RSACryptoServiceProvider 无法在 Windows 上进行验证 [英] RSACryptoServiceProvider failed to verify on windows

问题描述

我正在尝试在 Java 中使用 RSA 私钥签名并在 C# 中进行验证.验证代码在我的带有 VS (xamarin) 的 iMac 上运行良好，但在 Windows 10 上总是返回 false.C# 代码在这里:

I am trying to sign with RSA private key in java and verify it in C#. The verify code works well on my iMac with VS (xamarin) but always returns false on Windows 10. The C# code is here:

RSAParameters rsaPars = new RSAParameters();

rsaPars.Modulus = Convert.FromBase64String("AKZXGikjSCLZT2CfhPguEA4ZDVEmCBwNvSVagkPFDnz3kLvbSXus51stJ7iUedocrGWgeilbVJoKP9cTqtZ8dyRwpokU55Kixk5JFf+5wS/SZtPs84eHPDfTC9C9Gg97/krFyGq7fikdoJpuRQBaBh1qqxGA6C+vzO49xGIiWeUA0+u9M2/PA/y7EhgZngKhhzGiU+KWhawctFAokCFX9kBhgmxVxM6EyJdD3RppEnhsza6VORHcnTnOgetZJML9WE7FX8sDO82DvnCv4UIR5YzN8W8nqLLp/RZyZkzmRGXIItUYW2VEvTV6/I2SVLNrKJNgKIYD2SOOSHXw/+RD5RcGFf1jsLP/ZF8JxAayywjDwCY0FsvyWHrWJMPPWQWPw30+Nk6pqY9OIiD/Z7xCTdmO6H8xV/SRyKRe8YdAS6Wuro6l/MnoPv+eqh/gc958RkC7BQmWtzN/UDbx/bqU4nJ2YLF37ZeKjMjqea7n3aOO/pwMQSqp96E/CImprm5lXdso+/RPzAslktMaTom++/4wtr4mxynDy+KPml9qDFCxHpvuIxF1w8fBaBKTpBXQlgi5o0ZdbXl5kalYjnkMbZ903bcSC1tEbhMVQCSJ5qvCulKWMWmbB5HWSx1QRcVkz0fUVuYfrm20m0MXSpgpZkGSU7gouI7W/Q9nMN9HCLUj");
rsaPars.Exponent = Convert.FromBase64String("AQAB");
string signature = "doBEnIGZXCtzI7Iwfl3akr2Jk+jtDloXjZeB8aeEmpoElpqPNevC3z9tNRC1yCsmECx9a92hj9E5Z2QXY5bvHxsxf9uH2INcdN4ORBQxWH5znI3qLIMVjXMJ7NM2g+5S64weCV3YDH8+93q2zUX/dvoJNYuUTn4ZeTZIoIuuIdHssZn+tRQt8smYX1FIbLnS+2catX76hfpgJPrAQE2eukDdnJ5S/mIN09+G4mI9a3n9FNUVr2b7+uUGfX9RabUQwHjZK64kUTWui+j1GEDKXf2Lb0TjTwM+AuAAwKcOHttoX8Np3z+AQsRQfQe8XFxyEWaVwgf77R+Xru0e+z2ASF392xpuDQDdDQoMuaKpFn6FvFgs5FHM1v/YGm3QD1IgJfslZ7DmHZh25g6kg5scj3D2nQtnM8CfPdQNIA8r4cjLgESgx5O30s/K5liNeTlGdIj+mhZZ8ZHldi+Kps5Tk/rtkWSkdKylzFb6p6JVZRRa7Ks0Z52oKoGVcPWQbALYu08I1KILynGwVIWy4fgf9BzvbAWhCnfkVynl5gfNaDKSuuysTEOM1l08YfeSnpR8D4NZeOJuKnZT1dKbHqNGpCK7sXpLaaP0UZhCcBfW55wBADE7vhbX5HcL3bXLbFbsrA5/CO9AHrz7f8Xx+VQdv+qS1YixzHb1o741c6EK6qw=";

byte[] dataToSign = Encoding.UTF8.GetBytes("Data to Sign");
using (RSACryptoServiceProvider RSA = new RSACryptoServiceProvider(4096))
{
    RSA.ImportParameters(rsaPars);
    Console.WriteLine(RSA.VerifyData(dataToSign, "SHA1", Convert.FromBase64String(signature)));
}

我在 mac 和 windows 上都运行了确切的代码.一开始我以为是编码问题.我在 mac 和 windows 上比较了这些原始数据，它们是一样的.如果我在 C# 代码中生成密钥，它在 Windows 上运行良好.

I ran the exact code on both mac and windows. At the beginning I thought it's encoding issue. I compared those raw data on mac and windowns and they were the same. If I generated the keys in the C# code, it worked fine on windows.

privateKey = RSAalg.ExportParameters(true);
publicKey = RSAalg.ExportParameters(false);

知道可能是什么问题吗?

Any idea what it could be the problem?

谢谢

推荐答案

您的 Modulus 值以 0x00 开头，大概是因为 Xamarin/Mono 导出不当.

Your Modulus value begins with an 0x00, presumably because Xamarin/Mono exported it improperly.

如果您重新编码您的模数值以删除前导 0x00(或执行类似操作

If you re-encode your modulus value to remove the leading 0x00 (or do something like

if (rsaPars.Modulus[0] == 0)
{
    byte[] tmp = new byte[rsaPars.Modulus.Length - 1];
    Buffer.BlockCopy(rsaPars.Modulus, 1, tmp, 0, tmp.Length);
    rsaPars.Modulus = tmp;
}

) 那么你的问题就会消失.

) then your problem should go away.

大概在 Windows 10 中发生了一些变化，它没有意识到前导字节是 0x00，所以它认为密钥大小是 4104(vs 4096)，并且由于签名是 512 字节(而不是 513)，它自动不正确".

Presumably something changed in Windows 10 where it doesn't realize the leading byte is 0x00, so it thinks the keysize is 4104 (vs 4096), and since the signature is 512 bytes (instead of 513) it's "automatically not correct".

理论上，另一种解决方法是在签名中添加一个填充字节；但使 Modulus 值与平台正确似乎更好.

Theoretically an alternative fix would be to add a padding byte to the signature, too; but making the Modulus value be platform-correct seems better.

这篇关于RSACryptoServiceProvider 无法在 Windows 上进行验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！