如何签名文本文件? [英] How to sign a text file?

问题描述

我想签署一个纯文本文件.

尝试使用sn工具或SignTool的尝试失败:它们确实支持对程序集或任何exe/dll/...文件进行签名，但不支持文本文件.如果我仍然尝试使用这些工具，他们会抱怨文件格式未知.

我什至试图将test.txt文件重命名为test.dll，但都没有成功;-).

我以为这很容易，但是我找不到任何可以立即使用的解决方案.
也许你们中的一个可以对此有所掩饰.

我想到的是通过.NET Framework直接支持的XML签名. 以下伪代码为我的方法提供了一个思路:

I wanted to sign a plain text file.

The attempts to use the sn tool or the SignTool failed: they do support to sign assemblies or any exe/dll/... files, but no text files. If I try to nonetheless use those tools, they do complain that the file format is unknown.

I even tried to simply rename the test.txt file to test.dll but no success neither ;-).

I assumed this was a no-brainer, but I could not find any ready-to-use solution.
Maybe one of you could shade some light on this.

What I came up with is to go over XML signing which is directly supported by .NET Framework.
The followin pseudo code gives an idea on my approach:

public static string SignText(string unsignedText)
{
    var xmlDoc = WrapUnsignedTextIntoXml(unsignedText);

    var signedXmlDoc = SignXmlDoc(xmlDoc);

    var signatureXml = GetXmlTextFromXml(signedXmlDoc);
    var base64 = TextToBase64(signatureXml);
    var textSignature = WrapBase64IntoSignatureBlock(base64);

    var signedText = unsignedText + textSignature;

    return signedText;
}

public static bool VerifySignedText(string signedText)
{
    var {unsignedText, base64} = SplitTextAndSignature(signedText);
    var signatureXml = Base64ToText(base64);

    var signatureXmlNode = CreateXmlNodeFromSignature(signatureXml);
    var xmlDoc = WrapUnsignedTextIntoXml(unsignedText);
    var signedXmlDoc = CreateSignedXmlDoc(xmlDoc, signatureXmlNode);

    return VerifyXml(signedXmlDoc);
}

此方法基于如何:使用数字签名对XML文档进行签名 [如何:验证XML文档的数字签名 [

This approach bases on How to: Sign XML Documents with Digital Signatures[^] and How to: Verify the Digital Signatures of XML Documents[^].

The resulting signed text file would be something like:

This is a sample text with a signature that
verifies tha the integrity of the plain text is
not corrupted.

All whitespaces are relevant - no single character of the text must have changed.

2012-02-19/A.Gieriet

# BEGIN-SIGNATURE
# //48AFMAaQBnAG4AYQB0AHUAcgBlACAAeABtAGwAbgBzAD0AIgBoAHQAdABwADoALwAvAHcAdwB3
# AC4AdwAzAC4AbwByAGcALwAyADAAMAAwAC8AMAA5AC8AeABtAGwAZABzAGkAZwAjACIAPgA8AFMA
# aQBnAG4AZQBkAEkAbgBmAG8APgA8AEMAYQBuAG8AbgBpAGMAYQBsAGkAegBhAHQAaQBvAG4ATQBl
# AHQAaABvAGQAIABBAGwAZwBvAHIAaQB0AGgAbQA9ACIAaAB0AHQAcAA6AC8ALwB3AHcAdwAuAHcA
# MwAuAG8AcgBnAC8AVABSAC8AMgAwADAAMQAvAFIARQBDAC0AeABtAGwALQBjADEANABuAC0AMgAw
# ADAAMQAwADMAMQA1ACIAIAAvAD4APABTAGkAZwBuAGEAdAB1AHIAZQBNAGUAdABoAG8AZAAgAEEA
# bABnAG8AcgBpAHQAaABtAD0AIgBoAHQAdABwADoALwAvAHcAdwB3AC4AdwAzAC4AbwByAGcALwAy
# ADAAMAAwAC8AMAA5AC8AeABtAGwAZABzAGkAZwAjAHIAcwBhAC0AcwBoAGEAMQAiACAALwA+ADwA
# UgBlAGYAZQByAGUAbgBjAGUAIABVAFIASQA9ACIAIgA+ADwAVAByAGEAbgBzAGYAbwByAG0AcwA+
# ADwAVAByAGEAbgBzAGYAbwByAG0AIABBAGwAZwBvAHIAaQB0AGgAbQA9ACIAaAB0AHQAcAA6AC8A
# LwB3AHcAdwAuAHcAMwAuAG8AcgBnAC8AMgAwADAAMAAvADAAOQAvAHgAbQBsAGQAcwBpAGcAIwBl
# AG4AdgBlAGwAbwBwAGUAZAAtAHMAaQBnAG4AYQB0AHUAcgBlACIAIAAvAD4APAAvAFQAcgBhAG4A
# cwBmAG8AcgBtAHMAPgA8AEQAaQBnAGUAcwB0AE0AZQB0AGgAbwBkACAAQQBsAGcAbwByAGkAdABo
# AG0APQAiAGgAdAB0AHAAOgAvAC8AdwB3AHcALgB3ADMALgBvAHIAZwAvADIAMAAwADAALwAwADkA
# LwB4AG0AbABkAHMAaQBnACMAcwBoAGEAMQAiACAALwA+ADwARABpAGcAZQBzAHQAVgBhAGwAdQBl
# AD4ATABaAGoAbABSAHIAVQBVAHEAVQBrAGEARgBzAHIAdwBUAGYAeABNAGYAZABoAGYAMQBHAEEA
# PQA8AC8ARABpAGcAZQBzAHQAVgBhAGwAdQBlAD4APAAvAFIAZQBmAGUAcgBlAG4AYwBlAD4APAAv
# AFMAaQBnAG4AZQBkAEkAbgBmAG8APgA8AFMAaQBnAG4AYQB0AHUAcgBlAFYAYQBsAHUAZQA+AEkA
# KwB5AHAAaQBHADAAdgBhAGoAbABMADMATABjAHUAZgBFAHMANQBqAFkAUABRAHAARgA2AHMANQAv
# AEwALwBGAHkARABhAFMAaAA0ADkATAAxAEQATgBLAFQAWAB6AEQASABpAG4AdgBLAFcAKwBnAG0A
# MwA1AGkAcgBUAHYASAAvAEsASgBHAGYASwBZADUAOQBhAGoAZQBrAGEAUwBDAEwANQBUAGoATAAw
# ADIASwBCAGcASABGAEwAQgBmADEAaQBzAG0AaQA3AFEAdwBYAEYARgByAHMAQgB4ADIATABhADQA
# eQBGAEEAZwBPAHEAUwBuAGkAVQAwAEsAQgBaAE8AKwBWAGwAUgB3AEkAQgBJADcAWgBOADEAVwBR
# AEQASgBKADkASABTAEUAdwA3AEEATgB6AHEAagBsAE8AagBqAEMAcgBSAEQAdABVAGoAawA4AD0A
# PAAvAFMAaQBnAG4AYQB0AHUAcgBlAFYAYQBsAHUAZQA+ADwALwBTAGkAZwBuAGEAdAB1AHIAZQA+
# AA==
# END-SIGNATURE

或类似的C#文件:

Or similary for a C# file:

using System;
using System.IO;
using System.Security.Cryptography;
using System.Security.Cryptography.Xml;
using System.Text;
using System.Text.RegularExpressions;
using System.Xml;

namespace SigningText
{
    /// <summary>
    /// <seealso href="http://msdn.microsoft.com/en-us/library/ms229745.aspx"/>
    /// <seealso href="http://msdn.microsoft.com/en-us/library/ms229950.aspx"/>
    /// </summary>
    public class SignText
    {
        private static readonly AsymmetricAlgorithm RSAKEY = 
            new RSACryptoServiceProvider(new CspParameters() { KeyContainerName = "XML_DSIG_RSA_KEY" });
        private static readonly string NL = Environment.NewLine;
        private static readonly string BS = "BEGIN-SIGNATURE";
        private static readonly string ES = "END-SIGNATURE";
...
}

// BEGIN-SIGNATURE
// //48AFMAaQBnAG4AYQB0AHUAcgBlACAAeABtAGwAbgBzAD0AIgBoAHQAdABwADoALwAvAHcAdwB3
// AC4AdwAzAC4AbwByAGcALwAyADAAMAAwAC8AMAA5AC8AeABtAGwAZABzAGkAZwAjACIAPgA8AFMA
// aQBnAG4AZQBkAEkAbgBmAG8APgA8AEMAYQBuAG8AbgBpAGMAYQBsAGkAegBhAHQAaQBvAG4ATQBl
// AHQAaABvAGQAIABBAGwAZwBvAHIAaQB0AGgAbQA9ACIAaAB0AHQAcAA6AC8ALwB3AHcAdwAuAHcA
// MwAuAG8AcgBnAC8AVABSAC8AMgAwADAAMQAvAFIARQBDAC0AeABtAGwALQBjADEANABuAC0AMgAw
// ADAAMQAwADMAMQA1ACIAIAAvAD4APABTAGkAZwBuAGEAdAB1AHIAZQBNAGUAdABoAG8AZAAgAEEA
// bABnAG8AcgBpAHQAaABtAD0AIgBoAHQAdABwADoALwAvAHcAdwB3AC4AdwAzAC4AbwByAGcALwAy
// ADAAMAAwAC8AMAA5AC8AeABtAGwAZABzAGkAZwAjAHIAcwBhAC0AcwBoAGEAMQAiACAALwA+ADwA
// UgBlAGYAZQByAGUAbgBjAGUAIABVAFIASQA9ACIAIgA+ADwAVAByAGEAbgBzAGYAbwByAG0AcwA+
// ADwAVAByAGEAbgBzAGYAbwByAG0AIABBAGwAZwBvAHIAaQB0AGgAbQA9ACIAaAB0AHQAcAA6AC8A
// LwB3AHcAdwAuAHcAMwAuAG8AcgBnAC8AMgAwADAAMAAvADAAOQAvAHgAbQBsAGQAcwBpAGcAIwBl
// AG4AdgBlAGwAbwBwAGUAZAAtAHMAaQBnAG4AYQB0AHUAcgBlACIAIAAvAD4APAAvAFQAcgBhAG4A
// cwBmAG8AcgBtAHMAPgA8AEQAaQBnAGUAcwB0AE0AZQB0AGgAbwBkACAAQQBsAGcAbwByAGkAdABo
// AG0APQAiAGgAdAB0AHAAOgAvAC8AdwB3AHcALgB3ADMALgBvAHIAZwAvADIAMAAwADAALwAwADkA
// LwB4AG0AbABkAHMAaQBnACMAcwBoAGEAMQAiACAALwA+ADwARABpAGcAZQBzAHQAVgBhAGwAdQBl
// AD4AbwBiAGwAVwBDAGUAbABrAEwAdABPAFEARgBVAGkATwBzAEkATQBwAEEARABhACsAUwA1AGcA
// PQA8AC8ARABpAGcAZQBzAHQAVgBhAGwAdQBlAD4APAAvAFIAZQBmAGUAcgBlAG4AYwBlAD4APAAv
// AFMAaQBnAG4AZQBkAEkAbgBmAG8APgA8AFMAaQBnAG4AYQB0AHUAcgBlAFYAYQBsAHUAZQA+AFoA
// SgBhADIAVwBWADYAYgB5AE0AbQAxAGwAYgBwAE0AbgBwAHYAYwBGAG0ATgB1AFcAVgBCAHUANABp
// AHQAeQBHAGgAcgBJAFAAdgBqADMAaQBWAG0AWgArADUAbwA4AGwAYwBIAEIAVQA0AE0AbgB4AGcA
// ZwBXAGUAagBUAEsATwBRAG0AdQBoAGgAUwBwAHgATABJADAANABuAE0AKwBoAEcAeABmAFoARABN
// AGMANAAzAGoARQBDAEkAOQBOAGEAQQAxAFAAegBqACsAMABUADMAaQBtAGYAZgBUAEMATwBVAEYA
// VwArAFEAWQB0AHkAegBuAFQASQBBAE4ANgBoAEsAQwBmADEAYwBQAHQAbQBiAGEAbQBiAEEAbwBt
// AGoAQwBaAGoAMgAvAE8ASgBCAC8AYQA1AGkARwAyAE0ATwBsADUAZAAzAFUASwBwAHIAZQBFAD0A
// PAAvAFMAaQBnAG4AYQB0AHUAcgBlAFYAYQBsAHUAZQA+ADwALwBTAGkAZwBuAGEAdAB1AHIAZQA+
// AA==
// END-SIGNATURE

我仍然假设有一种更简单，更直接的方法来解决此问题，这是我想要将签名附加到纯文本文件的要求，如上面的示例所示.

非常感谢任何提示.

谢谢

Andi

I still assume that there is some simpler and more straight forward way to solve this under the requirement that I want to append the signature to the plain text file as shown in the examples above.

Any hint is very much appreciated.

Thanks

Andi

推荐答案

因此，您要确保没有人更改文本文件的内容，这是不是吗?
可能的解决方案的粗略概述:
读取文件的文本，应用哈希函数，使用非对称加密函数的私钥对哈希进行加密.添加一个新行，其中包含加密的哈希值(使用BASE64或其他文本格式编码).
当您要检查内容时，请读取最后一行以外的文件，使用相同的哈希函数，然后将结果与存储的哈希值的解密进行比较.

So you want to make sure that nobody changed the contents of the text file, that''s the point isn''t it?
A rough outline of a possible solution:
Read the text of the file, apply a hash function, encrypt the hash using your private key of a non-symmetric encryption function. Add a new line containing the encrypted hash value (encoded in BASE64 or something textual).
When you want to check the contents, read the file excluding that last line, use the same hash function and compare the result with the de-cryption of the stored hash value.

这篇关于如何签名文本文件?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！