如何在.net中对HTTPS请求进行数字签名? [英] How do I digitally sign an HTTPS request in .net?

问题描述

是否存在一个内置过程，可以使用.net中的客户端SSL私钥对HTTPS请求进行数字签名?另外，是否有内置的程序可以根据SSL证书验证数字签名?还是我必须自己动手?还是有第三方图书馆?

Is there a built in procedure to digitally sign an HTTPS request with client's SSL private key in .net? Also, is there a built in procedure to verify the digital signature against an SSL certificate? Or do I have to roll my own? Or is there a third party library?

我要签名的数据是正常的HTTP表单请求.例如，我提供此地址以扣除卡中的余额:

The data that I want to sign is normal HTTP form request. For example I'm providing this address to deduct balance of a card:

https://myserver/deduction

客户端将向该地址发布HTTP表单，其中包含card = 1234567890123456，currency = 1，amount = 1000等数据.该数据是我希望我的客户端签名的数据.

The client will post an HTTP form to that address with data like card=1234567890123456, currency=1, amount=1000, etc. This data is the one I want my client to sign.

我需要对请求进行数字签名，因为客户需要操纵资金，所以我想确保请求确实来自客户，并且没有人篡改请求的内容.

I need the request to be digitally signed because the client manipulates money, so I want to be sure that the request really comes from the client and that nobody tampers with the content of the request.

我也在考虑使用SSL客户端证书，但是它只能提供机密性和身份验证，而不能提供数据完整性.

I'm also considering using SSL client certificate, but it can only provide confidentiality and authentication, but not data integrity.

推荐答案

这里似乎有一个完整的代码示例，说明如何在C#中执行基本的数字签名实现.

There seems to be a whole example here with code how to do basic Digital Signature Implementation in C# http://tutorial.visualstudioteamsystem.com/details.aspx?item=134

var MySigner = new DSACryptoServiceProvider();
string publicKey;

using (var file = new FileStream(args[0], FileMode.Open, FileAccess.Read))
{
    using (var reader = new BinaryReader(file))
    {
        var data = reader.ReadBytes((int)file.Length);

        var signature = MySigner.SignData(data);

        publicKey = MySigner.ToXmlString(false);
        Console.WriteLine("Signature: " + Convert.ToBase64String(signature));
    }
}

var verifier = new DSACryptoServiceProvider();
verifier.FromXmlString(publicKey);

using (var file = new FileStream(args[0], FileMode.Open, FileAccess.Read))
{
    using (var reader = new BinaryReader(file)) 
    { 
        byte[] data = reader.ReadBytes((int)file .Length);

        if (verifier.VerifyData(data, signature))
            Console.WriteLine("Signature");
        else
            Console.WriteLine("Signature is not verified");
    }
}

这篇关于如何在.net中对HTTPS请求进行数字签名?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！