使用MD5-SHA1哈希算法的RSA签名 [英] RSA Signing using MD5-SHA1 Hash Algorithm

问题描述

据我所知，TLS 1.1要求使用两个哈希算法(MD5和SHA1)的并置，将CertificateVerify消息的内容作为数字签名的值.使用RSACryptoServiceProvider在.NET中可以做到这一点吗?

From what I can tell, TLS 1.1 requires the contents of the CertificateVerify message to be a digitally signed value using the concatenation of two hash algorithms (MD5 and SHA1). Is this possible to do in .NET using the RSACryptoServiceProvider?

这不起作用:

using (var rsa = new RSACryptoServiceProvider())
{
    rsa.ImportParameters(...);
    rsa.SignData(data, new MD5SHA1());
}

这也不起作用:

using (var rsa = new RSACryptoServiceProvider())
{
    rsa.ImportParameters(...);
    rsa.SignHash(new MD5SHA1().ComputeHash(data), "MD5SHA1");
}

(MD5SHA1是HashAlgorithm的实现.)

(MD5SHA1 is an implementation of HashAlgorithm.)

这大概不起作用，因为签名嵌入了哈希算法的OID，并且MD5-SHA1没有有效的OID. .NET有可能吗?我误解了TLS 1.1吗?

Presumably this does not work because the signature embeds the OID of the hash algorithm, and MD5-SHA1 does not have a valid OID. Is this possible in .NET? Am I misunderstanding TLS 1.1?

推荐答案

万一它对其他人有帮助，我可以使用BigInteger类来完成这项工作. TLS 1.1中所谓的签名"实际上只是私钥加密，可以使用BigInteger数学来完成.

In case it helps anyone else, I used the BigInteger class to make this work. What is called "signing" in TLS 1.1 is really just private-key encryption, which can be done using BigInteger math.

签名

var hash = new MD5SHA1().ComputeHash(data);
var input = new BigInteger(hash);
return input.ModPow(new BigInteger(privateExponent),
                    new BigInteger(modulus)).GetBytes();

验证

var hash = new MD5SHA1().ComputeHash(data);
var input = new BigInteger(signature);
var output = input.ModPow(new BigInteger(publicExponent),
                          new BigInteger(modulus)).GetBytes();
var rehash = SubArray(output, output.Length - 36);
return SequencesAreEqual(hash, rehash);

注意，您仍然必须将填充内容添加到输出中. (0x0001FFFFFF ... FF00 {data})

Note that you still have to add padding yourself to the output. (0x0001FFFFFF...FF00{data})

可以使用CRT参数(p，q等)优化签名，但这又是一个问题.

Signing can be optimized using CRT parameters (p, q, etc.), but that's a problem for another day.

这篇关于使用MD5-SHA1哈希算法的RSA签名的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！