C# RSA_签名和RSACryptoProvider.VerifySignature
我正在努力学习如何获取一些使用OpenSSL进行加密的代码,以及如何使用.NET中的Microsoft加密提供程序,使用C#编写另一个程序 更重要的是,我试图让C#程序验证OpenSSL代码生成的RSA消息签名。生成签名的代码如下所示:C# RSA_签名和RSACryptoProvider.VerifySignature,c#,cryptography,openssl,rsacryptoserviceprovider,C#,Cryptography,Openssl,Rsacryptoserviceprovider,我正在努力学习如何获取一些使用OpenSSL进行加密的代码,以及如何使用.NET中的Microsoft加密提供程序,使用C#编写另一个程序 更重要的是,我试图让C#程序验证OpenSSL代码生成的RSA消息签名。生成签名的代码如下所示: // Code in C, using the OpenSSL RSA implementation char msgToSign[] = "Hello World"; // the message to be signed char signatur
// Code in C, using the OpenSSL RSA implementation
char msgToSign[] = "Hello World"; // the message to be signed
char signature[RSA_size(rsa)]; // buffer that will hold signature
int slen = 0; // will contain signature size
// rsa is an OpenSSL RSA context, that's loaded with the public/private key pair
memset(signature, 0, sizeof(signature));
RSA_sign(NID_sha1
, (unsigned char*)msgToSign
, strlen(msgToSign)
, signature
, &slen
, rsa);
// now signature contains the message signature
// and can be verified using the RSA_verify counterpart
// .. I would like to verify the signature in C#
在C#中,我将执行以下操作:
- 将另一方的公钥导入
对象rsacyptoserviceprovider
- 接收消息及其签名
- 尝试验证签名
byte[] receivedSignature;
// ....
// receivedSignature is set to the byte array generated by the OpenSSL side
// I've verified this much is working correctly
// I use my utility to parse a PEM file and extract the other side's public key
// also, verified to be working correctly - the public key is good.
RSACryptoServiceProvider rsa = MyPEMLoader.LoadFromFile("publicKey.pem");
string msgToVerify = "Hello World";
byte[] msgBytes = Encoding.ASCII.GetBytes(msg); // other side uses ASCII, so do the same
bool verified = rsa.VerifyHash(msgBytes, "SHA1", receivedSignature);
// verfied is false.. verfification failed!
如果你展示你的C代码可能会有所帮助。我认为应该是这样的: 当然,我只是猜测UTF-8的部分。也可能是ASCII码 编辑:这是你的答案。该示例的做法似乎有所不同,首先对localData进行哈希处理
hashedData = hash.ComputeHash(signedData);
return rsaCSP.VerifyHash(hashedData, CryptoConfig.MapNameToOID("SHA1"), signature);
您应该删除pem实用程序,这不是必需的,请使用
var cert = new X509Certificate2(HttpContext.Current.Request.MapPath("~/App_Data/PublicKey.pem"), "");
var rsaCryptoIPT = (RSACryptoServiceProvider)cert.PublicKey.Key;
var sha1 = new SHA1CryptoServiceProvider();
if (!rsaCryptoIPT.VerifyData(data, sha1, signature))
throw new InvalidOperationException("Invalid signature from bank ");
如果这没有帮助,您可以发布pem文件读取器代码。谢谢@Henk,请查看我的编辑。这和我之前做的差不多,但显然不是这样的。您是否使用OpenSSL生成的RSA签名成功测试了此代码?不,我没有使用OpenSSL。最好检查MSDN链接,我复制了相关代码。有解决方案吗?我正试着做同样的事情。
var cert = new X509Certificate2(HttpContext.Current.Request.MapPath("~/App_Data/PublicKey.pem"), "");
var rsaCryptoIPT = (RSACryptoServiceProvider)cert.PublicKey.Key;
var sha1 = new SHA1CryptoServiceProvider();
if (!rsaCryptoIPT.VerifyData(data, sha1, signature))
throw new InvalidOperationException("Invalid signature from bank ");