如何使用Compact Framework的验证X.509证书在C# [英] How to validate X.509 Certificate in C# using Compact Framework
问题描述
我想验证使用C#和.NetCF的X.509证书。我有CA证书,如果我理解正确的话,我需要使用公钥从该CA证书不可信证书的签名进行解密。这应该给我的不信任证书的计算哈希值。那么我应该计算证书的哈希自己,并确保这两个值相匹配。
I am trying to validate an X.509 certificate using C# and .NetCF. I have the CA certificate, and if I understand correctly, I need to use the public key from this CA certificate to decrypt the signature of the untrusted certificate. This should give me the computed hash value of the untrusted certificate. I should then compute the hash of the certificate myself and make sure the two values match.
我一直在玩这几天,我没有得到很远。我一直在使用的x509证书和的RSACryptoServiceProvider类。首先,我试图让公共密钥和签名进行X509Certificate类的。我能得到的公共密钥而不是签名。接下来,我试图解析这弥补了证书,这让我得到签名(我想任何其他数据)的二进制数据,但我无法使用的RSACryptoServiceProvider对签名进行解密。我想这样的事情,但一直得到异常说坏键,当我试图解密:
I've been playing with this for a few days and I'm not getting very far. I've been using the X509Certificate and RSACryptoServiceProvider classes. First, I tried to get the public key and signature out of the X509Certificate class. I was able to get the public key but not the signature. Next, I tried parsing the binary data that made up the certificate, which allowed me to get the signature (and any other data I wanted), but I was unable to decrypt the signature using the RSACryptoServiceProvider. I tried things like this but kept getting exceptions saying "Bad Key" when I tried to decrypt:
RSAParameters rsaParams = new RSAParameters();
rsaParams.Exponent = exp;
rsaParams.Modulus = mod;
RSACryptoServiceProvider rsaServ = new RSACryptoServiceProvider();
rsaServ.ImportParameters(rsaParams);
byte[] decryptedSig = rsaServ.Decrypt(encryptedSig, false);
任何意见将是极大的AP preciated。
Any advice would be greatly appreciated.
编辑: 我试过的东西,这似乎是更好,但返回一个奇怪的结果。我与X509Certificate2类在这里工作,因为它是为测试更容易一些,但我会稍后需要切换到X509证书的.NetCF。我认为RSACryptoServiceProvider.VerifyData可能是我所需要的。我尝试以下code。
I tried something that seems to be better but is returning a strange result. I'm working with the X509Certificate2 class here because it's a little easier for testing, but I will need to switch to X509Certificate for .NetCF later. I think that RSACryptoServiceProvider.VerifyData might be what I need. I tried the following code.
X509Certificate2 cert = new X509Certificate2(certBytes);
X509Certificate2 certCA1 = new X509Certificate2(@"C:\certs\certCA1.cer");
byte[] encryptedSig = new byte[256];
Array.Copy(certBytes, certBytes.Length - 256, encryptedSig, 0, 256);
RSACryptoServiceProvider rsa = (RSACryptoServiceProvider)certA1.PublicKey.Key;
bool good = rsa.VerifyData(cert.RawData, "1.3.14.3.2.26", encryptedSig);
正如我所说的,我可以手动取消code和跨preT证书的二进制数据,所以我pretty的确认cert.RawData是证书的签名的数据和最后的256个字节是加密的签名。该字符串的哈希算法,这是我从证书得到的OID,但我不是100%肯定它是正确的。 VerifyData返回假的,但我不知道为什么呢。
As I said, I am able to manually decode and interpret the binary data of the certificate, so I'm pretty sure the cert.RawData is the certificate's signed data and the last 256 bytes are the encrypted signature. The string is the OID of the hash algorithm, which I got from certificate, but I'm not 100% sure that it's correct. VerifyData returns false, but I'm not sure why yet.
思考?
推荐答案
下面是我的code。
RSACryptoServiceProvider rsa = signingCertificate_GetPublicKey();
return rsa.VerifyData( SignedValue(), CryptoConfig.MapNameToOID( "SHA1" ), Signature() );
RSACryptoServiceProvider signingCertificate_GetPublicKey()
{
RSACryptoServiceProvider publicKey = new RSACryptoServiceProvider();
RSAParameters publicKeyParams = new RSAParameters();
publicKeyParams.Modulus = GetPublicKeyModulus();
publicKeyParams.Exponent = GetPublicKeyExponent();
publicKey.ImportParameters( publicKeyParams );
return publicKey;
}
byte[] GetPublicKeyExponent()
{
// The value of the second TLV in your Public Key
}
byte[] GetPublicKeyModulus()
{
// The value of the first TLV in your Public Key
}
byte[] SignedValue()
{
// The first TLV in your Ceritificate
}
byte[] Signature()
{
// The value of the third TLV in your Certificate
}
我希望帮助任何人谁正在研究这个问题。
I hope that helps anyone who is working on this problem.
这篇关于如何使用Compact Framework的验证X.509证书在C#的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
