AS3Crypto RSA签名 [英] AS3Crypto RSA Signing
问题描述
我有一些麻烦匹配来自RSA签名的返回值 为Base64 SHA1哈希值与结果的动作as3crypto库在C#中返回。
I'm having some troubles matching the value returned from RSA signing a Base64 SHA1 hash in the actionscript as3crypto library with the result returned in c#.
我传递一个Base64的哈希去codeD作为一个字节数组号() 在as3crypto和Base64编码的结果所提供的功能。 然而,这一结果不会与从C#返回的结果 功能执行相同的任务。它的问题是, 函数接受并返回诅咒,即使它工作在字节 阵列级别?
I'm passing in a Base64 hash decoded as a byte array to the sign() function provided in as3crypto and base64 encoding the result. However, this result never matches the returned result from a c# function which performs the same task. Does it matter that the function takes in and returns hex even though it works at the byte array level?
请看看我下面的签名功能来检查我没有错过 什么!
Please see my below signing function to check i haven't missed anything!
private function signHash(hashInBase64:String):String
{
var src:ByteArray = Base64.decodeToByteArray(hashInBase64);
var key:RSAKey = getRSAKey();
var dst:ByteArray = new ByteArray();
key.sign(src, dst, src.length);
return Base64.encodeByteArray(dst);
}
任何人曾与AS3Crypto库多少经验?
Anyone had much experience with the AS3Crypto library?
任何帮助将是巨大的!
谢谢
乔恩
推荐答案
我假设你的C#版本使用的 RSA PKCS#1 1.5版。该标准通过做一个RSA私钥操作组成上以
I assume that your C# version is using RSA PKCS #1 version 1.5. The standard computes signatures by doing an RSA private key operation over a byte string composed as
0x00 0x01 || 0xff* || 0x00 || OID || hash
纵观as3crypto code表明RSAKey类不签收操作过程中添加任何OID。因此,如果你不这样做,你会得到不正确的结果。
Looking at the as3crypto code shows that the RSAKey class does not add any OID during the sign operation. Hence if you don't do it you'll get incorrect results.
纵观code还显示,as3crypto易受这种攻击的,因为它不验证填充正确。这种攻击是超过3岁。因此,它似乎是一个很好用一个不同的库比as3crypto。
Looking at the code also shows that as3crypto is vulnerable to this attack, because it does not verify the padding properly. This attack is more than 3 years old. Hence it seems like a good to use a different library than as3crypto.
这篇关于AS3Crypto RSA签名的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
