在DSA密码服务提供商中使用相同密钥签署相同数据时的结果不同 [英] Different results when signing same data with same keys in DSA cryptoservice provider

问题描述

我想建立一个小程序，可以发现文件/文件是否已被访问或使用DSA签名算法进行了修改。



我会给你这个小用于描述问题的示例代码。假设我们有一个文件c：\Temporary \Temp.txt。我们的程序中有2个按钮。当我们单击第一个按钮时，我们在文件名称和最后访问时间上创建数字签名，我们还导出参数并保存它们。在第二个按钮上单击，我们使用我们之前导出的参数重新创建同一文件上的符号，并将新签名与之前的签名进行比较。



这里的问题是该程序（alwaye）给我一个结果，该文件已被访问!!!!



我用调试器知道问题所在并发现所有变量值两个button_click事件之间是相同的，并且在签名过程中会出现差异。你能告诉我问题出在哪里吗？这是代码

I am tring to build a small program that can discover whether file/files has been accessed or modefied using DSA Signing algorithm.

I will give you this small example code to describe the essue. suppose that we have a file c:\Temporary\Temp.txt. We have in our program 2 buttons. When we click the first button we create a digital signature on the name of the file and the last access time on it, we also export the parameters and save them. On the second button click we recreate the sign on the same file using the parameters that we exported earlier and compare the new signature with the previous.

the problem here is that the program (alwaye) gives me a result that the file has been accessed !!!!

I used the debugger to know where the problem and found that all variables values are identical between the 2 button_click events, and the difference occures in the signing process. Would you please tell me where the problem is? Here is the code

using System;
using System.Collections;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.IO;
using System.Threading.Tasks;
using System.Windows.Forms;
using System.Data.SqlClient;
using System.Security.Cryptography;



namespace WindowsFormsApplication1
{
    public partial class Form1 : Form
    {
        string filename = @"C:\Temporary\Temp.txt";
        DSAParameters parameters;
        byte[] data_to_sign, signature;


    public Form1()
    {
        InitializeComponent();
    }

    private void Form1_Load(object sender, EventArgs e)
    {

    }

    private void Sign_button_Click(object sender, EventArgs e)
    {
        FileInfo f_info = new FileInfo(filename);
        string file_information = f_info.FullName + f_info.LastAccessTime;
        UnicodeEncoding byteEncoder = new UnicodeEncoding();
        data_to_sign = byteEncoder.GetBytes(file_information);
        DSACryptoServiceProvider dsaprovider = new DSACryptoServiceProvider();
        parameters = dsaprovider.ExportParameters(true);
        signature = dsaprovider.SignData(data_to_sign);
        label1.Text = " Signature generated";
    }

    private void Verify_button_Click(object sender, EventArgs e)
    {
        FileInfo f_info = new FileInfo(filename);
        string file_information = f_info.FullName + f_info.LastAccessTime;
        UnicodeEncoding byteEncoder = new UnicodeEncoding();
        data_to_sign = byteEncoder.GetBytes(file_information);
        DSACryptoServiceProvider dsaprovider2 = new DSACryptoServiceProvider();
        dsaprovider2.ImportParameters(parameters);
        byte [] signature2 = dsaprovider2.SignData(data_to_sign);
        if (signature == signature2)
            label1.Text = "The file hasn't been accessed";
        else
            label1.Text = "Opp... The file has been accessed";

    }

}
}

推荐答案

你签了一个使用en加密方法的文件...

所以获得不同结果是正确的。



签名意味着：

- Sender在发送之前根据数据计算哈希值

- Sender使用发件人私钥加密该哈希值

- Receiver根据收到的数据计算哈希值

- Receiver用发件人公钥解密发件人签名

- Receiver比较本地计算的哈希和解密的签名



我想VerifySignature （）执行步骤4）和5）



在步骤1）和3）中，您为加密或未加密的数据创建哈希值，您的选择只要发送者和接收器完全相同。



请注意，这与数据的实际加密无关，您甚至可以签署未加密的数据。另请注意，密钥的使用是相反的，通常使用接收方公钥加密。

you signing a file with en encryption method...
so it is correct to get different results.

Signing means:
- Sender calculates a hash from the data before sending
- Sender encrypts that hash with senders private key
- Receiver calculates hash from the received data
- Receiver decrypts senders signature with senders public key
- Receiver compares the locally calculated hash and the decrypted signature

I suppose VerifySignature() does steps 4) and 5)

In steps 1) and 3) you create the hash for the encrypted or unencrypted data, your choice as long as sender and receiver do it exactly the same.

Note that this is independent of the actual encryption of the data, you can even sign unencrypted data. Also note that the use of the keys is reversed, normally you encrypt with the receivers public key.

这篇关于在DSA密码服务提供商中使用相同密钥签署相同数据时的结果不同的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！