使用.NET内核检查.NET Framework生成的签名
我有一些用于签名和检查签名的遗留.NET Framework代码,需要将其移植到.NET Core 这是现有的.NET Framework代码:使用.NET内核检查.NET Framework生成的签名,.net,cryptography,.net-core,rsa,digital-signature,.net,Cryptography,.net Core,Rsa,Digital Signature,我有一些用于签名和检查签名的遗留.NET Framework代码,需要将其移植到.NET Core 这是现有的.NET Framework代码: public static bool CheckSignature_NetFramework(string payload, string signature, string publicKey) { try { using (var rsa = RSA.Create()) using (var shaH
public static bool CheckSignature_NetFramework(string payload, string signature, string publicKey)
{
try
{
using (var rsa = RSA.Create())
using (var shaHash = SHA256.Create())
{
rsa.FromXmlString(publicKey);
var hash = shaHash.ComputeHash(Encoding.UTF8.GetBytes(payload));
var rsaDeformatter = new RSAPKCS1SignatureDeformatter(rsa);
rsaDeformatter.SetHashAlgorithm("SHA256");
return rsaDeformatter.VerifySignature(hash, Convert.FromBase64String(signature));
}
}
catch
{
return false;
}
}
public static string CreateSignature_NetFramework(string payload, string privateKey)
{
using (var rsa = RSA.Create())
using (var shaHash = SHA256.Create())
{
rsa.FromXmlString(privateKey);
var hash = shaHash.ComputeHash(Encoding.UTF8.GetBytes(payload));
var rsaFormatter = new RSAPKCS1SignatureFormatter(rsa);
rsaFormatter.SetHashAlgorithm("SHA256");
return Convert.ToBase64String(rsaFormatter.CreateSignature(hash));
}
}
这就是我为等效的.NET核心实现所想到的:
public static bool CheckSignature_NetCore(string payload, string signature, string publicKey)
{
try
{
using (var rsa = RSA.Create())
using (var shaHash = SHA256.Create())
{
rsa.FromXmlString(publicKey);
var hash = shaHash.ComputeHash(Encoding.UTF8.GetBytes(payload));
return rsa.VerifyData(hash, Convert.FromBase64String(signature), HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
}
}
catch
{
return false;
}
}
public static string CreateSignature_NetCore(string payload, string privateKey)
{
using (var rsa = RSA.Create())
using (var shaHash = SHA256.Create())
{
rsa.FromXmlString(privateKey);
var hash = shaHash.ComputeHash(Encoding.UTF8.GetBytes(payload));
return Convert.ToBase64String(rsa.SignData(hash, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1));
}
}
public static void FromXmlString(this RSA rsa, string xmlString)
{
RSAParameters parameters = new RSAParameters();
XmlDocument xmlDoc = new XmlDocument();
xmlDoc.LoadXml(xmlString);
if (xmlDoc.DocumentElement.Name.Equals("RSAKeyValue"))
{
foreach (XmlNode node in xmlDoc.DocumentElement.ChildNodes)
{
switch (node.Name)
{
case "Modulus": parameters.Modulus = Convert.FromBase64String(node.InnerText); break;
case "Exponent": parameters.Exponent = Convert.FromBase64String(node.InnerText); break;
case "P": parameters.P = Convert.FromBase64String(node.InnerText); break;
case "Q": parameters.Q = Convert.FromBase64String(node.InnerText); break;
case "DP": parameters.DP = Convert.FromBase64String(node.InnerText); break;
case "DQ": parameters.DQ = Convert.FromBase64String(node.InnerText); break;
case "InverseQ": parameters.InverseQ = Convert.FromBase64String(node.InnerText); break;
case "D": parameters.D = Convert.FromBase64String(node.InnerText); break;
}
}
}
else
{
throw new Exception("Invalid XML RSA key.");
}
rsa.ImportParameters(parameters);
}
我可以成功验证使用相同环境创建的签名。但是使用CheckSignature\u NetCore
验证使用CreateSignature\u NetFramework
创建的签名失败
因此,看起来我的.NET核心实现与.NET Framework实现并不完全相同
如何验证在.NET Core中使用
CreateSignature\u NetFramework
创建的签名?您使用了VerifyData
,但您已经预计算了哈希值,因此应该使用VerifyHash
,或者让VerifyData为您进行哈希运算
也就是说,您希望:
rsa.FromXmlString(privateKey);
var sig = rsa.SignData(
Encoding.UTF8.GetBytes(payload),
HashAlgorithmName.SHA256,
RSASignaturePadding.Pkcs1));
或
我今天遇到了同样的问题。我不得不将一些遗留代码移植到.NETCore2 这就是我所做的
//<TargetFramework>net46</TargetFramework>
private bool hasValidSignature(string accessToken)
{
JwtParts jwt = new JwtParts(accessToken);
var bytesToSign = Encoding.UTF8.GetBytes(string.Concat(jwt.Header, ".", jwt.Payload));
byte[] signature = (new JwtBase64UrlEncoder()).Decode(jwt.Signature);
X509Certificate2 cert = publicCertService.GetPublicCertificate();
RSACryptoServiceProvider pub = (RSACryptoServiceProvider)cert.PublicKey.Key;
bool res = pub.VerifyData(bytesToSign, "2.16.840.1.101.3.4.2.1", signature);
return res;
}
您使用哪个版本的.NET core?上面的代码位于netstandard1.5类库中。
//<TargetFramework>net46</TargetFramework>
private bool hasValidSignature(string accessToken)
{
JwtParts jwt = new JwtParts(accessToken);
var bytesToSign = Encoding.UTF8.GetBytes(string.Concat(jwt.Header, ".", jwt.Payload));
byte[] signature = (new JwtBase64UrlEncoder()).Decode(jwt.Signature);
X509Certificate2 cert = publicCertService.GetPublicCertificate();
RSACryptoServiceProvider pub = (RSACryptoServiceProvider)cert.PublicKey.Key;
bool res = pub.VerifyData(bytesToSign, "2.16.840.1.101.3.4.2.1", signature);
return res;
}
private bool HasValidSignature(string accessToken)
{
JwtParts jwt = new JwtParts(accessToken);
var bytesToSign = Encoding.UTF8.GetBytes(string.Concat(jwt.Header, ".", jwt.Payload));
byte[] signature = (new JwtBase64UrlEncoder()).Decode(jwt.Signature);
X509Certificate2 cert = new X509Certificate2(publicCertService.GetPublicCertificate());
RSA rsa = cert.GetRSAPublicKey();
bool res = rsa.VerifyData(bytesToSign, signature, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
return res;
}