使用MD5-SHA1哈希算法的RSA签名 [英] RSA Signing using MD5-SHA1 Hash Algorithm
问题描述
据我所知,TLS 1.1要求使用两个哈希算法(MD5和SHA1)的并置,将CertificateVerify消息的内容作为数字签名的值.使用RSACryptoServiceProvider在.NET中可以做到这一点吗?
From what I can tell, TLS 1.1 requires the contents of the CertificateVerify message to be a digitally signed value using the concatenation of two hash algorithms (MD5 and SHA1). Is this possible to do in .NET using the RSACryptoServiceProvider?
这不起作用:
using (var rsa = new RSACryptoServiceProvider())
{
rsa.ImportParameters(...);
rsa.SignData(data, new MD5SHA1());
}
这也不起作用:
using (var rsa = new RSACryptoServiceProvider())
{
rsa.ImportParameters(...);
rsa.SignHash(new MD5SHA1().ComputeHash(data), "MD5SHA1");
}
(MD5SHA1是HashAlgorithm的实现.)
(MD5SHA1 is an implementation of HashAlgorithm.)
这大概不起作用,因为签名嵌入了哈希算法的OID,并且MD5-SHA1没有有效的OID. .NET有可能吗?我误解了TLS 1.1吗?
Presumably this does not work because the signature embeds the OID of the hash algorithm, and MD5-SHA1 does not have a valid OID. Is this possible in .NET? Am I misunderstanding TLS 1.1?
推荐答案
万一它对其他人有帮助,我可以使用BigInteger类来完成这项工作. TLS 1.1中所谓的签名"实际上只是私钥加密,可以使用BigInteger数学来完成.
In case it helps anyone else, I used the BigInteger class to make this work. What is called "signing" in TLS 1.1 is really just private-key encryption, which can be done using BigInteger math.
签名
var hash = new MD5SHA1().ComputeHash(data);
var input = new BigInteger(hash);
return input.ModPow(new BigInteger(privateExponent),
new BigInteger(modulus)).GetBytes();
验证
var hash = new MD5SHA1().ComputeHash(data);
var input = new BigInteger(signature);
var output = input.ModPow(new BigInteger(publicExponent),
new BigInteger(modulus)).GetBytes();
var rehash = SubArray(output, output.Length - 36);
return SequencesAreEqual(hash, rehash);
注意,您仍然必须将填充内容添加到输出中. (0x0001FFFFFF ... FF00 {data})
Note that you still have to add padding yourself to the output. (0x0001FFFFFF...FF00{data})
可以使用CRT参数(p,q等)优化签名,但这又是一个问题.
Signing can be optimized using CRT parameters (p, q, etc.), but that's a problem for another day.
这篇关于使用MD5-SHA1哈希算法的RSA签名的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!