如何将openssl_pkey_get_public和openssl_verify转换为C＃.NET [英] How to convert openssl_pkey_get_public and openssl_verify to C# .NET

问题描述

PHP代码验证银行提供的iPizza签名：

  $ key = openssl_pkey_get_public（file_get_contents（$ preferences ['bank_certificate']） ）; 
 if（！openssl_verify（$ data，$ signature，$ key））{
 trigger_error（ Invalid signature，E_USER_ERROR）; 
} 
  

我尝试使用

$ b将其转换为ASP .NET
$ b

  SHA1CryptoServiceProvider sha1 =新的SHA1CryptoServiceProvider（）; 
 X509Certificate2 cert = new X509Certificate2（HttpContext.Current.Request.MapPath（〜/ App_Data / bankert.crt），）; 
 RSACryptoServiceProvider rsaCryptoIPT = new RSACryptoServiceProvider（）; 
 rsaCryptoIPT.ImportCspBlob（cert.RawData）; 
 if（！rsaCryptoIPT.VerifyData（data，CryptoConfig.MapNameToOID（ SHA1），签名））
抛出new InvalidOperationException（来自银行的无效签名）; 
  

但是行rsaCryptoIPT.ImportCspBlob（cert.RawData）导致Cryptography.CryptographicException无效的提供程序版本：

  StackTrace：
在System.Security.Cryptography.CryptographicException.ThrowCryptogaphicException（Int32 hr）
在System.Security。 Cryptography.Utils._ImportCspBlob（Byte [] keyBlob，SafeProvHandle hProv，CspProviderFlags flags，SafeKeyHandle&hKey）
 at System.Security.Cryptography.Utils.ImportCspBlobHelper（CspAlgorithmType keyType，Byte [] ，Boolean randomKeyContainer，SafeProvHandle& safeProvHandle，SafeKeyHandle& safeKeyHandle）
，位于System.Security.Cryptography.RSACryptoServiceProvider.ImportCspBlob（Byte [] keyBlob）
 ... 
  

如何修复？

bank_certificate文件包含

--- BEGIN证书----- MIIDRTCCAq6gAwIBAg $＃ blockquote>

更新：我根据tyranid的答案更改了代码

  var cert = new X509Certificate2（HttpContext.Current.Request.MapPath（〜/ App_Data / banksert.crt），）; 
 var rsaCryptoIPT =（RSACryptoServiceProvider）cert.PublicKey.Key; 
 var sha1 = new SHA1CryptoServiceProvider（）; 
 if（！rsaCryptoIPT.VerifyData（data，sha1，signature））
 throw new InvalidOperationException（来自银行的无效签名）; 
  

此代码导致银行异常导致无效签名。中的检查证书对象显示证书数据。
如何解决此问题，以便验证签名？
调试器显示银行证书的有效日期已过期。

我可以成功地对数据签名，银行可以使用代码接受签名

  SHA1CryptoServiceProvider sha1 =新的SHA1CryptoServiceProvider（）; 
 X509Certificate2 cert = new X509Certificate2（HttpContext.Current.Request.MapPath（〜/ App_Data / P12File.p12），）; 
 RSACryptoServiceProvider rsaCryptoIPT =（RSACryptoServiceProvider）cert.PrivateKey; 
 byte [] binSignature = rsaCryptoIPT.SignData（binData，sha1）; 
  

验证银行签名应与此过程相反，使用相同的算法。如何验证签名？

解决方案

您是否安装了增强型加密提供程序？
实际上，不依赖于加密提供者，您可以使用其他库，这些库以本机代码实现所有加密内容。我知道EldoS SecureBlackbox（商业）和Bouncy Castle（免费），但是市场上可能还有其他图书馆。

PHP code verifies iPizza signature from bank:

$key = openssl_pkey_get_public (file_get_contents ($preferences['bank_certificate'])); 
if (!openssl_verify ($data, $signature, $key)) { 
    trigger_error ("Invalid signature", E_USER_ERROR); 
    } 

I tried to convert it to ASP .NET using

SHA1CryptoServiceProvider sha1 = new SHA1CryptoServiceProvider();
X509Certificate2 cert = new X509Certificate2(HttpContext.Current.Request.MapPath("~/App_Data/bankert.crt"), "");
RSACryptoServiceProvider rsaCryptoIPT = new RSACryptoServiceProvider();
rsaCryptoIPT.ImportCspBlob(cert.RawData);
if (!rsaCryptoIPT.VerifyData(data, CryptoConfig.MapNameToOID("SHA1"), signature))
    throw new InvalidOperationException("Invalid signature from bank ");

but line rsaCryptoIPT.ImportCspBlob(cert.RawData) causes Cryptography.CryptographicException invalid provider version:

  StackTrace:
       at System.Security.Cryptography.CryptographicException.ThrowCryptogaphicException(Int32 hr)
       at System.Security.Cryptography.Utils._ImportCspBlob(Byte[] keyBlob, SafeProvHandle hProv, CspProviderFlags flags, SafeKeyHandle& hKey)
       at System.Security.Cryptography.Utils.ImportCspBlobHelper(CspAlgorithmType keyType, Byte[] keyBlob, Boolean publicOnly, CspParameters& parameters, Boolean randomKeyContainer, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle)
       at System.Security.Cryptography.RSACryptoServiceProvider.ImportCspBlob(Byte[] keyBlob)
...

How to fix ?

bank_certificate file contains

-----BEGIN CERTIFICATE----- MIIDRTCCAq6gAwIBAgIBADANBgkqhkiG9w0BAQQFADB7MQswCQYDVQQGEwJFRTEO .... C82uR/wUZJDw9kj+R1O46/byG8yA+S9FVw== -----END CERTIFICATE-----

UPDATE: I changed code according to tyranid answer to

var cert = new X509Certificate2(HttpContext.Current.Request.MapPath("~/App_Data/banksert.crt"), "");
var rsaCryptoIPT = (RSACryptoServiceProvider)cert.PublicKey.Key;
var sha1 = new SHA1CryptoServiceProvider();
if (!rsaCryptoIPT.VerifyData(data, sha1, signature))
  throw new InvalidOperationException("Invalid signature from bank ");

This code causes Invalid signature from bank exception. Inspecting cert object in shows cert data. How to fix this so that signature is validated? Debugger shows that bank cert valid date has expired. Maybe this causes error or VerifyDate second parameter is wrong.

I can successfully sign the data and bank accepts signature using code

SHA1CryptoServiceProvider sha1 = new SHA1CryptoServiceProvider();
X509Certificate2 cert = new X509Certificate2(HttpContext.Current.Request.MapPath("~/App_Data/P12File.p12"), "");
RSACryptoServiceProvider rsaCryptoIPT = (RSACryptoServiceProvider)cert.PrivateKey;
byte[] binSignature = rsaCryptoIPT.SignData(binData, sha1);

Verifying bank signature should be reverse to this process, same algorithms are used. How to verify signature ?

解决方案

Do you have Enhanced crypto provider installed? Actually, to not depend on crypto providers, you can use other libraries, which implements all the cryptography stuff in native code. I know about EldoS SecureBlackbox (which is commercial), and Bouncy Castle (free one), however there can be other libraries on market.

这篇关于如何将openssl_pkey_get_public和openssl_verify转换为C＃.NET的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！