Bouncy Castle 使用 C# 签名并验证 SHA256 证书

【问题标题】:Bouncy Castle Sign and Verify SHA256 Certificate With C#Bouncy Castle 使用 C# 签名并验证 SHA256 证书
【发布时间】:2015-04-02 23:13:52
【问题描述】:

我通过大量示例了解人们如何使用 Bouncy Castle 动态生成 RSA 密钥对,然后在一个代码块中进行签名和验证。这些答案很棒,真的帮助我快速提升!

也就是说,我需要创建一个客户端,它可以通过 WCF JSON 调用一个公钥,以便稍后用于签名验证,我似乎无法让它工作。首先是我用来生成证书的代码:

    public System.Security.Cryptography.X509Certificates.X509Certificate2 LoadCertificate()
    {
        System.Security.Cryptography.X509Certificates.X509Certificate2 returnX509 = null;
        //X509Certificate returnCert = null;

        try
        {
            returnX509 = new System.Security.Cryptography.X509Certificates.X509Certificate2(CertificateName, CertificatePassword);
            //returnCert = DotNetUtilities.FromX509Certificate(returnX509);
        }
        catch
        {
            Console.WriteLine("Failed to obtain cert - trying to make one now.");

            try
            {
                Guid nameGuid = Guid.NewGuid();
                AsymmetricCipherKeyPair kp;
                var x509 = GenerateCertificate("CN=Server-CertA-" + nameGuid.ToString(), out kp);
                SaveCertificateToFile(x509, kp, CertificateName, CertificateAlias, CertificatePassword);
                returnX509 = new System.Security.Cryptography.X509Certificates.X509Certificate2(CertificateName, CertificatePassword);
                //returnCert = DotNetUtilities.FromX509Certificate(returnX509);
                Console.WriteLine("Successfully wrote and retrieved cert!");
            }
            catch (Exception exc)
            {
                Console.WriteLine("Failed to create cert - exception was: " + exc.ToString());
            }
        }

        return returnX509;
    }

完成后,我使用以下代码签署消息:

    public string SignData(string Message, string PrivateKey)
    {
        try
        {
            byte[] orgBytes = UnicodeEncoding.ASCII.GetBytes(Message);
            byte[] privateKey = UnicodeEncoding.ASCII.GetBytes(PrivateKey);

            string curveName = "P-521";
            X9ECParameters ecP = NistNamedCurves.GetByName(curveName);
            ECDomainParameters ecSpec = new ECDomainParameters(ecP.Curve, ecP.G, ecP.N, ecP.H, ecP.GetSeed());

            ISigner signer = SignerUtilities.GetSigner("SHA-256withECDSA");
            BigInteger biPrivateKey = new BigInteger(privateKey);
            ECPrivateKeyParameters keyParameters = new ECPrivateKeyParameters(biPrivateKey, ecSpec);

            signer.Init(true, keyParameters);
            signer.BlockUpdate(orgBytes, 0, orgBytes.Length);

            byte[] data = signer.GenerateSignature();
            //Base64 Encode
            byte[] encodedBytes;
            using (MemoryStream encStream = new MemoryStream())
            {
                base64.Encode(orgBytes, 0, orgBytes.Length, encStream);
                encodedBytes = encStream.ToArray();
            }

            if (encodedBytes.Length > 0)
                return UnicodeEncoding.ASCII.GetString(encodedBytes);
            else
                return "";
        }
        catch (Exception exc)
        {
            Console.WriteLine("Signing Failed: " + exc.ToString());
            return "";
        }
    }

最后,我尝试验证:

    public bool VerifySignature(string PublicKey, string Signature, string Message)
    {
        try
        {
            AsymmetricKeyParameter pubKey = new AsymmetricKeyParameter(false);

            var publicKey = PublicKeyFactory.CreateKey(Convert.FromBase64String(PublicKey));
            ISigner signer = SignerUtilities.GetSigner("SHA-256withECDSA");
            byte[] orgBytes = UnicodeEncoding.ASCII.GetBytes(Message);

            signer.Init(false, publicKey);
            signer.BlockUpdate(orgBytes, 0, orgBytes.Length);

            //Base64 Decode
            byte[] encodeBytes = UnicodeEncoding.ASCII.GetBytes(Signature);
            byte[] decodeBytes;
            using (MemoryStream decStream = new MemoryStream())
            {
                base64.Decode(encodeBytes, 0, encodeBytes.Length, decStream);
                decodeBytes = decStream.ToArray();
            }

            return signer.VerifySignature(decodeBytes);
        }
        catch (Exception exc)
        {
            Console.WriteLine("Verification failed with the error: " + exc.ToString());
            return false;
        } 
    }

这是我的测试应用:

        Console.WriteLine("Attempting to load cert...");
        System.Security.Cryptography.X509Certificates.X509Certificate2 thisCert = LoadCertificate();
        if (thisCert != null)
        {
            Console.WriteLine(thisCert.IssuerName.Name);
            Console.WriteLine("Signing the text - Mary had a nuclear bomb");
            string signature = SignData("Mary had a nuclear bomb", thisCert.PublicKey.Key.ToXmlString(true));

            Console.WriteLine("Signature: " + signature);

            Console.WriteLine("Verifying Signature");

            if (VerifySignature(thisCert.PublicKey.Key.ToXmlString(false), signature, "Mary had a nuclear bomb."))
                Console.WriteLine("Valid Signature!");
            else
                Console.WriteLine("Signature NOT valid!");

        }

当我尝试运行测试应用程序时,我收到错误“密钥在指定状态下无效”。上线:

    string signature = SignData("Mary had a nuclear bomb", thisCert.PublicKey.Key.ToXmlString(true));

我尝试用“PrivateKey”替换“PublicKey.Key”,但这并没有什么不同。我也尝试使用 BounceyCastle X509Certificate 但我不知道如何提取密钥。有什么想法吗?

谢谢!

更新:我确实弄清楚了如何仅使用 .NET 进行签名和验证,但这对我来说并不是很有用,因为我需要跨平台,事实上,我们的主要客户端应用程序是用 Java 编写的。有人知道相当于下面代码的充气城堡吗?

    public string SignDataAsXml(string Message, X509Certificate2 ThisCert)
    {
        XmlDocument doc = new XmlDocument();
        doc.PreserveWhitespace = false;
        doc.LoadXml("<core>" + Message + "</core>");

        // Create a SignedXml object.
        SignedXml signedXml = new SignedXml(doc);

        // Add the key to the SignedXml document. 
        signedXml.SigningKey = ThisCert.PrivateKey;

        // Create a reference to be signed.
        Reference reference = new Reference();
        reference.Uri = "";

        // Add an enveloped transformation to the reference.
        XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform();
        reference.AddTransform(env);

        // Add the reference to the SignedXml object.
        signedXml.AddReference(reference);

        // Create a new KeyInfo object.
        KeyInfo keyInfo = new KeyInfo();

        // Load the certificate into a KeyInfoX509Data object 
        // and add it to the KeyInfo object.
        keyInfo.AddClause(new KeyInfoX509Data(ThisCert));

        // Add the KeyInfo object to the SignedXml object.
        signedXml.KeyInfo = keyInfo;

        // Compute the signature.
        signedXml.ComputeSignature();

        // Get the XML representation of the signature and save 
        // it to an XmlElement object.
        XmlElement xmlDigitalSignature = signedXml.GetXml();

        // Append the element to the XML document.
        doc.DocumentElement.AppendChild(doc.ImportNode(xmlDigitalSignature, true));


        if (doc.FirstChild is XmlDeclaration)
        {
            doc.RemoveChild(doc.FirstChild);
        }

        using (var stringWriter = new StringWriter())
        {
            using (var xmlTextWriter = XmlWriter.Create(stringWriter))
            {
                doc.WriteTo(xmlTextWriter);
                xmlTextWriter.Flush();
                return stringWriter.GetStringBuilder().ToString();
            }
        }
    }

    public bool VerifyXmlSignature(string XmlMessage, X509Certificate2 ThisCert)
    {
        // Create a new XML document.
        XmlDocument xmlDocument = new XmlDocument();

        // Load the passed XML file into the document. 
        xmlDocument.LoadXml(XmlMessage);

        // Create a new SignedXml object and pass it the XML document class.
        SignedXml signedXml = new SignedXml(xmlDocument);

        // Find the "Signature" node and create a new XmlNodeList object.
        XmlNodeList nodeList = xmlDocument.GetElementsByTagName("Signature");

        // Load the signature node.
        signedXml.LoadXml((XmlElement)nodeList[0]);

        // Check the signature and return the result. 
        return signedXml.CheckSignature(ThisCert, true);
    }

【问题讨论】:

  • 我认为 ECDSA 只是普通 DSA 签名算法的一种变体,并不反映正在使用的底层密钥。我的印象是签名和验证只要使用相同的签名算法就可以工作。不是这样吗?
  • 我做了 - LoadCertificates() 方法包含密钥生成部分。我使用 RSA356 生成密钥,然后使用 RSA356-ECDSA 对数据进行签名。
  • 抱歉 - 我不小心把两个东西混在一起了。 GenerateKeys 用于我的加密处理,与这个问题无关。我更正了问题并添加了测试代码。

标签: c# rsa bouncycastle sha


【解决方案1】:

Bouncy Castle 根本不支持 XML 格式。除非您的用例严格要求它,否则您会发现仅使用 Base64 编码会更容易,证书 (X.509) 和私钥 (PKCS#8) 以 PEM 格式存储。这些都是字符串格式,所以应该可以直接和 JSON 一起使用。

代码示例中还有其他问题:签名应该使用私钥,签名不应该被视为 ASCII 字符串,可能您的消息实际上是 UTF8。我希望内部签名/验证例程可能看起来像这样:

    public string SignData(string msg, ECPrivateKeyParameters privKey)
    {
        try
        {
            byte[] msgBytes = Encoding.UTF8.GetBytes(msg);

            ISigner signer = SignerUtilities.GetSigner("SHA-256withECDSA");
            signer.Init(true, privKey);
            signer.BlockUpdate(msgBytes, 0, msgBytes.Length);
            byte[] sigBytes = signer.GenerateSignature();

            return Convert.ToBase64String(sigBytes);
        }
        catch (Exception exc)
        {
            Console.WriteLine("Signing Failed: " + exc.ToString());
            return null;
        }
    }

    public bool VerifySignature(ECPublicKeyParameters pubKey, string signature, string msg)
    {
        try
        {
            byte[] msgBytes = Encoding.UTF8.GetBytes(msg);
            byte[] sigBytes = Convert.FromBase64String(signature);

            ISigner signer = SignerUtilities.GetSigner("SHA-256withECDSA");
            signer.Init(false, pubKey);
            signer.BlockUpdate(msgBytes, 0, msgBytes.Length);
            return signer.VerifySignature(sigBytes);
        }
        catch (Exception exc)
        {
            Console.WriteLine("Verification failed with the error: " + exc.ToString());
            return false;
        }
    }

另一个问题是我认为 .NET 直到 .NET 3.5 才获得 ECDSA 支持,无论如何 .NET 1.1 中没有 ECDsa 类(这是 BC 即将发布的 1.8 版本的目标 - 我们将“现代化" 之后),因此 DotNetUtilities 不支持 ECDSA。但是,我们可以导出到 PKCS#12 并导入到 BC。一个示例程序:

    public void Program()
    {
        Console.WriteLine("Attempting to load cert...");
        System.Security.Cryptography.X509Certificates.X509Certificate2 thisCert = LoadCertificate();

        Console.WriteLine(thisCert.IssuerName.Name);
        Console.WriteLine("Signing the text - Mary had a nuclear bomb");

        byte[] pkcs12Bytes = thisCert.Export(X509ContentType.Pkcs12, "dummy");
        Pkcs12Store pkcs12 = new Pkcs12StoreBuilder().Build();
        pkcs12.Load(new MemoryStream(pkcs12Bytes, false), "dummy".ToCharArray());

        ECPrivateKeyParameters privKey = null;
        foreach (string alias in pkcs12.Aliases)
        {
            if (pkcs12.IsKeyEntry(alias))
            {
                privKey = (ECPrivateKeyParameters)pkcs12.GetKey(alias).Key;
                break;
            }
        }

        string signature = SignData("Mary had a nuclear bomb", privKey);

        Console.WriteLine("Signature: " + signature);

        Console.WriteLine("Verifying Signature");

        var bcCert = DotNetUtilities.FromX509Certificate(thisCert);
        if (VerifySignature((ECPublicKeyParameters)bcCert.GetPublicKey(), signature, "Mary had a nuclear bomb."))
            Console.WriteLine("Valid Signature!");
        else
            Console.WriteLine("Signature NOT valid!");
    }

我还没有真正测试过上面的任何代码,但它应该会给你一些继续的东西。请注意,BC 也有密钥和证书生成器,因此您可以选择将 BC 用于所有内容(XML 除外!),并仅在必要时向/从 .NET 土地导出/导入。

【讨论】:

  • 非常感谢您提供此代码 - 我现在正在测试。你知道我如何直接从 Org.BouncyCastle.X509.X509Certificate 获取私钥吗?我的代码实际上创建了这个证书,将其导出到 Windows,然后再返回,如果可能的话,我想完全从等式中删除 .NET。
  • 我尝试使用以下代码(使用我能找到的每个派生将证书导出到字节数组 Pkcs12Store pkcs12 = new Pkcs12StoreBuilder().Build(); pkcs12.Load(new MemoryStream(CurrentCert. CertificateStructure.GetEncoded(), false), CertificatePassword.ToCharArray()); 但我一直收到错误消息:无法将“Org.BouncyCastle.Asn1.DerSequence”类型的对象转换为“Org.BouncyCastle.Asn1.DerInteger”
  • 如果我使用这条线一切正常 - 但我如何在内存中做到这一点? pkcs12.Load(File.OpenRead("myCert.p12"), CertificatePassword.ToCharArray());
  • 在 BC 中,X509Certificate 不包含相应的私钥。创建证书时,您必须以某种方式生成密钥对,因此您从那里获取私钥。然后,您可以将证书和私钥一起存储在 PKCS#12 存储中,或者您可以将它们写到单独的文件中,通常是 PEM 编码的。搜索使用 Org.BouncyCastle.OpenSsl.PemWriter 类的示例(并确保在编写私钥时使用密码)。
  • 那段代码很不错。但我无法从智能卡中获取私钥。如何解决?
【解决方案2】:

感谢 Petters 的回答,我想添加代码以使用 RSA 算法验证签名。

public bool VerifySignature(AsymmetricKeyParameter pubKey, string signature, string msg)
{
    try
    {
        byte[] msgBytes = Encoding.UTF8.GetBytes(msg);
        byte[] sigBytes = Convert.FromBase64String(signature);

        ISigner signer = SignerUtilities.GetSigner("SHA-256withRSA");
        signer.Init(false, pubKey);
        signer.BlockUpdate(msgBytes, 0, msgBytes.Length);
        return signer.VerifySignature(sigBytes);
    }
    catch (Exception exc)
    {
        Console.WriteLine("Verification failed with the error: " + exc.ToString());
        return false;
    }
}

【讨论】:

    猜你喜欢
    • 2016-10-01
    • 2015-07-03
    • 1970-01-01
    • 1970-01-01
    • 2017-12-04
    • 1970-01-01
    • 2020-08-22
    • 2021-12-17
    • 1970-01-01
    相关资源
    最近更新 更多
    热门标签
    Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode