RSA变态模式:【私钥加密,公钥解密】
一般这种写法都是JAVA弄的。.NET原生不支持。为啥,我也不清楚,大概是因为安全性问题吧,毕竟公钥是人人都可是持有的。私钥只有自己拥有。
对接注意事项:http://blog.csdn.net/gzy11/article/details/54573973
一般方法请看:http://blog.csdn.net/gzy11/article/details/54573973
签名一直都是【私钥加签、公钥验签】只为证明该消息是你发出来的。
这里使用了BouncyCastle1.8.1.0 nuget包。
所有加签、加密返回结果都是base64的,注意格式换。如下:
byte[] dataBytes = Convert.FromBase64String(data);
string base64Str = Convert.ToBase64String(signer.GenerateSignature());
RSAHelper类
基于BouncyCastle部分
#region 私钥加密
/// <summary>
/// 基于BouncyCastle的RSA私钥加密
/// </summary>
/// <param name="privateKeyJava"></param>
/// <param name="data"></param>
/// <returns></returns>
public static string EncryptPrivateKeyJava(string privateKeyJava, string data, string encoding = "UTF-8")
{
RsaKeyParameters privateKeyParam = (RsaKeyParameters)PrivateKeyFactory.CreateKey(Convert.FromBase64String(privateKeyJava));
byte[] cipherbytes = Encoding.GetEncoding(encoding).GetBytes(data);
RsaEngine rsa = new RsaEngine();
rsa.Init(true, privateKeyParam);//参数true表示加密/false表示解密。
cipherbytes = rsa.ProcessBlock(cipherbytes, 0, cipherbytes.Length);
return Convert.ToBase64String(cipherbytes);
}
#endregion
#region 公钥解密
/// <summary>
/// 基于BouncyCastle的RSA公钥解密
/// </summary>
/// <param name="publicKeyJava"></param>
/// <param name="data"></param>
/// <param name="encoding"></param>
/// <returns></returns>
public static string DecryptPublicKeyJava(string publicKeyJava, string data, string encoding = "UTF-8")
{
RsaKeyParameters publicKeyParam = (RsaKeyParameters)PublicKeyFactory.CreateKey(Convert.FromBase64String(publicKeyJava));
byte[] cipherbytes = Convert.FromBase64String(data);
RsaEngine rsa = new RsaEngine();
rsa.Init(false, publicKeyParam);//参数true表示加密/false表示解密。
cipherbytes = rsa.ProcessBlock(cipherbytes, 0, cipherbytes.Length);
return Encoding.GetEncoding(encoding).GetString(cipherbytes);
}
#endregion
#region 加签
/// <summary>
/// 基于BouncyCastle的RSA签名
/// </summary>
/// <param name="data"></param>
/// <param name="privateKeyJava"></param>
/// <param name="hashAlgorithm">JAVA的和.NET的不一样,如:MD5(.NET)等同于MD5withRSA(JAVA)</param>
/// <param name="encoding"></param>
/// <returns></returns>
public static string RSASignJavaBouncyCastle(string data, string privateKeyJava, string hashAlgorithm = "MD5withRSA", string encoding = "UTF-8")
{
RsaKeyParameters privateKeyParam = (RsaKeyParameters)PrivateKeyFactory.CreateKey(Convert.FromBase64String(privateKeyJava));
ISigner signer = SignerUtilities.GetSigner(hashAlgorithm);
signer.Init(true, privateKeyParam);//参数为true验签,参数为false加签
var dataByte = Encoding.GetEncoding(encoding).GetBytes(data);
signer.BlockUpdate(dataByte, 0, dataByte.Length);
//return Encoding.GetEncoding(encoding).GetString(signer.GenerateSignature()); //签名结果 非Base64String
return Convert.ToBase64String(signer.GenerateSignature());
}
#endregion
#region 验签
/// <summary>
/// 基于BouncyCastle的RSA签名
/// </summary>
/// <param name="data">源数据</param>
/// <param name="publicKeyJava"></param>
/// <param name="signature">base64签名</param>
/// <param name="hashAlgorithm">JAVA的和.NET的不一样,如:MD5(.NET)等同于MD5withRSA(JAVA)</param>
/// <param name="encoding"></param>
/// <returns></returns>
public static bool VerifyJavaBouncyCastle(string data, string publicKeyJava, string signature, string hashAlgorithm = "MD5withRSA", string encoding = "UTF-8")
{
RsaKeyParameters publicKeyParam = (RsaKeyParameters)PublicKeyFactory.CreateKey(Convert.FromBase64String(publicKeyJava));
ISigner signer = SignerUtilities.GetSigner(hashAlgorithm);
signer.Init(false, publicKeyParam);
byte[] dataByte = Encoding.GetEncoding(encoding).GetBytes(data);
signer.BlockUpdate(dataByte, 0, dataByte.Length);
//byte[] signatureByte = Encoding.GetEncoding(encoding).GetBytes(signature);// 非Base64String
byte[] signatureByte = Convert.FromBase64String(signature);
return signer.VerifySignature(signatureByte);
}
#endregion
PEM格式秘钥,自己改了下源代码,能直接加载PEM的string格式的RSA。不用读取文件。改的有些不太合理,就不发了。
单元测试及调用方法
//注意SHA-512WITHRSA/PSS 对应的公私钥大小,不满足需求会报错的 key is too small
Algorithms请参见GetAlgorithms()方法。这个都是从BouncyCastle源码里拿出来的。注意.NET对应的格式。
/// <summary>
/// BouncyCastle加签/验签
/// </summary>
[TestMethod]
public void BouncyCastleSignVerify()
{
string publicKeyJava = @"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiRpgGZSOYKG36k6f56D0bHHOQZubt344qgRAVrSmw0udQCV8YsN/qpjlVAeT3gpQ1kKf7YvuR3KylXu0/ckvwya7AYsfEGiRahZcH6uElfyLKcR/6PioMvNLDB2mxgfvZXRRqfxOss8Byb6SP1/xSHPwcJQUc/u5wiczEEWKwNyVRTkjKSIKp5iA+bjN9WGdscdBkNYxZTbbKwDJvzyouiniKR5kSa/6LUMmVDlqz1ZgGfj0WK+6He1o/QoR9s7o143+JjNEzLaLkaolyOBWiBaSYYcQzpdlbi4OOvpHVpVrZ00aJDo9Q2/Dui7orKoKRcCqVDizJd80n47Tf6uVEQIDAQAB";
string privateKeyJava = @"MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCJGmAZlI5gobfqTp/noPRscc5Bm5u3fjiqBEBWtKbDS51AJXxiw3+qmOVUB5PeClDWQp/ti+5HcrKVe7T9yS/DJrsBix8QaJFqFlwfq4SV/IspxH/o+Kgy80sMHabGB+9ldFGp/E6yzwHJvpI/X/FIc/BwlBRz+7nCJzMQRYrA3JVFOSMpIgqnmID5uM31YZ2xx0GQ1jFlNtsrAMm/PKi6KeIpHmRJr/otQyZUOWrPVmAZ+PRYr7od7Wj9ChH2zujXjf4mM0TMtouRqiXI4FaIFpJhhxDOl2VuLg46+kdWlWtnTRokOj1Db8O6LuisqgpFwKpUOLMl3zSfjtN/q5URAgMBAAECggEAaLkfzIo/kqoUPEHgPGIiMS9gt5Zvg+JC0AK9Tj1g3+3C6Ht5nkrsGlf9W4kKNmE0y+RKGn12/VYr+KhsYCmrdOoBj7U/fh4RbLI1ne86MAKeHcI9XauJdpmFqnR/reXjw1/s/OV/C2+5Uutg9E2JlKkScDt7v/f4NMgSZgxoZtU0waPYj5ubhJfbvlWAGol6u0TRlklcfpuhlJAtD4WgAEQm0XmGEVkS3/eKO9vywexkM7YGV2IXqQgvdCVuCl0YGpW4v4qvVixC1b5KU+jgvcFUdHnIFfrEhtVw+byfj4sUfRFk9TCj3HwSsQNa0PnhZINKftnKJGQsP1bC43UgwQKBgQDb4wyA6UPlhR4C2jTn3RE3C87Pl6h8oYAgHzRBLvuDJctKZ3sB4AW+AJhd5Wgdhl6sr0TKPUP+UQicQhD2W8DEPT8Obo3FnCASxBIdJqyDXFL9fQ/g6WrTJ1Dojx1uAPfxWJQJsf6Fev//LbJxukQ1N2pFk/FZljYNtbWkZZqo6QKBgQCfnsBVlW27/ZL98MmlXLnIeDPqj2QtE2jAfyAP0GfaCq94QEyWYavPG9W+jPf114yebwYe4T9MUgVzLZKRFwHBKyBjKz2GgjQgC4s3v18XP/v3lS68E0mYfgiSIJ3X6CMf//RR00XX4fdBmvFxPjv85upgV5WK299gkiDkDvFx6QKBgFwBTtQJxq0c3AfZgdWavH9J44kdLhSoBtJp/BViMT8Y600Aq4mHUR/FY/u157Ci7q5Wz/PHWtHo2i93vV032xrBfcbuH0gWIZ14iRPFgN2eHeOPFrvHLzmW89W7PFcw9I35wEemQJdddgwx9L59b9jMjRz74DraDVgDNjPJh8MxAoGARyrczkvFlV/FvfsxrMze+Ia/fwFXxNE2jz0e6m4dH5ZMDe19OD9r/veGIWNw2ue0Bp+xturu8fRQAb577ry3R40W76BD2kkLPI5pD/3/Q7p/eS/Gmoxu79Kht6VbOvyBTK8uG517MnnJaDLRG5CH5oZ+UV47iqHlwoTkrUoMVKECgYB1MUZZfGFG0fP03O1zwUddUq7Z/y1MLA3fs+vDFTeM3WKGYy7C1e8/vPtNmyaD/UYBpS6FxKVBNx4+mItbJzlHE42eNR5qX0GXwWJfyBTs3DCW9NIAiOT+0dXRma2leS8mPsKzidbtnKVj+tFW2+0cPqWRgzTVAgd1Srm86S/92w==";
var algorithms = GetAlgorithms();
string data = "helo world!";
//int bbc = 0;
foreach (var item in algorithms.Keys)
{
if (!item.ToString().Contains("RSA"))
continue;
if (item.ToString() == "SHA-512WITHRSA/PSS")
{
//注意SHA-512WITHRSA/PSS 对应的公私钥大小,不满足需求会报错的 key is too small
}
string signResult = RSAHelper.RSASignJavaBouncyCastle(data, privateKeyJava, item.ToString());
bool result = RSAHelper.VerifyJavaBouncyCastle(data, publicKeyJava, signResult, item.ToString());
if (!result)
{
int a = 0;
int b = 0 / a;
}
}
}
private IDictionary GetAlgorithms()
{
IDictionary algorithms = new Hashtable();
algorithms["MD2WITHRSA"] = "MD2withRSA";
algorithms["MD2WITHRSAENCRYPTION"] = "MD2withRSA";
algorithms[PkcsObjectIdentifiers.MD2WithRsaEncryption.Id] = "MD2withRSA";
algorithms["MD4WITHRSA"] = "MD4withRSA";
algorithms["MD4WITHRSAENCRYPTION"] = "MD4withRSA";
algorithms[PkcsObjectIdentifiers.MD4WithRsaEncryption.Id] = "MD4withRSA";
algorithms["MD5WITHRSA"] = "MD5withRSA";
algorithms["MD5WITHRSAENCRYPTION"] = "MD5withRSA";
algorithms[PkcsObjectIdentifiers.MD5WithRsaEncryption.Id] = "MD5withRSA";
algorithms["SHA1WITHRSA"] = "SHA-1withRSA";
algorithms["SHA1WITHRSAENCRYPTION"] = "SHA-1withRSA";
algorithms[PkcsObjectIdentifiers.Sha1WithRsaEncryption.Id] = "SHA-1withRSA";
algorithms["SHA-1WITHRSA"] = "SHA-1withRSA";
algorithms["SHA224WITHRSA"] = "SHA-224withRSA";
algorithms["SHA224WITHRSAENCRYPTION"] = "SHA-224withRSA";
algorithms[PkcsObjectIdentifiers.Sha224WithRsaEncryption.Id] = "SHA-224withRSA";
algorithms["SHA-224WITHRSA"] = "SHA-224withRSA";
algorithms["SHA256WITHRSA"] = "SHA-256withRSA";
algorithms["SHA256WITHRSAENCRYPTION"] = "SHA-256withRSA";
algorithms[PkcsObjectIdentifiers.Sha256WithRsaEncryption.Id] = "SHA-256withRSA";
algorithms["SHA-256WITHRSA"] = "SHA-256withRSA";
algorithms["SHA384WITHRSA"] = "SHA-384withRSA";
algorithms["SHA384WITHRSAENCRYPTION"] = "SHA-384withRSA";
algorithms[PkcsObjectIdentifiers.Sha384WithRsaEncryption.Id] = "SHA-384withRSA";
algorithms["SHA-384WITHRSA"] = "SHA-384withRSA";
algorithms["SHA512WITHRSA"] = "SHA-512withRSA";
algorithms["SHA512WITHRSAENCRYPTION"] = "SHA-512withRSA";
algorithms[PkcsObjectIdentifiers.Sha512WithRsaEncryption.Id] = "SHA-512withRSA";
algorithms["SHA-512WITHRSA"] = "SHA-512withRSA";
algorithms["PSSWITHRSA"] = "PSSwithRSA";
algorithms["RSASSA-PSS"] = "PSSwithRSA";
algorithms[PkcsObjectIdentifiers.IdRsassaPss.Id] = "PSSwithRSA";
algorithms["RSAPSS"] = "PSSwithRSA";
algorithms["SHA1WITHRSAANDMGF1"] = "SHA-1withRSAandMGF1";
algorithms["SHA-1WITHRSAANDMGF1"] = "SHA-1withRSAandMGF1";
algorithms["SHA1WITHRSA/PSS"] = "SHA-1withRSAandMGF1";
algorithms["SHA-1WITHRSA/PSS"] = "SHA-1withRSAandMGF1";
algorithms["SHA224WITHRSAANDMGF1"] = "SHA-224withRSAandMGF1";
algorithms["SHA-224WITHRSAANDMGF1"] = "SHA-224withRSAandMGF1";
algorithms["SHA224WITHRSA/PSS"] = "SHA-224withRSAandMGF1";
algorithms["SHA-224WITHRSA/PSS"] = "SHA-224withRSAandMGF1";
algorithms["SHA256WITHRSAANDMGF1"] = "SHA-256withRSAandMGF1";
algorithms["SHA-256WITHRSAANDMGF1"] = "SHA-256withRSAandMGF1";
algorithms["SHA256WITHRSA/PSS"] = "SHA-256withRSAandMGF1";
algorithms["SHA-256WITHRSA/PSS"] = "SHA-256withRSAandMGF1";
algorithms["SHA384WITHRSAANDMGF1"] = "SHA-384withRSAandMGF1";
algorithms["SHA-384WITHRSAANDMGF1"] = "SHA-384withRSAandMGF1";
algorithms["SHA384WITHRSA/PSS"] = "SHA-384withRSAandMGF1";
algorithms["SHA-384WITHRSA/PSS"] = "SHA-384withRSAandMGF1";
algorithms["SHA512WITHRSAANDMGF1"] = "SHA-512withRSAandMGF1";
algorithms["SHA-512WITHRSAANDMGF1"] = "SHA-512withRSAandMGF1";
algorithms["SHA512WITHRSA/PSS"] = "SHA-512withRSAandMGF1";
algorithms["SHA-512WITHRSA/PSS"] = "SHA-512withRSAandMGF1";
algorithms["RIPEMD128WITHRSA"] = "RIPEMD128withRSA";
algorithms["RIPEMD128WITHRSAENCRYPTION"] = "RIPEMD128withRSA";
algorithms[TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD128.Id] = "RIPEMD128withRSA";
algorithms["RIPEMD160WITHRSA"] = "RIPEMD160withRSA";
algorithms["RIPEMD160WITHRSAENCRYPTION"] = "RIPEMD160withRSA";
algorithms[TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD160.Id] = "RIPEMD160withRSA";
algorithms["RIPEMD256WITHRSA"] = "RIPEMD256withRSA";
algorithms["RIPEMD256WITHRSAENCRYPTION"] = "RIPEMD256withRSA";
algorithms[TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD256.Id] = "RIPEMD256withRSA";
algorithms["NONEWITHRSA"] = "RSA";
algorithms["RSAWITHNONE"] = "RSA";
algorithms["RAWRSA"] = "RSA";
algorithms["RAWRSAPSS"] = "RAWRSASSA-PSS";
algorithms["NONEWITHRSAPSS"] = "RAWRSASSA-PSS";
algorithms["NONEWITHRSASSA-PSS"] = "RAWRSASSA-PSS";
algorithms["NONEWITHDSA"] = "NONEwithDSA";
algorithms["DSAWITHNONE"] = "NONEwithDSA";
algorithms["RAWDSA"] = "NONEwithDSA";
algorithms["DSA"] = "SHA-1withDSA";
algorithms["DSAWITHSHA1"] = "SHA-1withDSA";
algorithms["DSAWITHSHA-1"] = "SHA-1withDSA";
algorithms["SHA/DSA"] = "SHA-1withDSA";
algorithms["SHA1/DSA"] = "SHA-1withDSA";
algorithms["SHA-1/DSA"] = "SHA-1withDSA";
algorithms["SHA1WITHDSA"] = "SHA-1withDSA";
algorithms["SHA-1WITHDSA"] = "SHA-1withDSA";
algorithms[X9ObjectIdentifiers.IdDsaWithSha1.Id] = "SHA-1withDSA";
algorithms["DSAWITHSHA224"] = "SHA-224withDSA";
algorithms["DSAWITHSHA-224"] = "SHA-224withDSA";
algorithms["SHA224/DSA"] = "SHA-224withDSA";
algorithms["SHA-224/DSA"] = "SHA-224withDSA";
algorithms["SHA224WITHDSA"] = "SHA-224withDSA";
algorithms["SHA-224WITHDSA"] = "SHA-224withDSA";
algorithms[NistObjectIdentifiers.DsaWithSha224.Id] = "SHA-224withDSA";
algorithms["DSAWITHSHA256"] = "SHA-256withDSA";
algorithms["DSAWITHSHA-256"] = "SHA-256withDSA";
algorithms["SHA256/DSA"] = "SHA-256withDSA";
algorithms["SHA-256/DSA"] = "SHA-256withDSA";
algorithms["SHA256WITHDSA"] = "SHA-256withDSA";
algorithms["SHA-256WITHDSA"] = "SHA-256withDSA";
algorithms[NistObjectIdentifiers.DsaWithSha256.Id] = "SHA-256withDSA";
algorithms["DSAWITHSHA384"] = "SHA-384withDSA";
algorithms["DSAWITHSHA-384"] = "SHA-384withDSA";
algorithms["SHA384/DSA"] = "SHA-384withDSA";
algorithms["SHA-384/DSA"] = "SHA-384withDSA";
algorithms["SHA384WITHDSA"] = "SHA-384withDSA";
algorithms["SHA-384WITHDSA"] = "SHA-384withDSA";
algorithms[NistObjectIdentifiers.DsaWithSha384.Id] = "SHA-384withDSA";
algorithms["DSAWITHSHA512"] = "SHA-512withDSA";
algorithms["DSAWITHSHA-512"] = "SHA-512withDSA";
algorithms["SHA512/DSA"] = "SHA-512withDSA";
algorithms["SHA-512/DSA"] = "SHA-512withDSA";
algorithms["SHA512WITHDSA"] = "SHA-512withDSA";
algorithms["SHA-512WITHDSA"] = "SHA-512withDSA";
algorithms[NistObjectIdentifiers.DsaWithSha512.Id] = "SHA-512withDSA";
algorithms["NONEWITHECDSA"] = "NONEwithECDSA";
algorithms["ECDSAWITHNONE"] = "NONEwithECDSA";
algorithms["ECDSA"] = "SHA-1withECDSA";
algorithms["SHA1/ECDSA"] = "SHA-1withECDSA";
algorithms["SHA-1/ECDSA"] = "SHA-1withECDSA";
algorithms["ECDSAWITHSHA1"] = "SHA-1withECDSA";
algorithms["ECDSAWITHSHA-1"] = "SHA-1withECDSA";
algorithms["SHA1WITHECDSA"] = "SHA-1withECDSA";
algorithms["SHA-1WITHECDSA"] = "SHA-1withECDSA";
algorithms[X9ObjectIdentifiers.ECDsaWithSha1.Id] = "SHA-1withECDSA";
algorithms[TeleTrusTObjectIdentifiers.ECSignWithSha1.Id] = "SHA-1withECDSA";
algorithms["SHA224/ECDSA"] = "SHA-224withECDSA";
algorithms["SHA-224/ECDSA"] = "SHA-224withECDSA";
algorithms["ECDSAWITHSHA224"] = "SHA-224withECDSA";
algorithms["ECDSAWITHSHA-224"] = "SHA-224withECDSA";
algorithms["SHA224WITHECDSA"] = "SHA-224withECDSA";
algorithms["SHA-224WITHECDSA"] = "SHA-224withECDSA";
algorithms[X9ObjectIdentifiers.ECDsaWithSha224.Id] = "SHA-224withECDSA";
algorithms["SHA256/ECDSA"] = "SHA-256withECDSA";
algorithms["SHA-256/ECDSA"] = "SHA-256withECDSA";
algorithms["ECDSAWITHSHA256"] = "SHA-256withECDSA";
algorithms["ECDSAWITHSHA-256"] = "SHA-256withECDSA";
algorithms["SHA256WITHECDSA"] = "SHA-256withECDSA";
algorithms["SHA-256WITHECDSA"] = "SHA-256withECDSA";
algorithms[X9ObjectIdentifiers.ECDsaWithSha256.Id] = "SHA-256withECDSA";
algorithms["SHA384/ECDSA"] = "SHA-384withECDSA";
algorithms["SHA-384/ECDSA"] = "SHA-384withECDSA";
algorithms["ECDSAWITHSHA384"] = "SHA-384withECDSA";
algorithms["ECDSAWITHSHA-384"] = "SHA-384withECDSA";
algorithms["SHA384WITHECDSA"] = "SHA-384withECDSA";
algorithms["SHA-384WITHECDSA"] = "SHA-384withECDSA";
algorithms[X9ObjectIdentifiers.ECDsaWithSha384.Id] = "SHA-384withECDSA";
algorithms["SHA512/ECDSA"] = "SHA-512withECDSA";
algorithms["SHA-512/ECDSA"] = "SHA-512withECDSA";
algorithms["ECDSAWITHSHA512"] = "SHA-512withECDSA";
algorithms["ECDSAWITHSHA-512"] = "SHA-512withECDSA";
algorithms["SHA512WITHECDSA"] = "SHA-512withECDSA";
algorithms["SHA-512WITHECDSA"] = "SHA-512withECDSA";
algorithms[X9ObjectIdentifiers.ECDsaWithSha512.Id] = "SHA-512withECDSA";
algorithms["RIPEMD160/ECDSA"] = "RIPEMD160withECDSA";
algorithms["ECDSAWITHRIPEMD160"] = "RIPEMD160withECDSA";
algorithms["RIPEMD160WITHECDSA"] = "RIPEMD160withECDSA";
algorithms[TeleTrusTObjectIdentifiers.ECSignWithRipeMD160.Id] = "RIPEMD160withECDSA";
algorithms["GOST-3410"] = "GOST3410";
algorithms["GOST-3410-94"] = "GOST3410";
algorithms["GOST3411WITHGOST3410"] = "GOST3410";
algorithms[CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x94.Id] = "GOST3410";
algorithms["ECGOST-3410"] = "ECGOST3410";
algorithms["ECGOST-3410-2001"] = "ECGOST3410";
algorithms["GOST3411WITHECGOST3410"] = "ECGOST3410";
algorithms[CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x2001.Id] = "ECGOST3410";
return algorithms;
}