使用 Base64 编码的公钥验证 RSA 签名 [英] Using Base64 encoded Public Key to verify RSA signature
问题描述
简而言之,这是我的问题:
In a nutshell, this is my problem:
<代码>私人字符串publicKeyString = MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDVGUzbydMZS + fnkGTsUkDKEyFOGwghR234d5GjPnMIC0RFtXtw2tdcNM8I9Qk + h6fnPHiA7r27iHBfdxTP3oegQJWpbY2RMwSmOs02eQqpKx4QtIjWqkKk2Gmck5cll9GCoI8AUAA5e0D02T0ZgINDmo5yGPhGAAmqYrm8YiupwQIDAQAB";/* 需要一些转换,使用 publicKeyString 来启动一个新的 RSACryptoServiceProvider 对象*///目前:RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();字节[] selfComputedHash = 新字节[];//示例中省略字节[]签名=新字节[];bool 结果 = rsa.VerifyHash(selfComputedHash, CryptoConfig.MapNameToOID("SHA1"), 签名);
如您所见,问题在于使用给定的 Base64 编码公钥字符串启动新的 RSACryptoServiceProvider.我已经能够使用对象 RSAParameters 进行实例化,该对象使用 OpenSSL shell 命令从该公钥字符串派生的模数和指数加载了字节 [].但是由于这个公钥将来可能会发生变化,我希望能够将其以原始形式存储在数据库中.必须有更直接的方法来处理这个问题.
As you can see, the problem is initiating a new RSACryptoServiceProvider with the given Base64 encoded public key string. I've been able to do the instantiation using an object RSAParameters, loaded with the byte[]'s for Modulus and Exponent derived from this public key string using an OpenSSL shell command. But since this public key may change in the future I want to be able to store it in its original form in a database. There must be a more straightforward way of dealing with this.
到目前为止,我读过的许多示例都通过将生成的私钥和公钥导出到密钥容器对象或从密钥容器对象导入生成的私钥和公钥并在同一段代码中使用它而不是转移"来避免这个问题某些字符串形式的键内存不足.有些人在 StackOverflow 和其他网站上都表达了同样的问题,但我还没有找到令人满意的答案.
A lot of the examples I've read so far avoid this problem by exporting and importing the generated private and public keys to and from a key-container object and use it in the same piece of code and thus not 'transferring' the key in some string form out of memory. Some people have expressed the same problem, both here on StackOverflow and on other sites, but I have not been able to find a satisfying answer yet.
欢迎提出任何想法.
背景信息:我的通信伙伴从一个可变长度的输入字符串计算一个 20 字节的 SHA1 哈希,该字符串由包含在 ASCII 编码消息的多个字段中的信息组成.然后用我的合作伙伴的私钥对这个哈希进行 RSA 签名,并与 ASCII 消息一起发送给我.到达后,我自己计算 SHA1 哈希,使用 ASCII 消息中的相同字段,然后尝试通过调用 VerifyHash 来验证这些字段是否未更改.
Background info: My communication partner computes a 20-byte SHA1-hash from an input string of variable length, composed of the information contained in several fields of an ASCII encoded message. This hash is then RSA-signed with my partner's private key and sent along with the ASCII message to me. Upon arrival, I compute the SHA1 hash myself, using the same fields from the ASCII message and then try to verify if these fields were not altered by calling VerifyHash.
密钥以 2 种形式提供:常规和非NL".上面的代码中包含了noNL版本,普通版本是这样的:
The key is provided in 2 forms: regular and 'noNL'. The noNL version is included in the code above, the regular version is this:
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDVGUzbydMZS+fnkGTsUkDKEyFO
GwghR234d5GjPnMIC0RFtXtw2tdcNM8I9Qk+h6fnPHiA7r27iHBfdxTP3oegQJWp
bY2RMwSmOs02eQqpKx4QtIjWqkKk2Gmck5cll9GCoI8AUAA5e0D02T0ZgINDmo5y
GPhGAAmqYrm8YiupwQIDAQAB
-----END PUBLIC KEY-----
推荐答案
你的字符串是 SubjectPublicKeyInfo.您可以使用 Bouncycastle.net 像这样解码它:
Your string is the base64 encoding of a SubjectPublicKeyInfo. You can use Bouncycastle.net to decode it like this:
byte[] publicKeyBytes = Convert.FromBase64String(publicKeyString);
AsymmetricKeyParameter asymmetricKeyParameter = PublicKeyFactory.CreateKey(publicKeyBytes);
RsaKeyParameters rsaKeyParameters = (RsaKeyParameters) asymmetricKeyParameter;
RSAParameters rsaParameters = new RSAParameters();
rsaParameters.Modulus = rsaKeyParameters.Modulus.ToByteArrayUnsigned();
rsaParameters.Exponent = rsaKeyParameters.Exponent.ToByteArrayUnsigned();
RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();
rsa.ImportParameters(rsaParameters);
这篇关于使用 Base64 编码的公钥验证 RSA 签名的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
