使用.NET内核检查.NET Framework生成的签名_.net_Cryptography_.net Core_Rsa_Digital Signature

使用.NET内核检查.NET Framework生成的签名

.net cryptography .net-core

使用.NET内核检查.NET Framework生成的签名,.net,cryptography,.net-core,rsa,digital-signature,.net,Cryptography,.net Core,Rsa,Digital Signature,我有一些用于签名和检查签名的遗留.NET Framework代码，需要将其移植到.NET Core 这是现有的.NET Framework代码： public static bool CheckSignature_NetFramework(string payload, string signature, string publicKey) { try { using (var rsa = RSA.Create()) using (var shaH

我有一些用于签名和检查签名的遗留.NET Framework代码，需要将其移植到.NET Core

这是现有的.NET Framework代码：

public static bool CheckSignature_NetFramework(string payload, string signature, string publicKey)
{
    try
    {
        using (var rsa = RSA.Create())
        using (var shaHash = SHA256.Create())
        {
            rsa.FromXmlString(publicKey);
            var hash = shaHash.ComputeHash(Encoding.UTF8.GetBytes(payload));
            var rsaDeformatter = new RSAPKCS1SignatureDeformatter(rsa);
            rsaDeformatter.SetHashAlgorithm("SHA256");
            return rsaDeformatter.VerifySignature(hash, Convert.FromBase64String(signature));
        }
    }
    catch
    {
        return false;
    }
}

public static string CreateSignature_NetFramework(string payload, string privateKey)
{
    using (var rsa = RSA.Create())
    using (var shaHash = SHA256.Create())
    {
        rsa.FromXmlString(privateKey);
        var hash = shaHash.ComputeHash(Encoding.UTF8.GetBytes(payload));
        var rsaFormatter = new RSAPKCS1SignatureFormatter(rsa);
        rsaFormatter.SetHashAlgorithm("SHA256");
        return Convert.ToBase64String(rsaFormatter.CreateSignature(hash));
    }
}

这就是我为等效的.NET核心实现所想到的：

public static bool CheckSignature_NetCore(string payload, string signature, string publicKey)
{
    try
    {
        using (var rsa = RSA.Create())
        using (var shaHash = SHA256.Create())
        {
            rsa.FromXmlString(publicKey);
            var hash = shaHash.ComputeHash(Encoding.UTF8.GetBytes(payload));
            return rsa.VerifyData(hash, Convert.FromBase64String(signature), HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
        }
    }
    catch
    {
        return false;
    }
}

public static string CreateSignature_NetCore(string payload, string privateKey)
{
    using (var rsa = RSA.Create())
    using (var shaHash = SHA256.Create())
    {
        rsa.FromXmlString(privateKey);
        var hash = shaHash.ComputeHash(Encoding.UTF8.GetBytes(payload));
        return Convert.ToBase64String(rsa.SignData(hash, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1));
    }
}

public static void FromXmlString(this RSA rsa, string xmlString)
{
    RSAParameters parameters = new RSAParameters();

    XmlDocument xmlDoc = new XmlDocument();
    xmlDoc.LoadXml(xmlString);

    if (xmlDoc.DocumentElement.Name.Equals("RSAKeyValue"))
    {
        foreach (XmlNode node in xmlDoc.DocumentElement.ChildNodes)
        {
            switch (node.Name)
            {
                case "Modulus": parameters.Modulus = Convert.FromBase64String(node.InnerText); break;
                case "Exponent": parameters.Exponent = Convert.FromBase64String(node.InnerText); break;
                case "P": parameters.P = Convert.FromBase64String(node.InnerText); break;
                case "Q": parameters.Q = Convert.FromBase64String(node.InnerText); break;
                case "DP": parameters.DP = Convert.FromBase64String(node.InnerText); break;
                case "DQ": parameters.DQ = Convert.FromBase64String(node.InnerText); break;
                case "InverseQ": parameters.InverseQ = Convert.FromBase64String(node.InnerText); break;
                case "D": parameters.D = Convert.FromBase64String(node.InnerText); break;
            }
        }
    }
    else
    {
        throw new Exception("Invalid XML RSA key.");
    }

    rsa.ImportParameters(parameters);
}

我可以成功验证使用相同环境创建的签名。但是使用

CheckSignature\u NetCore

验证使用

CreateSignature\u NetFramework

创建的签名失败

因此，看起来我的.NET核心实现与.NET Framework实现并不完全相同

如何验证在.NET Core中使用

CreateSignature\u NetFramework

创建的签名？

您使用了

VerifyData

，但您已经预计算了哈希值，因此应该使用

VerifyHash

，或者让VerifyData为您进行哈希运算

也就是说，您希望：

rsa.FromXmlString(privateKey);

var sig = rsa.SignData(
    Encoding.UTF8.GetBytes(payload),
    HashAlgorithmName.SHA256,
    RSASignaturePadding.Pkcs1));

或

我今天遇到了同样的问题。我不得不将一些遗留代码移植到.NETCore2

这就是我所做的

//<TargetFramework>net46</TargetFramework>    
private bool hasValidSignature(string accessToken)
{
    JwtParts jwt = new JwtParts(accessToken);
    var bytesToSign = Encoding.UTF8.GetBytes(string.Concat(jwt.Header, ".", jwt.Payload));

    byte[] signature = (new JwtBase64UrlEncoder()).Decode(jwt.Signature);

    X509Certificate2 cert = publicCertService.GetPublicCertificate();
    RSACryptoServiceProvider pub = (RSACryptoServiceProvider)cert.PublicKey.Key;

    bool res = pub.VerifyData(bytesToSign, "2.16.840.1.101.3.4.2.1", signature);

    return res;
}

您使用哪个版本的.NET core？上面的代码位于netstandard1.5类库中。

//<TargetFramework>net46</TargetFramework>    
private bool hasValidSignature(string accessToken)
{
    JwtParts jwt = new JwtParts(accessToken);
    var bytesToSign = Encoding.UTF8.GetBytes(string.Concat(jwt.Header, ".", jwt.Payload));

    byte[] signature = (new JwtBase64UrlEncoder()).Decode(jwt.Signature);

    X509Certificate2 cert = publicCertService.GetPublicCertificate();
    RSACryptoServiceProvider pub = (RSACryptoServiceProvider)cert.PublicKey.Key;

    bool res = pub.VerifyData(bytesToSign, "2.16.840.1.101.3.4.2.1", signature);

    return res;
}

private bool HasValidSignature(string accessToken)
{
    JwtParts jwt = new JwtParts(accessToken);
    var bytesToSign = Encoding.UTF8.GetBytes(string.Concat(jwt.Header, ".", jwt.Payload));

    byte[] signature = (new JwtBase64UrlEncoder()).Decode(jwt.Signature);

    X509Certificate2 cert = new X509Certificate2(publicCertService.GetPublicCertificate());

    RSA rsa = cert.GetRSAPublicKey();

    bool res =  rsa.VerifyData(bytesToSign, signature, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);

    return res;
}