[英]Can RSACryptoServiceProvider (.NET's RSA) use SHA256 for encryption (not signing) instead of SHA1?
加密時,RSACryptoServiceProvider(或.NET提供的任何其他RSA加密器)可以使用SHA256代替SHA1嗎?
SHA1似乎是硬編碼的,無法更改它。 例如,RSACryptoServiceProvider.SignatureAlgorithm被硬編碼為返回“http://www.w3.org/2000/09/xmldsig#rsa-sha1”。
如果無法使RSACryptoServiceProvider使用SHA256,有哪些替代方案?
更新
以下代碼完美地運行,但我想將OAEPWithSHA1AndMGF1Padding更改為OAEPWithSHA256AndMGF1Padding。 C#端需要什么才能使用SHA256而不是SHA1進行加密?
加密是在C#中完成的,使用:
var parameters = new RSAParameters();
parameters.Exponent = new byte[] {0x01, 0x00, 0x01};
parameters.Modulus = new byte[] {0x9d, 0xc1, 0xcc, ...};
rsa.ImportParameters(parameters);
var cipherText = rsa.Encrypt(new byte[] { 0, 1, 2, 3 }, true);
解密是在Java中使用:
Cipher cipher = Cipher.getInstance("RSA/NONE/OAEPWithSHA1AndMGF1Padding", "BC");
cipher.init(Cipher.DECRYPT_MODE, keyPair.getPrivate());
byte[] cipherText = ...;
byte[] plainText = cipher.doFinal(cipherText);
RSACryptoServiceProvider可以使用基於SHA2的簽名,但您必須投入一些精力。
當您使用證書獲取RSACryptoServiceProvider時,底層的CryptoAPI提供程序真正重要。 默認情況下,當您使用'makecert'創建證書時,它是“RSA-FULL”,它僅支持用於簽名的SHA1哈希值。 您需要支持SHA2的新“RSA-AES”。
因此,您可以使用其他選項創建證書:-sp“Microsoft Enhanced RSA and AES Cryptographic Provider”(或等效的-sy 24),然后您的代碼看起來像(在.NET 4.0中):
var rsa = signerCertificate.PrivateKey as RSACryptoServiceProvider;
//
byte[] signature = rsa.SignData(data, CryptoConfig.CreateFromName("SHA256"));
如果您無法更改頒發證書的方式,則會有一個半連接的解決方法,該解決方案基於以下事實:默認情況下創建的RSACryptoServiceProvider支持SHA2。 所以,下面的代碼也可以工作,但它有點丑陋:(這段代碼的作用是創建一個新的RSACryptoServiceProvider並從我們從證書中獲取的密鑰導入密鑰)
var rsa = signerCertificate.PrivateKey as RSACryptoServiceProvider;
// Create a new RSACryptoServiceProvider
RSACryptoServiceProvider rsaClear = new RSACryptoServiceProvider();
// Export RSA parameters from 'rsa' and import them into 'rsaClear'
rsaClear.ImportParameters(rsa.ExportParameters(true));
byte[] signature = rsaClear.SignData(data, CryptoConfig.CreateFromName("SHA256"));
從任何Windows Server 2003及更高版本操作系統上的.NET 3.5 SP1開始,是的,RSACryptoServiceProvider支持RSA-SHA256進行簽名 ,但不支持加密。
從博客文章使用RSACryptoServiceProvider獲取RSA-SHA256簽名 :
byte[] data = new byte[] { 0, 1, 2, 3, 4, 5 };
using (RSACryptoServiceProvider rsa = new RSACryptoServiceProvider())
{
byte[] signature = rsa.SignData(data, "SHA256");
if (rsa.VerifyData(data, "SHA256", signature))
{
Console.WriteLine("RSA-SHA256 signature verified");
}
else
{
Console.WriteLine("RSA-SHA256 signature failed to verify");
}
}
你應該閱讀原帖,因為有一些問題需要注意。
如果沒有辦法讓RSACryptoServiceProvider
處理OAEP-with-SHA-256(其他人的答案似乎就是這樣說的話),那么你仍然可以自己實現這個操作。 我們談論的是加密部分,它只使用公鑰。 公鑰是公共的,這意味着您可以將其導出(實際上,在您的代碼中,您已經將模數和指數作為字節數組),並且通過粗心的實現沒有關於秘密數據泄漏的問題,因為這里沒有密鑰。
實施OAEP需要以下內容:
System.Security.Cryptography.SHA256Managed
將沒問題)和一個加密質量的alea源( System.Security.Cryptography.RandomNumberGenerator
)。 .NET 4.0及更高版本提供了System.Numerics.BigInteger
,它具有您需要的代碼(方法ModPow()
)。 對於以前的版本,您必須使用自定義實現; 有幾個躺着,谷歌一如既往地是你的朋友。 這里不需要絕對性能:RSA 加密很快,因為公共指數很短(示例代碼中為17位)。
在提出問題並回答之后, Bounty Castle C#更新為1.7。 為了將來你可能會考慮它,它增加了對Bouncy Castle為Java提供的許多加密算法,哈希,簽名的支持。 點擊鏈接,查找“1.7版發行說明”和“當前功能列表:”。
僅供參考:如何更改.p12或.pfx中的CSP(帶私鑰的證書)。 您需要.pfx中私鑰的密碼才能執行以下步驟。
第1步:將文件轉換為開放格式temp.pem
openssl pkcs12 -in myCert.p12 -out temp.pem -passin pass:myPassword -passout pass:temppwd
或者openssl pkcs12 -in myCert.pfx -out temp.pem -passin pass:myPassword -passout pass:temppwd
步驟2:創建包含Windows所需的CSP引用的文件myCert2.pfx
openssl pkcs12 -export -in temp.pem -out myCert2.pfx -CSP "Microsoft Enhanced RSA and AES Cryptographic Provider" -passin pass:temppwd -passout pass:myPassword
第3步:刪除temp.pem。 它不再需要了。
del temp.pem
第4步:驗證它是否正確完成
openssl pkcs12 -info -nodes -in myCert2.pfx -passin pass:myPassword
這必須顯示Microsoft CSP Name: Microsoft Enhanced RSA and AES Cryptographic Provider
使用這樣的修改后的證書,您可以使用Kastorskijs答案中的第一個代碼。
據微軟MVP (Rob Teixeira)稱,沒有。 您可以使用第三方庫,例如Security.Cryptography.dll
這里的所有其他答案都是關於使用SHA256進行簽名而不是加密。 我要回答問題。
任何SHA-2或更高版本的算法都用於散列,不一定是加密/解密,但這並不意味着您無法使用這些算法生成密鑰,然后對它們進行加密/解密。 從技術上講,我會對那些不同意這個答案的人提出這個問題,這不是“用SHA256加密”,但它確實允許RSA使用使用該算法生成的散列密鑰。 讓你的特定組織決定是否足以符合NIST / FIPS標准,這應該是你的原因,因為在我研究這個時,它是我的。
加密(使用RSA或其他非對稱加密算法)只需要公鑰(用於加密)和私鑰(用於解密)。 使用該哈希創建密鑰后,您可以對它們進行加密/解密。
我將把我做過的一些研究拼湊起來,展示一些路由,你可以使用一個使用SHA-256哈希創建的密鑰,然后加密/解密。 您可以通過創建證書或讓RSACryptoServiceContainer為您提供一個來生成SHA-256密鑰。
證書方法
在命令行上使用以下行創建證書:
makecert -r -pe -n "CN=MyCertificate" -a sha256 -b 09/01/2016 -sky exchange C:\Temp\MyCertificate.cer -sv C:\Temp\MyCertificate.pvk
pvk2pfx.exe -pvk C:\Temp\MyCertificate.pvk -pi "MyP@ssw0rd" -spc C:\Temp\MyCertificate.cer -pfx C:\Temp\MyCertificate.pfx -po "MyP@ssw0rd"
然后將證書導入到本地根權限存儲庫並使用以下代碼:
string input = "test";
string output = string.Empty;
X509Store store = new X509Store(StoreName.Root, StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadOnly);
X509Certificate2Collection collection = store.Certificates.Find(X509FindType.FindBySubjectName, "MyCertificate", false);
X509Certificate2 certificate = collection[0];
using (RSACryptoServiceProvider cps = (RSACryptoServiceProvider)certificate.PublicKey.Key)
{
byte[] bytesData = Encoding.UTF8.GetBytes(input);
byte[] bytesEncrypted = cps.Encrypt(bytesData, false);
output = Convert.ToBase64String(bytesEncrypted);
}
store.Close();
如果您想使用SHA512,您只需在制作證書時將該sha256
參數更改為sha512
。
參考 : https : //social.msdn.microsoft.com/Forums/en-US/69e39ad0-13c2-4b5e-bb1b-972a614813fd/encrypt-with-certificate-sha512?forum=csharpgeneral
使用RSACryptoServiceProvider生成密鑰
private static string privateKey = String.Empty;
private static void generateKeys()
{
int dwLen = 2048;
RSACryptoServiceProvider csp = new RSACryptoServiceProvider(dwLen);
privateKey = csp.ToXmlString(true).Replace("><",">\r\n");
}
public static string Encrypt(string data2Encrypt)
{
try
{
generateKeys();
RSAx rsax = new RSAx(privateKey, 2048);
rsax.RSAxHashAlgorithm = RSAxParameters.RSAxHashAlgorithm.SHA256;
byte[] CT = rsax.Encrypt(Encoding.UTF8.GetBytes(data2Encrypt), false, true); // first bool is for using private key (false forces to use public), 2nd is for using OAEP
return Convert.ToBase64String(CT);
}
catch (Exception ex)
{
// handle exception
MessageBox.Show("Error during encryption: " + ex.Message);
return String.Empty;
}
}
public static string Decrypt(string data2Decrypt)
{
try
{
RSAx rsax = new RSAx(privateKey, 2048);
rsax.RSAxHashAlgorithm = RSAxParameters.RSAxHashAlgorithm.SHA256;
byte[] PT = rsax.Decrypt(Convert.FromBase64String(data2Decrypt), true, true); // first bool is for using private key, 2nd is for using OAEP
return Encoding.UTF8.GetString(PT);
}
catch (Exception ex)
{
// handle exception
MessageBox.Show("Error during encryption: " + ex.Message);
return String.Empty;
}
}
如果要使用SHA512,可以將RSAxHashAlgorithm.SHA256
更改為RSAxHashAlgorithm.SHA512
。
這些方法使用名為RSAx.DLL的DLL,使用https://www.codeproject.com/Articles/421656/RSA-Library-with-Private-Key-Encryption-in-Csharp中的源代碼構建,這不是我的(作者:Arpan Jati),但我已經使用過它,並且在CodeProject的開源許可下可供開發者社區使用。 您也可以從該項目中引入3個類,而不是:RSAx.cs,RSAxParameters.cs,RSAxUtils.cs
該代碼將在30000字符限制上發布此帖子,因此我將發布RSAx以便您可以看到正在發生的事情,但所有3個類都是必需的。 您必須更改命名空間並引用System.Numerics程序集。
RSAx.cs
// @Date : 15th July 2012
// @Author : Arpan Jati (arpan4017@yahoo.com; arpan4017@gmail.com)
// @Library : ArpanTECH.RSAx
// @CodeProject: http://www.codeproject.com/Articles/421656/RSA-Library-with-Private-Key-Encryption-in-Csharp
using System;
using System.Collections.Generic;
using System.Security.Cryptography;
using System.Numerics;
using System.Linq;
using System.Text;
using System.IO;
namespace ArpanTECH
{
/// <summary>
/// The main RSAx Class
/// </summary>
public class RSAx : IDisposable
{
private RSAxParameters rsaParams;
private RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
/// <summary>
/// Initialize the RSA class.
/// </summary>
/// <param name="rsaParams">Preallocated RSAxParameters containing the required keys.</param>
public RSAx(RSAxParameters rsaParams)
{
this.rsaParams = rsaParams;
UseCRTForPublicDecryption = true;
}
/// <summary>
/// Initialize the RSA class from a XML KeyInfo string.
/// </summary>
/// <param name="keyInfo">XML Containing Key Information</param>
/// <param name="ModulusSize">Length of RSA Modulus in bits.</param>
public RSAx(String keyInfo, int ModulusSize)
{
this.rsaParams = RSAxUtils.GetRSAxParameters(keyInfo, ModulusSize);
UseCRTForPublicDecryption = true;
}
/// <summary>
/// Hash Algorithm to be used for OAEP encoding.
/// </summary>
public RSAxParameters.RSAxHashAlgorithm RSAxHashAlgorithm
{
set
{
rsaParams.HashAlgorithm = value;
}
}
/// <summary>
/// If True, and if the parameters are available, uses CRT for private key decryption. (Much Faster)
/// </summary>
public bool UseCRTForPublicDecryption
{
get; set;
}
/// <summary>
/// Releases all the resources.
/// </summary>
public void Dispose()
{
rsaParams.Dispose();
}
#region PRIVATE FUNCTIONS
/// <summary>
/// Low level RSA Process function for use with private key.
/// Should never be used; Because without padding RSA is vulnerable to attacks. Use with caution.
/// </summary>
/// <param name="PlainText">Data to encrypt. Length must be less than Modulus size in octets.</param>
/// <param name="usePrivate">True to use Private key, else Public.</param>
/// <returns>Encrypted Data</returns>
public byte[] RSAProcess(byte[] PlainText, bool usePrivate)
{
if (usePrivate && (!rsaParams.Has_PRIVATE_Info))
{
throw new CryptographicException("RSA Process: Incomplete Private Key Info");
}
if ((usePrivate == false) && (!rsaParams.Has_PUBLIC_Info))
{
throw new CryptographicException("RSA Process: Incomplete Public Key Info");
}
BigInteger _E;
if (usePrivate)
_E = rsaParams.D;
else
_E = rsaParams.E;
BigInteger PT = RSAxUtils.OS2IP(PlainText, false);
BigInteger M = BigInteger.ModPow(PT, _E, rsaParams.N);
if (M.Sign == -1)
return RSAxUtils.I2OSP(M + rsaParams.N, rsaParams.OctetsInModulus, false);
else
return RSAxUtils.I2OSP(M, rsaParams.OctetsInModulus, false);
}
/// <summary>
/// Low level RSA Decryption function for use with private key. Uses CRT and is Much faster.
/// Should never be used; Because without padding RSA is vulnerable to attacks. Use with caution.
/// </summary>
/// <param name="Data">Data to encrypt. Length must be less than Modulus size in octets.</param>
/// <returns>Encrypted Data</returns>
public byte[] RSADecryptPrivateCRT(byte[] Data)
{
if (rsaParams.Has_PRIVATE_Info && rsaParams.HasCRTInfo)
{
BigInteger C = RSAxUtils.OS2IP(Data, false);
BigInteger M1 = BigInteger.ModPow(C, rsaParams.DP, rsaParams.P);
BigInteger M2 = BigInteger.ModPow(C, rsaParams.DQ, rsaParams.Q);
BigInteger H = ((M1 - M2) * rsaParams.InverseQ) % rsaParams.P;
BigInteger M = (M2 + (rsaParams.Q * H));
if (M.Sign == -1)
return RSAxUtils.I2OSP(M + rsaParams.N, rsaParams.OctetsInModulus, false);
else
return RSAxUtils.I2OSP(M, rsaParams.OctetsInModulus, false);
}
else
{
throw new CryptographicException("RSA Decrypt CRT: Incomplete Key Info");
}
}
private byte[] RSAProcessEncodePKCS(byte[] Message, bool usePrivate)
{
if (Message.Length > rsaParams.OctetsInModulus - 11)
{
throw new ArgumentException("Message too long.");
}
else
{
// RFC3447 : Page 24. [RSAES-PKCS1-V1_5-ENCRYPT ((n, e), M)]
// EM = 0x00 || 0x02 || PS || 0x00 || Msg
List<byte> PCKSv15_Msg = new List<byte>();
PCKSv15_Msg.Add(0x00);
PCKSv15_Msg.Add(0x02);
int PaddingLength = rsaParams.OctetsInModulus - Message.Length - 3;
byte[] PS = new byte[PaddingLength];
rng.GetNonZeroBytes(PS);
PCKSv15_Msg.AddRange(PS);
PCKSv15_Msg.Add(0x00);
PCKSv15_Msg.AddRange(Message);
return RSAProcess(PCKSv15_Msg.ToArray() , usePrivate);
}
}
/// <summary>
/// Mask Generation Function
/// </summary>
/// <param name="Z">Initial pseudorandom Seed.</param>
/// <param name="l">Length of output required.</param>
/// <returns></returns>
private byte[] MGF(byte[] Z, int l)
{
if (l > (Math.Pow(2, 32)))
{
throw new ArgumentException("Mask too long.");
}
else
{
List<byte> result = new List<byte>();
for (int i = 0; i <= l / rsaParams.hLen; i++)
{
List<byte> data = new List<byte>();
data.AddRange(Z);
data.AddRange(RSAxUtils.I2OSP(i, 4, false));
result.AddRange(rsaParams.ComputeHash(data.ToArray()));
}
if (l <= result.Count)
{
return result.GetRange(0, l).ToArray();
}
else
{
throw new ArgumentException("Invalid Mask Length.");
}
}
}
private byte[] RSAProcessEncodeOAEP(byte[] M, byte[] P, bool usePrivate)
{
// +----------+---------+-------+
// DB = | lHash | PS | M |
// +----------+---------+-------+
// |
// +----------+ V
// | seed |--> MGF ---> XOR
// +----------+ |
// | |
// +--+ V |
// |00| XOR <----- MGF <-----|
// +--+ | |
// | | |
// V V V
// +--+----------+----------------------------+
// EM = |00|maskedSeed| maskedDB |
// +--+----------+----------------------------+
int mLen = M.Length;
if (mLen > rsaParams.OctetsInModulus - 2 * rsaParams.hLen - 2)
{
throw new ArgumentException("Message too long.");
}
else
{
byte[] PS = new byte[rsaParams.OctetsInModulus - mLen - 2 * rsaParams.hLen - 2];
//4. pHash = Hash(P),
byte[] pHash = rsaParams.ComputeHash(P);
//5. DB = pHash||PS||01||M.
List<byte> _DB = new List<byte>();
_DB.AddRange(pHash);
_DB.AddRange(PS);
_DB.Add(0x01);
_DB.AddRange(M);
byte[] DB = _DB.ToArray();
//6. Generate a random octet string seed of length hLen.
byte[] seed = new byte[rsaParams.hLen];
rng.GetBytes(seed);
//7. dbMask = MGF(seed, k - hLen -1).
byte[] dbMask = MGF(seed, rsaParams.OctetsInModulus - rsaParams.hLen - 1);
//8. maskedDB = DB XOR dbMask
byte[] maskedDB = RSAxUtils.XOR(DB, dbMask);
//9. seedMask = MGF(maskedDB, hLen)
byte[] seedMask = MGF(maskedDB, rsaParams.hLen);
//10. maskedSeed = seed XOR seedMask.
byte[] maskedSeed = RSAxUtils.XOR(seed, seedMask);
//11. EM = 0x00 || maskedSeed || maskedDB.
List<byte> result = new List<byte>();
result.Add(0x00);
result.AddRange(maskedSeed);
result.AddRange(maskedDB);
return RSAProcess(result.ToArray(), usePrivate);
}
}
private byte[] Decrypt(byte[] Message, byte [] Parameters, bool usePrivate, bool fOAEP)
{
byte[] EM = new byte[0];
try
{
if ((usePrivate == true) && (UseCRTForPublicDecryption) && (rsaParams.HasCRTInfo))
{
EM = RSADecryptPrivateCRT(Message);
}
else
{
EM = RSAProcess(Message, usePrivate);
}
}
catch (CryptographicException ex)
{
throw new CryptographicException("Exception while Decryption: " + ex.Message);
}
catch
{
throw new Exception("Exception while Decryption: ");
}
try
{
if (fOAEP) //DECODE OAEP
{
if ((EM.Length == rsaParams.OctetsInModulus) && (EM.Length > (2 * rsaParams.hLen + 1)))
{
byte[] maskedSeed;
byte[] maskedDB;
byte[] pHash = rsaParams.ComputeHash(Parameters);
if (EM[0] == 0) // RFC3447 Format : http://tools.ietf.org/html/rfc3447
{
maskedSeed = EM.ToList().GetRange(1, rsaParams.hLen).ToArray();
maskedDB = EM.ToList().GetRange(1 + rsaParams.hLen, EM.Length - rsaParams.hLen - 1).ToArray();
byte[] seedMask = MGF(maskedDB, rsaParams.hLen);
byte[] seed = RSAxUtils.XOR(maskedSeed, seedMask);
byte[] dbMask = MGF(seed, rsaParams.OctetsInModulus - rsaParams.hLen - 1);
byte[] DB = RSAxUtils.XOR(maskedDB, dbMask);
if (DB.Length >= (rsaParams.hLen + 1))
{
byte[] _pHash = DB.ToList().GetRange(0, rsaParams.hLen).ToArray();
List<byte> PS_M = DB.ToList().GetRange(rsaParams.hLen, DB.Length - rsaParams.hLen);
int pos = PS_M.IndexOf(0x01);
if (pos >= 0 && (pos < PS_M.Count))
{
List<byte> _01_M = PS_M.GetRange(pos, PS_M.Count - pos);
byte[] M;
if (_01_M.Count > 1)
{
M = _01_M.GetRange(1, _01_M.Count - 1).ToArray();
}
else
{
M = new byte[0];
}
bool success = true;
for (int i = 0; i < rsaParams.hLen; i++)
{
if (_pHash[i] != pHash[i])
{
success = false;
break;
}
}
if (success)
{
return M;
}
else
{
M = new byte[rsaParams.OctetsInModulus]; //Hash Match Failure.
throw new CryptographicException("OAEP Decode Error");
}
}
else
{// #3: Invalid Encoded Message Length.
throw new CryptographicException("OAEP Decode Error");
}
}
else
{// #2: Invalid Encoded Message Length.
throw new CryptographicException("OAEP Decode Error");
}
}
else // Standard : ftp://ftp.rsasecurity.com/pub/rsalabs/rsa_algorithm/rsa-oaep_spec.pdf
{//OAEP : THIS STADNARD IS NOT IMPLEMENTED
throw new CryptographicException("OAEP Decode Error");
}
}
else
{// #1: Invalid Encoded Message Length.
throw new CryptographicException("OAEP Decode Error");
}
}
else // DECODE PKCS v1.5
{
if (EM.Length >= 11)
{
if ((EM[0] == 0x00) && (EM[1] == 0x02))
{
int startIndex = 2;
List<byte> PS = new List<byte>();
for (int i = startIndex; i < EM.Length; i++)
{
if (EM[i] != 0)
{
PS.Add(EM[i]);
}
else
{
break;
}
}
if (PS.Count >= 8)
{
int DecodedDataIndex = startIndex + PS.Count + 1;
if (DecodedDataIndex < (EM.Length - 1))
{
List<byte> DATA = new List<byte>();
for (int i = DecodedDataIndex; i < EM.Length; i++)
{
DATA.Add(EM[i]);
}
return DATA.ToArray();
}
else
{
return new byte[0];
//throw new CryptographicException("PKCS v1.5 Decode Error #4: No Data");
}
}
else
{// #3: Invalid Key / Invalid Random Data Length
throw new CryptographicException("PKCS v1.5 Decode Error");
}
}
else
{// #2: Invalid Key / Invalid Identifiers
throw new CryptographicException("PKCS v1.5 Decode Error");
}
}
else
{// #1: Invalid Key / PKCS Encoding
throw new CryptographicException("PKCS v1.5 Decode Error");
}
}
}
catch (CryptographicException ex)
{
throw new CryptographicException("Exception while decoding: " + ex.Message);
}
catch
{
throw new CryptographicException("Exception while decoding");
}
}
#endregion
#region PUBLIC FUNCTIONS
/// <summary>
/// Encrypts the given message with RSA, performs OAEP Encoding.
/// </summary>
/// <param name="Message">Message to Encrypt. Maximum message length is (ModulusLengthInOctets - 2 * HashLengthInOctets - 2)</param>
/// <param name="OAEP_Params">Optional OAEP parameters. Normally Empty. But, must match the parameters while decryption.</param>
/// <param name="usePrivate">True to use Private key for encryption. False to use Public key.</param>
/// <returns>Encrypted message.</returns>
public byte[] Encrypt(byte[] Message, byte[] OAEP_Params, bool usePrivate)
{
return RSAProcessEncodeOAEP(Message, OAEP_Params, usePrivate);
}
/// <summary>
/// Encrypts the given message with RSA.
/// </summary>
/// <param name="Message">Message to Encrypt. Maximum message length is For OAEP [ModulusLengthInOctets - (2 * HashLengthInOctets) - 2] and for PKCS [ModulusLengthInOctets - 11]</param>
/// <param name="usePrivate">True to use Private key for encryption. False to use Public key.</param>
/// <param name="fOAEP">True to use OAEP encoding (Recommended), False to use PKCS v1.5 Padding.</param>
/// <returns>Encrypted message.</returns>
public byte[] Encrypt(byte[] Message, bool usePrivate, bool fOAEP)
{
if (fOAEP)
{
return RSAProcessEncodeOAEP(Message, new byte[0], usePrivate);
}
else
{
return RSAProcessEncodePKCS(Message, usePrivate);
}
}
/// <summary>
/// Encrypts the given message using RSA Public Key.
/// </summary>
/// <param name="Message">Message to Encrypt. Maximum message length is For OAEP [ModulusLengthInOctets - (2 * HashLengthInOctets) - 2] and for PKCS [ModulusLengthInOctets - 11]</param>
/// <param name="fOAEP">True to use OAEP encoding (Recommended), False to use PKCS v1.5 Padding.</param>
/// <returns>Encrypted message.</returns>
public byte[] Encrypt(byte[] Message, bool fOAEP)
{
if (fOAEP)
{
return RSAProcessEncodeOAEP(Message, new byte[0], false);
}
else
{
return RSAProcessEncodePKCS(Message, false);
}
}
/// <summary>
/// Decrypts the given RSA encrypted message.
/// </summary>
/// <param name="Message">The encrypted message.</param>
/// <param name="usePrivate">True to use Private key for decryption. False to use Public key.</param>
/// <param name="fOAEP">True to use OAEP.</param>
/// <returns>Encrypted byte array.</returns>
public byte[] Decrypt(byte[] Message, bool usePrivate, bool fOAEP)
{
return Decrypt(Message, new byte[0], usePrivate, fOAEP);
}
/// <summary>
/// Decrypts the given RSA encrypted message.
/// </summary>
/// <param name="Message">The encrypted message.</param>
/// <param name="OAEP_Params">Parameters to the OAEP algorithm (Must match the parameter while Encryption).</param>
/// <param name="usePrivate">True to use Private key for decryption. False to use Public key.</param>
/// <returns>Decrypted byte array.</returns>
public byte[] Decrypt(byte[] Message, byte[] OAEP_Params, bool usePrivate)
{
return Decrypt(Message, OAEP_Params, usePrivate, true);
}
/// <summary>
/// Decrypts the given RSA encrypted message using Private key.
/// </summary>
/// <param name="Message">The encrypted message.</param>
/// <param name="fOAEP">True to use OAEP.</param>
/// <returns>Decrypted byte array.</returns>
public byte[] Decrypt(byte[] Message, bool fOAEP)
{
return Decrypt(Message, new byte[0], true, fOAEP);
}
#endregion
}
}
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.