确保与RSA密钥许可证密钥 [英] Securing a license key with RSA key

问题描述

这是晚了，我累了，而且很可能是相当密集....

我写，我需要保护，因此将只运行一个应用程序关于我生成一个密钥的机器。
什么我现在做的越来越BIOS中的序列号和生成从哈希，然后我正在使用XML RSA私钥加密的。然后，我签署XML，以确保它不被篡改。
我想打包公钥来解密和验证与签名，但每次我试图执行的代码为不同的用户比产生的签名我得到签名的失败之一。

我的大部分代码是从示例代码修改，我发现因为我不熟悉RSA加密，我想是。下面是我使用的代码，我想我需要用它来得到这个工作的权利......

代码

任何反馈将不胜感激，因为我很失落在这一点上
我与这是工作的原代码，这个代码工作正常，只要用户启动程序是签署了该文件最初...

$是同一个b $ b

  CspParameters cspParams =新CspParameters（）; 
 cspParams.KeyContainerName =XML_DSIG_RSA_KEY; 
 cspParams.Flags = CspProviderFlags.UseMachineKeyStore; 
 
 //创建一个新的RSA签名密钥并将其保存在容器中。 
的RSACryptoServiceProvider rsaKey =新的RSACryptoServiceProvider（cspParams）
 {
 PersistKeyInCsp = TRUE，
}; 
  

这代码是什么，我相信我应该做的，但它的失败验证签名不管我做的，如果不管它是相同的用户或一个不同的...

 的RSACryptoServiceProvider rsaKey =新的RSACryptoServiceProvider（）; 
 //将XML文件
 XmlDocument的私钥xmlPrivateKey =新的XmlDocument（）; 
 xmlPrivateKey.Load（KeyPriv.xml）; 
 rsaKey.FromXmlString（xmlPrivateKey.InnerXml）; 
  

我认为这有什么做的密钥容器名称（作为一个真正的笨蛋在这里，请原谅我）我敢肯定，这是既使其在第一种情况下工作，并防止它在第二种情况下....

<$ p工作线$ p> cspParams.KeyContainerName =XML_DSIG_RSA_KEY;


有没有让我签字/当应用程序的许可证是用私钥加密XML的方式生成，然后滴在app目录，并用它来验证/解密代码中的公钥呢？我可以删除加密的一部分，如果我能得到签名部分工作的权利。我用它来作为备份，混淆我从键控许可证代码的由来。

是否有这样有意义吗？
我是一个总的笨蛋吗？

感谢任何帮助任何人都可以给我这个..

解决方案

我用这个方法来注册使用存储在一个XML文件，我再嵌入到应用程序.dll文件作为资源私钥XML文档。我想你可以使用权限挣扎访问密钥库，这也将造成麻烦的代码转移到其他服务器等。

下面是代码即可获得私钥作为嵌入资源，并签署文件：
（符号是这个方法位于类的名称，Licensing.Private.Private.xml是默认的命名空间+文件夹+资源的文件名的组合）

 公共静态无效SignDocument（的XmlDocument xmlDoc中）
 {
 //从嵌入XML的XML内容privatekey。 
流S = NULL; 
串xmlkey =的String.Empty; 
试
 {
 S = typeof运算（标志）.Assembly.GetManifestResourceStream（Licensing.Private.Private.xml）; 
 
 //读入XML内容。 
 StreamReader的读者=新的StreamReader（S）; 
 xmlkey = reader.ReadToEnd（）; 
 reader.Close（）; 
} 
赶上（例外五）
 {
抛出新的异常（错误：无法导入密钥，E）; 
} 
 
 //创建从嵌入
 // XML文档资源的RSA加密服务提供商（私钥）。 
的RSACryptoServiceProvider CSP =新的RSACryptoServiceProvider（）; 
 csp.FromXmlString（xmlkey）; 
 //创建XML签名的对象。 
 SignedXml sxml =新SignedXml（xmlDoc中）; 
 sxml.SigningKey = CSP; 
 
 //设置文档的规范化方法。 
 sxml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigCanonicalizationUrl; // 没意见。 
 
 //创建中的XPath转型的空引用（而不是笼罩）。 
参考R =新的参考（）; 
 
 //创建XPath转换并把它添加到参考列表。 
 r.AddTransform（新XmlDsigEnvelopedSignatureTransform（假））; 
 
 //添加参考SignedXml对象。 
 sxml.AddReference（R）; 
 
 //计算签名。 
 sxml.ComputeSignature（）; 
 
 //获取签名XML并将其添加到文档元素。 
的XmlElement SIG = sxml.GetXml（）; 
 xmldoc.DocumentElement.AppendChild（SIG）; 
} 
  

使用下面的代码生成private.xml和public.xml键。 。保持private.xml文件的安全，显然

 的RSACryptoServiceProvider RS​​A =新的RSACryptoServiceProvider（）; 
 File.WriteAllText（@C：\privateKey.xml，rsa.ToXmlString（真））; //私钥
 File.WriteAllText（@C：\publicKey.xml，rsa.ToXmlString（假））; //公钥
  

it's late, I'm tired, and probably being quite dense....

I have written an application that I need to secure so it will only run on machines that I generate a key for. What I am doing for now is getting the BIOS serial number and generating a hash from that, I then am encrypting it using a XML RSA private key. I then sign the XML to ensure that it is not tampered with. I am trying to package the public key to decrypt and verify the signature with, but every time I try to execute the code as a different user than the one that generated the signature I get a failure on the signature.

Most of my code is modified from sample code I have found since I am not as familiar with RSA encryption as I would like to be. Below is the code I was using and the code I thought I needed to use to get this working right...

Any feedback would be greatly appreciated as I am quite lost at this point the original code I was working with was this, this code works fine as long as the user launching the program is the same one that signed the document originally...

 CspParameters cspParams = new CspParameters();
            cspParams.KeyContainerName = "XML_DSIG_RSA_KEY";
            cspParams.Flags = CspProviderFlags.UseMachineKeyStore;

            // Create a new RSA signing key and save it in the container. 
            RSACryptoServiceProvider rsaKey = new RSACryptoServiceProvider(cspParams)
            {
                PersistKeyInCsp = true,
            };

This code is what I believe I should be doing but it's failing to verify the signature no matter what I do, regardless if it's the same user or a different one...

RSACryptoServiceProvider rsaKey = new RSACryptoServiceProvider();
            //Load the private key from xml file
            XmlDocument xmlPrivateKey = new XmlDocument();
            xmlPrivateKey.Load("KeyPriv.xml");
            rsaKey.FromXmlString(xmlPrivateKey.InnerXml);

I believe this to have something to do with the key container name (Being a real dumbass here please excuse me) I am quite certain that this is the line that is both causing it to work in the first case and preventing it from working in the second case....

cspParams.KeyContainerName = "XML_DSIG_RSA_KEY";

Is there a way for me to sign/encrypt the XML with a private key when the application license is generated and then drop the public key in the app directory and use that to verify/decrypt the code? I can drop the encryption part if I can get the signature part working right. I was using it as a backup to obfuscate the origin of the license code I am keying from.

Does any of this make sense? Am I a total dunce?

Thanks for any help anyone can give me in this..

解决方案

I used this method to sign xml documents using a private key stored in an xml file that I then embedded into the application .dll as a resource. I think you may be struggling with permissions accessing the keystore, and this would also create hassles transferring the code to other servers etc.

Here is the code to get the private key as an embedded resource and sign the document: (Sign is the name of the class this method is located in, Licensing.Private.Private.xml is a combination of the default namespace + folder + filename of the resource)

public static void SignDocument(XmlDocument xmldoc)
{
    //Get the XML content from the embedded XML privatekey.
    Stream s = null;
    string xmlkey = string.Empty;
    try
    {
        s = typeof(Sign).Assembly.GetManifestResourceStream("Licensing.Private.Private.xml");

        // Read-in the XML content.
        StreamReader reader = new StreamReader(s);
        xmlkey = reader.ReadToEnd();
        reader.Close();
    }
    catch (Exception e)
    {
        throw new Exception("Error: could not import key:",e);
    }

    // Create an RSA crypto service provider from the embedded
    // XML document resource (the private key).
    RSACryptoServiceProvider csp = new RSACryptoServiceProvider();
    csp.FromXmlString(xmlkey);
    //Creating the XML signing object.
    SignedXml sxml = new SignedXml(xmldoc);
    sxml.SigningKey = csp;

    //Set the canonicalization method for the document.
    sxml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigCanonicalizationUrl; // No comments.

    //Create an empty reference (not enveloped) for the XPath transformation.
    Reference r = new Reference("");

    //Create the XPath transform and add it to the reference list.
    r.AddTransform(new XmlDsigEnvelopedSignatureTransform(false));

    //Add the reference to the SignedXml object.
    sxml.AddReference(r);

    //Compute the signature.
    sxml.ComputeSignature();

    // Get the signature XML and add it to the document element.
    XmlElement sig = sxml.GetXml();
    xmldoc.DocumentElement.AppendChild(sig);
}

Use the following code the generate the private.xml and public.xml keys. Keep the private.xml file secure, obviously.

RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();
File.WriteAllText(@"C:\privateKey.xml", rsa.ToXmlString(true));  // Private Key
File.WriteAllText(@"C:\publicKey.xml", rsa.ToXmlString(false));  // Public Key

这篇关于确保与RSA密钥许可证密钥的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！