验证使用RSA 2048位密钥,SHA256算法和PKCSv1.5填充生成的签名 [英] Verify signature generated with RSA 2048-bit key, SHA256 algorithm and PKCSv1.5 padding
本文介绍了验证使用RSA 2048位密钥,SHA256算法和PKCSv1.5填充生成的签名的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我有一个UWA(通用Windows应用程序),它使用 KeyCredential.RequestSignAsync 方法。
I have a UWA (Universal Windows Application) signing some data with the KeyCredential.RequestSignAsync method.
签名是通过以下方式创建的:
The signature is created with:
- RSA 2048位密钥(可以使用 KeyCredential.RetrievePublicKey )
- 使用的哈希算法为SHA256
- 用于签名的填充是PKCSv1.5
并且可以在同一UWA中使用以下代码进行验证:
And can be validated in the same UWA with the following code:
public static bool VerifySignature(
IBuffer buffPublicKey,
IBuffer buffMessageData,
IBuffer buffSignature)
{
bool b = false;
// Open the algorithm provider
var algProv = AsymmetricKeyAlgorithmProvider.OpenAlgorithm(AsymmetricAlgorithmNames.RsaSignPkcs1Sha256);
// Import the public key
var ckey = algProv.ImportPublicKey(buffPublicKey);
// Verify
b = CryptographicEngine.VerifySignature(ckey, buffMessageData, buffSignature);
return b;
}
我需要验证该签名,但是在常规C#应用程序(不是UWA)中。在传输之前,使用 CryptographicBuffer.EncodeToBase64String 将公钥,消息和签名编码为base 64。
I need to verify that signature but in a regular C# application (not UWA). The Public Key, message and signature are being encoded to base 64 with CryptographicBuffer.EncodeToBase64String before being transferred.
因此,根据 System。我尝试使用的Security.Cryptography 名称空间:
public static bool VerifySignature(string base64PublicKey, string base64Data, string base64Signature)
{
bool b = false;
byte[] publicKey = Convert.FromBase64String(base64PublicKey);
byte[] data = Convert.FromBase64String(base64Data);
byte[] signature = Convert.FromBase64String(base64Signature);
using (var rsa = new RSACryptoServiceProvider(2048))
{
// Import public key
rsa.ImportCspBlob(publicKey);
// Create signature verifier with the rsa key
var signatureDeformatter = new RSAPKCS1SignatureDeformatter(rsa);
// Set the hash algorithm to SHA256.
signatureDeformatter.SetHashAlgorithm("SHA256");
b = signatureDeformatter.VerifySignature(data, siganture);
}
return b;
}
但是得到了 System.Security.Cryptography.CryptographicException ,其中:
But getting a System.Security.Cryptography.CryptographicException with Additional information: Bad Version of provider. in:
rsa.ImportCspBlob(publicKey);
rsa.ImportCspBlob(publicKey);
¿如何正确验证带有该公钥的签名?
编辑:样本值(以base64编码)
Sample values (base64 encoded)
- PublicKey:MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp6HzbSgZPkKfZJWWZFAKZHZWZHW / v4NbsQsFPbwIcc7CPOJe21VT + 7f6ocZ4kef0dqxUOGuK1FynrqzsAeYoaeTW + W / HElXODOEzZs3CfyE3d4hy3TTM / mVyQGV1FO / hHWB / zXq7ryQ8hXP / ueJimmJvitB7UweemRxvEYfVx52VVAgzg1RqVWeRj8L / obfm0lwQtIAHdDOnIi / cwpsyKQNikjMsf4dFgt14fcOgFdSG06jB840GnOsRZM04CWZQ9ttwAvoNGK / zjriRYGySQ4Ey0K0l5G3UVr56mQIDAQAB
- 数据:dGF0b0Bmcm9td2luMzIuY29t
- 签名:lWKRRgWBA2lBAfUvBS + 54s9kmHTH3nJwcv YYmjCg5QpWQ9joY7Rzpq0zZjOhyxASXoAN4Vz8 + mqSqPWi / 4DFH7947ZWZSbopPfxiI7jjDRMAVymG0B + dRVjiMow48ZvhgP / FGSZqeLAei77Z0aAmwN2TBxkClqBpt9uy + nkI7V / TJGAbbLcWfiPWNVOGsU0smoFDQLlJjkocahNSOqjj + 9PPFVqbc / VVHQWsSoq1ZxtCPILFwPCCtUCDITXrU / riGMFJ282p / 3rfhDJKYis9 / izR98 / zgBLRoCew8zu8Za4UNWaHaR3HP / 6voQI2NiVSKtss1VjvwjwXYIOh56yeSw ==
推荐答案
鉴于公钥是以 X509SubjectPublicKeyInfo 格式编码的 ASN.1 和 rsa.ImportCspBlob(publicKey)期望与非托管Microsoft加密API(CAPI)兼容的blob,我已经基于此解决方案提取公钥参数。
Given that the PublicKey is ASN.1 encoded in X509SubjectPublicKeyInfo format and that rsa.ImportCspBlob(publicKey) expects a blob that is compatible with the unmanaged Microsoft Cryptographic API (CAPI), I've created a helper method based on this solution that extracts the public key parameters.
使用以下代码,可以成功验证签名:
With the following code, the signature is verified successfuly:
using System;
using System.IO;
using System.Security.Cryptography;
namespace ConsoleApplication2
{
class Program
{
static void Main(string[] args)
{
var verified = false;
byte[] data = Convert.FromBase64String("dGF0b0Bmcm9td2luMzIuY29t");
byte[] signature = Convert.FromBase64String("lWKRRgWBA2lBAfUvBS+54s9kmHTH3nJwcvYYmjCg5QpWQ9joY7Rzpq0zZjOhyxASXoAN4Vz8+mqSqPWi/4DFH7947ZWZSbopPfxiI7jjDRMAVymG0B+dRVjiMow48ZvhgP/FGSZqeLAei77Z0aAmwN2TBxkClqBpt9uy+nkI7V/TJGAbbLcWfiPWNVOGsU0smoFDQLlJjkocahNSOqjj+9PPFVqbc/VVHQWsSoq1ZxtCPILFwPCCtUCDITXrU/riGMFJ282p/3rfhDJKYis9/izR98/zgBLRoCew8zu8Za4UNWaHaR3HP/6voQI2NiVSKtss1VjvwjwXYIOh56yeSw==");
byte[] publicKey = Convert.FromBase64String("MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp6HzbSgZPkJPfZJWydFAKdzUWlQcGHCTZhghg8HwHOfRZp3QZ/iiDORVzdIlW6XYPz76aAn8Nxm/v4NbsQsFPbwIcc7CPOJe21VT+7f6ocZ4kef0dqxUOGuK1FynrqzsAeYoaeTW+w/HElXODOEzZs3CfyE3d4hy3TTM/mVyQGV1FO/hHWB/zXq7ryQ8hXP/ueJimmJvitB7UweemRxvEYfVx52VVAgzg1RqVWeRj8L/obfm0lwQtIAHdDOnIi/cwpsyKQNikjMsf4dFgt14fcOgFdSG06jB840GnOsRZM04CWZQ9ttwAvoNGK/zjriRYGySQ4Ey0K0l5G3UVr56mQIDAQAB");
byte[] modulus;
byte[] exponent;
ExtractPublicKeyParameters(publicKey, out modulus, out exponent);
using (var rsa = new RSACryptoServiceProvider())
{
// Create parameters
var rsaParam = new RSAParameters()
{
Modulus = modulus,
Exponent = exponent
};
// Import public key
rsa.ImportParameters(rsaParam);
// Create signature verifier with the rsa key
var signatureDeformatter = new RSAPKCS1SignatureDeformatter(rsa);
// Set the hash algorithm to SHA256.
signatureDeformatter.SetHashAlgorithm("SHA256");
// Compute hash
byte[] hash;
using (SHA256 sha256 = SHA256.Create())
{
hash = sha256.ComputeHash(data);
}
verified = signatureDeformatter.VerifySignature(hash, signature);
}
}
// encoded OID sequence for PKCS #1 rsaEncryption szOID_RSA_RSA = "1.2.840.113549.1.1.1"
static readonly byte[] SeqOid = { 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00 };
public static void ExtractPublicKeyParameters(byte[] publicKey, out byte[] modulus, out byte[] exponent)
{
modulus = new byte[0];
exponent = new byte[0];
byte[] seq = new byte[15];
// --------- Set up stream to read the asn.1 encoded SubjectPublicKeyInfo blob ------
MemoryStream mem = new MemoryStream(publicKey);
BinaryReader binr = new BinaryReader(mem); //wrap Memory Stream with BinaryReader for easy reading
byte bt = 0;
ushort twobytes = 0;
try
{
twobytes = binr.ReadUInt16();
if (twobytes == 0x8130) //data read as little endian order (actual data order for Sequence is 30 81)
binr.ReadByte(); //advance 1 byte
else if (twobytes == 0x8230)
binr.ReadInt16(); //advance 2 bytes
else
return;
seq = binr.ReadBytes(15); //read the Sequence OID
if (!CompareBytearrays(seq, SeqOid)) //make sure Sequence for OID is correct
return;
twobytes = binr.ReadUInt16();
if (twobytes == 0x8103) //data read as little endian order (actual data order for Bit String is 03 81)
binr.ReadByte(); //advance 1 byte
else if (twobytes == 0x8203)
binr.ReadInt16(); //advance 2 bytes
else
return;
bt = binr.ReadByte();
if (bt != 0x00) //expect null byte next
return;
twobytes = binr.ReadUInt16();
if (twobytes == 0x8130) //data read as little endian order (actual data order for Sequence is 30 81)
binr.ReadByte(); //advance 1 byte
else if (twobytes == 0x8230)
binr.ReadInt16(); //advance 2 bytes
else
return;
twobytes = binr.ReadUInt16();
byte lowbyte = 0x00;
byte highbyte = 0x00;
if (twobytes == 0x8102) //data read as little endian order (actual data order for Integer is 02 81)
lowbyte = binr.ReadByte(); // read next bytes which is bytes in modulus
else if (twobytes == 0x8202)
{
highbyte = binr.ReadByte(); //advance 2 bytes
lowbyte = binr.ReadByte();
}
else
return;
byte[] modint = { lowbyte, highbyte, 0x00, 0x00 }; //reverse byte order since asn.1 key uses big endian order
int modsize = BitConverter.ToInt32(modint, 0);
int firstbyte = binr.PeekChar();
if (firstbyte == 0x00)
{ //if first byte (highest order) of modulus is zero, don't include it
binr.ReadByte(); //skip this null byte
modsize -= 1; //reduce modulus buffer size by 1
}
modulus = binr.ReadBytes(modsize); //read the modulus bytes
if (binr.ReadByte() != 0x02) //expect an Integer for the exponent data
return;
int expbytes = (int)binr.ReadByte(); // should only need one byte for actual exponent data (for all useful values)
exponent = binr.ReadBytes(expbytes);
}
finally
{
binr.Close();
}
}
private static bool CompareBytearrays(byte[] a, byte[] b)
{
if (a.Length != b.Length)
return false;
int i = 0;
foreach (byte c in a)
{
if (c != b[i])
return false;
i++;
}
return true;
}
}
}
这篇关于验证使用RSA 2048位密钥,SHA256算法和PKCSv1.5填充生成的签名的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
