C＃/。NET加密：使用Base64 EN codeD公钥来验证RSA签名 [英] C# / .NET crypto: Using Base64 encoded Public Key to verify RSA signature

问题描述

在简单地说，这是我的问题：

 私人字符串publicKeyString = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDVGUzbydMZS+fnkGTsUkDKEyFOGwghR234d5GjPnMIC0RFtXtw2tdcNM8I9Qk+h6fnPHiA7r27iHBfdxTP3oegQJWpbY2RMwSmOs02eQqpKx4QtIjWqkKk2Gmck5cll9GCoI8AUAA5e0D02T0ZgINDmo5yGPhGAAmqYrm8YiupwQIDAQAB";

/ *需要一些改造，采用publicKeyString启动一个新的RSACryptoServiceProvider对象
* /

//目前：
的RSACryptoServiceProvider RS​​A =新的RSACryptoServiceProvider（）;

byte []的selfComputedHash =新的字节[]; //冷落的例子
byte []的签名=新的字节[];

布尔结果= rsa.VerifyHash（selfComputedHash，CryptoConfig.MapNameToOID（SHA1），签字）;
 

正如你所看到的，问题就开始了新的RSACryptoServiceProvider给定的Base64 EN codeD公共密钥字符串。我已经能够做到使用对象RSAP​​arameters的实例，装入的byte []的为系数和指数从使用OpenSSL的shell命令这个公共密钥字符串导出。但是，由于这种公共密钥可以改变未来我希望能够将它存放在其原来的形式在数据库中。必须有处理这个问题的更直接的方法。

很多，我读了那么通过导出和导入生成私钥和公钥，并从一个密钥容器对象远避免这个问题，并用它在同一块code，因此不会例子转移中一些字符串形式的关键内存不足。有些人有恩pressed同样的问题，都在这里的计算器和其他网站上，但我一直没能找到一个满意的答案。

任何想法的非常欢迎。

背景信息： 我的通信伙伴计算出一个20字节的SHA1哈希从可变长度的输入字符串，包含在ASCII EN codeD消息的几个字段的信息构成。这个hash然后与我的合作伙伴的私钥RSA签名，并连同ASCII留言给我送。抵达后，我计算SHA1哈希自己，使用相同的字段由ASCII消息，然后尝试验证，如果这些领域都无法通过调用VerifyHash改变。

关键是在2形式提供：定期和NONL。所述NONL版本包括在code以上，普通版本是这样的：

  ----- BEGIN公钥-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDVGUzbydMZS + fnkGTsUkDKEyFO
GwghR234d5GjPnMIC0RFtXtw2tdcNM8I9Qk + h6fnPHiA7r27iHBfdxTP3oegQJWp
bY2R​​MwSmOs02eQqpKx4QtIjWqkKk2Gmck5cll9GCoI8AUAA5e0D02T0ZgINDmo5y
GPhGAAmqYrm8YiupwQIDAQAB
----- END公钥-----
 

解决方案

您的字符串是 SubjectPublicKeyInfo进行。您可以使用 Bouncycastle.net 脱code这样的：

 字节[] publicKeyBytes = Convert.FromBase64String（publicKeyString）;
AsymmetricKeyParameter asymmetricKeyParameter = PublicKeyFactory.CreateKey（publicKeyBytes）;
RsaKeyParameters rsaKeyParameters =（RsaKeyParameters）asymmetricKeyParameter;
RSAParameters rsaParameters =新RSAParameters（）;
rsaParameters.Modulus = rsaKeyParameters.Modulus.ToByteArrayUnsigned（）;
rsaParameters.Exponent = rsaKeyParameters.Exponent.ToByteArrayUnsigned（）;
的RSACryptoServiceProvider RS​​A =新的RSACryptoServiceProvider（）;
rsa.ImportParameters（rsaParameters）;
 

In a nutshell, this is my problem:

private string publicKeyString = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDVGUzbydMZS+fnkGTsUkDKEyFOGwghR234d5GjPnMIC0RFtXtw2tdcNM8I9Qk+h6fnPHiA7r27iHBfdxTP3oegQJWpbY2RMwSmOs02eQqpKx4QtIjWqkKk2Gmck5cll9GCoI8AUAA5e0D02T0ZgINDmo5yGPhGAAmqYrm8YiupwQIDAQAB";

/* Some transformation required, using publicKeyString to initiate a new RSACryptoServiceProvider object
*/

//for now:
RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();

byte[] selfComputedHash = new byte[]; //left out of the example
byte[] signature = new byte[];

bool result = rsa.VerifyHash(selfComputedHash, CryptoConfig.MapNameToOID("SHA1"), signature);

As you can see, the problem is initiating a new RSACryptoServiceProvider with the given Base64 encoded public key string. I've been able to do the instantiation using an object RSAParameters, loaded with the byte[]'s for Modulus and Exponent derived from this public key string using an OpenSSL shell command. But since this public key may change in the future I want to be able to store it in its original form in a database. There must be a more straightforward way of dealing with this.

A lot of the examples I've read so far avoid this problem by exporting and importing the generated private and public keys to and from a key-container object and use it in the same piece of code and thus not 'transferring' the key in some string form out of memory. Some people have expressed the same problem, both here on StackOverflow and on other sites, but I have not been able to find a satisfying answer yet.

Any idea's are more than welcome.

Background info: My communication partner computes a 20-byte SHA1-hash from an input string of variable length, composed of the information contained in several fields of an ASCII encoded message. This hash is then RSA-signed with my partner's private key and sent along with the ASCII message to me. Upon arrival, I compute the SHA1 hash myself, using the same fields from the ASCII message and then try to verify if these fields were not altered by calling VerifyHash.

The key is provided in 2 forms: regular and 'noNL'. The noNL version is included in the code above, the regular version is this:

-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDVGUzbydMZS+fnkGTsUkDKEyFO
GwghR234d5GjPnMIC0RFtXtw2tdcNM8I9Qk+h6fnPHiA7r27iHBfdxTP3oegQJWp
bY2RMwSmOs02eQqpKx4QtIjWqkKk2Gmck5cll9GCoI8AUAA5e0D02T0ZgINDmo5y
GPhGAAmqYrm8YiupwQIDAQAB
-----END PUBLIC KEY-----

解决方案

Your string is the base64 encoding of a SubjectPublicKeyInfo. You can use Bouncycastle.net to decode it like this:

byte[] publicKeyBytes = Convert.FromBase64String(publicKeyString);
AsymmetricKeyParameter asymmetricKeyParameter = PublicKeyFactory.CreateKey(publicKeyBytes);
RsaKeyParameters rsaKeyParameters = (RsaKeyParameters) asymmetricKeyParameter;
RSAParameters rsaParameters = new RSAParameters();
rsaParameters.Modulus = rsaKeyParameters.Modulus.ToByteArrayUnsigned();
rsaParameters.Exponent = rsaKeyParameters.Exponent.ToByteArrayUnsigned();
RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();
rsa.ImportParameters(rsaParameters);

这篇关于C＃/。NET加密：使用Base64 EN codeD公钥来验证RSA签名的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！