PublicKey publicKey = keyStore.getCertificate("key1").getPublicKey();*/ //App.Current.MainPage.DisplayAlert("Info", "Creating a new key pair", "Ok"); // UTILIZANDO RSA KeyPairGenerator kpg = KeyPairGenerator.GetInstance(KeyProperties.KeyAlgorithmRsa, KEYSTORE_NAME); kpg.Initialize( new KeyGenParameterSpec.Builder(keyID, KeyStorePurpose.Sign) .SetSignaturePaddings(KeyProperties.SignaturePaddingRsaPss) .SetDigests(KeyProperties.DigestSha1) .Build() ); KeyPair keyPair = kpg.GenerateKeyPair(); Log.Debug(TAG, "New key created for fingerprint authentication"); return keyPair.Public; }

  • 然后我生成一個簽名: 

      KeyStore.PrivateKeyEntry PKentry = (KeyStore.PrivateKeyEntry)_keystore.GetEntry(keyID, null); IPublicKey pk = (IPublicKey)PKentry.Certificate.PublicKey; //this.pk = pk; privKey = PKentry.PrivateKey; //cipher.Init(Cipher.EncryptMode, privKey); //byte[] output = cipher.DoFinal(Encoding.UTF8.GetBytes(input)); //String s = new string(cipher.DoFinal(input)); // signature Signature sig = Signature.GetInstance("SHA1withRSA/PSS"); sig.InitSign(privKey); byte[] inputDataToSign = Encoding.UTF8.GetBytes(input); sig.Update(inputDataToSign); byte[] signatureBytes = sig.Sign();

  • 然后我將密鑰和簽名發送到ASP.net wep API 2服務器。 客戶端響應生成: 

      RegistrationResponse registrationResponse = new RegistrationResponse(); string fcparams = Utils.Base64Encode(JsonConvert.SerializeObject(finalChallengeParams)); registrationResponse.fcParams = fcparams; byte[] signedData = sign(fcparams, registrationRequest.username, facetID); registrationResponse.signedData = signedData; registrationResponse.Base64key = convertPublicKeyToString(publicKey); ... ... private string convertPublicKeyToString(IPublicKey publicKey) { string publicKeyString = Base64.EncodeToString(publicKey.GetEncoded(), 0); return publicKeyString; }

我使用改裝金塊發送。 這是我在服務器端收到HTTPRequest時使用的代碼: 

[Route("regResponse/")]
    [HttpPost]
    public IHttpActionResult ProcessClientRegistrationResponse([FromBody] RegistrationResponse registrationResponse) 
    {


        //byte[] publicKeyBytes = Convert.FromBase64String(registrationResponse.Base64key);
        byte[] publicKeyBytes = registrationResponse.Base64key;
        AsymmetricKeyParameter asymmetricKeyParameter = PublicKeyFactory.CreateKey(publicKeyBytes);

        RsaKeyParameters rsaKeyParameters = (RsaKeyParameters)asymmetricKeyParameter;

        RSAParameters rsaParameters = new RSAParameters();
        rsaParameters.Modulus = rsaKeyParameters.Modulus.ToByteArrayUnsigned();
        rsaParameters.Exponent = rsaKeyParameters.Exponent.ToByteArrayUnsigned();

        RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();
        rsa.ImportParameters(rsaParameters);

        /*****/

        string alg = rsa.SignatureAlgorithm;
        byte[] signedData = registrationResponse.signedData;
        byte[] fcParamsBytes = Encoding.UTF8.GetBytes(registrationResponse.fcParams);

        RSACng rsaCng = new RSACng();
        rsaCng.ImportParameters(rsaParameters);

        SHA1Managed hash = new SHA1Managed();
        byte[] hashedData;
        hashedData = hash.ComputeHash(signedData);


        /*********/

        bool rsaCngDataOk1 = rsaCng.VerifyData(fcParamsBytes, signedData, HashAlgorithmName.SHA1, RSASignaturePadding.Pss);
        bool rsaCngDataOk2 = rsaCng.VerifyData(fcParamsBytes, signedData, HashAlgorithmName.SHA1, RSASignaturePadding.Pss);
        bool rsaCngDataOk3 = rsaCng.VerifyData(hashedData, signedData, HashAlgorithmName.SHA1, RSASignaturePadding.Pss);
        bool rsaCngDataOk4 = rsaCng.VerifyData(hashedData, signedData, HashAlgorithmName.SHA1, RSASignaturePadding.Pss);

        bool rsaCngHashOk1 = rsaCng.VerifyHash(hashedData, signedData, HashAlgorithmName.SHA1, RSASignaturePadding.Pss);

        bool dataOK1 = rsa.VerifyData(fcParamsBytes, new SHA1CryptoServiceProvider(), signedData);
        bool dataOk2 = rsa.VerifyData(fcParamsBytes, signedData, HashAlgorithmName.SHA1, RSASignaturePadding.Pkcs1);

        bool hashOk = rsa.VerifyHash(hashedData, CryptoConfig.MapNameToOID("SHA1"), signedData);

        return Ok(true);

    }

每個布爾都是錯誤的。 我認為問題顯然在公鑰上。 問題是,

  1. 我的方法publickey.encode()會做什么? 我認為它將我的公鑰轉換為byte []表示形式(來源: Android開發人員Key Info

  2. 如何將收到的密鑰的byte []表示形式轉換為正確的RSA密鑰?

  3. 算法有問題嗎? 我不這么認為,但我們永遠不知道...

我找不到解決方案。 我搜尋了從.net或c#中的字符串導入公鑰的方法,以及將Android公鑰導出為string或byte []的方法,但是對於這些具體問題沒有太多幫助...

1 個解決方案

解決方案1
 0  2017-11-17 11:27:49

@James K Polk給了我解決方案。 顯然,C#不能與PSS填充一起很好地工作。 我只需要將其更改為PKCS1。 我也將摘要算法也更改為SHA512。

暫無
暫無

聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.

相關問題 如何在.NET中驗證DLL的數字簽名 驗證.NET中的電子簽名 使用Node.js'jsrsasign'庫來驗證.NET Bouncy Castle庫生成的簽名 如何在.NET中驗證RSA-SHA512 XML簽名? 如何在Asp.net Core中手動驗證JWT簽名 如何驗證 PayPal Webhook 簽名? 無法在JAVA中驗證簽名,但在.NET中成功 使用 .NET 庫 ECDsaCng 驗證 BouncyCastle ECDsa 簽名 如何使用iText驗證自定義格式的數字簽名? C#如何驗證JWT令牌上的簽名?
相關標簽
 
粵ICP備18138465號  © 2020-2024 STACKOOM.COM