openssl使用以及C#加密和数字签名
如何使用openssl生成RSA公钥和私钥对
http://blog.csdn.net/scape1989/article/details/18959657
https://www.openssl.org/docs/manmaster/apps/rsautl.html
C# RSACryptoServiceProvider加密解密签名验签和DESCryptoServiceProvider加解密
http://www.2cto.com/kf/201007/52626.html
RSA Key Converter(XML to PEM,PEM to XML)
https://superdry.apphb.com/tools/online-rsa-key-converter
openssl
it defaulte generate RSA format , sometimes need convert to pkcs8 format generate a private key pair with pkcs8 format
openssl>pkcs8 -topk8 -inform PEM -in rsa_private_key.pem -outform PEM –nocrypt generate a private key pair with pem format
openssl>genrsa -out rsa_private_key.pem 1024 output the public key openssl>rsa -in rsa_private_key.pem -pubout -out rsa_public_key.pem use public key to encrypt data
openssl>rsautl -encrypt -in orig.txt -inkey rsa_public_key.pem -pubin -out orig.en use private key to decrypt data
openssl>rsautl -decrypt -in orig.en -inkey rsa_private_key.pem -out orig.de use private key to signature data
rsautl -sign -in orig.txt -inkey rsa_private_key.pem -out sig output the data with private key from signed data
rsautl -verify -in sig -inkey rsa_private_key.pem !!!Error:output the data with public key from signed data
rsautl -verify -in sig -inkey rsa_public_key.pem Examine the reaw signed data
rsautl -verify -in sig -inkey rsa_private_key.pem -raw -hexdump
SSOBLL
sso = newSSOBLL();
string
signature = sso.SignData(string.Empty,SSOBLL.KeyType.PrivatePEM,
sigData);
string
signature2 = sso.SignData(string.Empty,SSOBLL.KeyType.PrivateXML,
sigData);
bool
valid = sso.VerifySignData(string.Empty,SSOBLL.KeyType.PublicXML,sigData,Convert.FromBase64String(signature));
public class SSOBLL
{
public enum KeyType
{
PrivatePEM,
PublicPEM,
PrivateXML,
PublicXML
} public string SignData(string privateKeyStr, KeyType keyType, string dataStr)
{
byte[] data = Encoding.UTF8.GetBytes(dataStr);
string base64 = string.Empty;
if (keyType == KeyType.PrivatePEM)
{ string keyStr = GetKey(privateKeyStr, KeyType.PrivatePEM);
byte[] privateKey = Helpers.GetBytesFromPEM(keyStr, PemStringType.RsaPrivateKey);
RSACryptoServiceProvider rsa = Crypto.DecodeRsaPrivateKey(privateKey);
byte[] hash = rsa.SignData(data, SHA1.Create());
base64 = Convert.ToBase64String(hash);
}
if (keyType == KeyType.PrivateXML)
{
string privatekey = GetKey(privateKeyStr, keyType);
RSACryptoServiceProvider oRSA3 = new RSACryptoServiceProvider();
oRSA3.FromXmlString(privatekey);
byte[] BOutput = oRSA3.SignData(data, "SHA1");
base64 = Convert.ToBase64String(BOutput);
}
return base64;
} public bool VerifySignData(RSACryptoServiceProvider rsa, KeyType keyType, string dataStr, byte[] dataHash)
{
byte[] data = Encoding.UTF8.GetBytes(dataStr);
bool valid = false;
if (keyType == KeyType.PublicPEM)
{
RSAParameters key = rsa.ExportParameters(false); // false:公钥 true:私钥
RSACryptoServiceProvider RSAalg = new RSACryptoServiceProvider();
RSAalg.ImportParameters(key);
valid = RSAalg.VerifyData(data, new SHA1CryptoServiceProvider(), dataHash);
}
else if (keyType == KeyType.PublicXML)
{
string publickey = rsa.ToXmlString(false);//false:公钥 true:私钥
valid = VerifySignData(publickey, keyType, dataStr, dataHash);
}
return valid;
} public bool VerifySignData(string keyStr, KeyType keyType, string dataStr, byte[] dataHash)
{
byte[] data = Encoding.UTF8.GetBytes(dataStr);
bool valid = false;
if (keyType == KeyType.PublicXML)
{
RSACryptoServiceProvider oRSA4 = new RSACryptoServiceProvider();
string publickey = GetKey(keyStr, KeyType.PublicXML);
oRSA4.FromXmlString(publickey);
valid = oRSA4.VerifyData(data, "SHA1", dataHash);
}
return valid;
} private string GetKey(string keyStr, KeyType keyType)
{
string key = keyStr;
if (string.IsNullOrWhiteSpace(keyStr))
{
string KeyFile = AppDomain.CurrentDomain.BaseDirectory;
switch (keyType)
{
case KeyType.PrivatePEM:
KeyFile += @"Keys\private.pem";
break;
case KeyType.PublicPEM:
KeyFile += @"Keys\public.pem";
break;
case KeyType.PrivateXML:
KeyFile += @"Keys\private.xml";
break;
case KeyType.PublicXML:
KeyFile += @"Keys\public.xml";
break;
default:
KeyFile += @"Keys\private.pem";
break;
}
key = File.ReadAllText(KeyFile);
}
return key;
} }
public class Crypto
{
/// <summary>
/// This helper function parses an RSA private key using the ASN.1 format
/// </summary>
/// <param name="privateKeyBytes">Byte array containing PEM string of private key.</param>
/// <returns>An instance of <see cref="RSACryptoServiceProvider"/> rapresenting the requested private key.
/// Null if method fails on retriving the key.</returns>
public static RSACryptoServiceProvider DecodeRsaPrivateKey(byte[] privateKeyBytes)
{
MemoryStream ms = new MemoryStream(privateKeyBytes);
BinaryReader rd = new BinaryReader(ms); try
{
byte byteValue;
ushort shortValue; shortValue = rd.ReadUInt16(); switch (shortValue)
{
case 0x8130:
// If true, data is little endian since the proper logical seq is 0x30 0x81
rd.ReadByte(); //advance 1 byte
break;
case 0x8230:
rd.ReadInt16(); //advance 2 bytes
break;
default:
Debug.Assert(false); // Improper ASN.1 format
return null;
} shortValue = rd.ReadUInt16();
if (shortValue != 0x0102) // (version number)
{
Debug.Assert(false); // Improper ASN.1 format, unexpected version number
return null;
} byteValue = rd.ReadByte();
if (byteValue != 0x00)
{
Debug.Assert(false); // Improper ASN.1 format
return null;
} // The data following the version will be the ASN.1 data itself, which in our case
// are a sequence of integers. // In order to solve a problem with instancing RSACryptoServiceProvider
// via default constructor on .net 4.0 this is a hack
CspParameters parms = new CspParameters();
parms.Flags = CspProviderFlags.NoFlags;
parms.KeyContainerName = Guid.NewGuid().ToString().ToUpperInvariant();
parms.ProviderType = ((Environment.OSVersion.Version.Major > 5) || ((Environment.OSVersion.Version.Major == 5) && (Environment.OSVersion.Version.Minor >= 1))) ? 0x18 : 1; RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(parms);
RSAParameters rsAparams = new RSAParameters(); rsAparams.Modulus = rd.ReadBytes(Helpers.DecodeIntegerSize(rd)); // Argh, this is a pain. From emperical testing it appears to be that RSAParameters doesn't like byte buffers that
// have their leading zeros removed. The RFC doesn't address this area that I can see, so it's hard to say that this
// is a bug, but it sure would be helpful if it allowed that. So, there's some extra code here that knows what the
// sizes of the various components are supposed to be. Using these sizes we can ensure the buffer sizes are exactly
// what the RSAParameters expect. Thanks, Microsoft.
RSAParameterTraits traits = new RSAParameterTraits(rsAparams.Modulus.Length * 8); rsAparams.Modulus = Helpers.AlignBytes(rsAparams.Modulus, traits.size_Mod);
rsAparams.Exponent = Helpers.AlignBytes(rd.ReadBytes(Helpers.DecodeIntegerSize(rd)), traits.size_Exp);
rsAparams.D = Helpers.AlignBytes(rd.ReadBytes(Helpers.DecodeIntegerSize(rd)), traits.size_D);
rsAparams.P = Helpers.AlignBytes(rd.ReadBytes(Helpers.DecodeIntegerSize(rd)), traits.size_P);
rsAparams.Q = Helpers.AlignBytes(rd.ReadBytes(Helpers.DecodeIntegerSize(rd)), traits.size_Q);
rsAparams.DP = Helpers.AlignBytes(rd.ReadBytes(Helpers.DecodeIntegerSize(rd)), traits.size_DP);
rsAparams.DQ = Helpers.AlignBytes(rd.ReadBytes(Helpers.DecodeIntegerSize(rd)), traits.size_DQ);
rsAparams.InverseQ = Helpers.AlignBytes(rd.ReadBytes(Helpers.DecodeIntegerSize(rd)), traits.size_InvQ); rsa.ImportParameters(rsAparams);
return rsa;
}
catch (Exception)
{
Debug.Assert(false);
return null;
}
finally
{
rd.Close();
}
}
}
public enum PemStringType
{
Certificate,
RsaPrivateKey,
RsaPublicKey
} public class Helpers
{
/// <summary>
/// This helper function parses an integer size from the reader using the ASN.1 format
/// </summary>
/// <param name="rd"></param>
/// <returns></returns>
public static int DecodeIntegerSize(System.IO.BinaryReader rd)
{
byte byteValue;
int count; byteValue = rd.ReadByte();
if (byteValue != 0x02) // indicates an ASN.1 integer value follows
return 0; byteValue = rd.ReadByte();
if (byteValue == 0x81)
{
count = rd.ReadByte(); // data size is the following byte
}
else if (byteValue == 0x82)
{
byte hi = rd.ReadByte(); // data size in next 2 bytes
byte lo = rd.ReadByte();
count = BitConverter.ToUInt16(new[] { lo, hi }, 0);
}
else
{
count = byteValue; // we already have the data size
} //remove high order zeros in data
while (rd.ReadByte() == 0x00)
{
count -= 1;
}
rd.BaseStream.Seek(-1, System.IO.SeekOrigin.Current); return count;
} /// <summary>
///
/// </summary>
/// <param name="pemString"></param>
/// <param name="type"></param>
/// <returns></returns>
public static byte[] GetBytesFromPEM(string pemString, PemStringType type)
{
string header; string footer; switch (type)
{
case PemStringType.Certificate:
header = "-----BEGIN CERTIFICATE-----";
footer = "-----END CERTIFICATE-----";
break;
case PemStringType.RsaPrivateKey:
header = "-----BEGIN RSA PRIVATE KEY-----";
footer = "-----END RSA PRIVATE KEY-----";
break;
case PemStringType.RsaPublicKey:
header = "-----BEGIN PUBLIC KEY-----";
footer = "-----END PUBLIC KEY-----";
break;
default:
return null;
} int start = pemString.IndexOf(header) + header.Length;
int end = pemString.IndexOf(footer, start) - start;
return Convert.FromBase64String(pemString.Substring(start, end));
} /// <summary>
///
/// </summary>
/// <param name="inputBytes"></param>
/// <param name="alignSize"></param>
/// <returns></returns>
public static byte[] AlignBytes(byte[] inputBytes, int alignSize)
{
int inputBytesSize = inputBytes.Length; if ((alignSize != -1) && (inputBytesSize < alignSize))
{
byte[] buf = new byte[alignSize];
for (int i = 0; i < inputBytesSize; ++i)
{
buf[i + (alignSize - inputBytesSize)] = inputBytes[i];
}
return buf;
}
else
{
return inputBytes; // Already aligned, or doesn't need alignment
}
}
internal class RSAParameterTraits
{
public RSAParameterTraits(int modulusLengthInBits)
{
// The modulus length is supposed to be one of the common lengths, which is the commonly referred to strength of the key,
// like 1024 bit, 2048 bit, etc. It might be a few bits off though, since if the modulus has leading zeros it could show
// up as 1016 bits or something like that.
int assumedLength = -1;
double logbase = Math.Log(modulusLengthInBits, 2);
if (logbase == (int)logbase)
{
// It's already an even power of 2
assumedLength = modulusLengthInBits;
}
else
{
// It's not an even power of 2, so round it up to the nearest power of 2.
assumedLength = (int)(logbase + 1.0);
assumedLength = (int)(Math.Pow(2, assumedLength));
System.Diagnostics.Debug.Assert(false); // Can this really happen in the field? I've never seen it, so if it happens
// you should verify that this really does the 'right' thing!
} switch (assumedLength)
{
case 1024:
this.size_Mod = 0x80;
this.size_Exp = -1;
this.size_D = 0x80;
this.size_P = 0x40;
this.size_Q = 0x40;
this.size_DP = 0x40;
this.size_DQ = 0x40;
this.size_InvQ = 0x40;
break;
case 2048:
this.size_Mod = 0x100;
this.size_Exp = -1;
this.size_D = 0x100;
this.size_P = 0x80;
this.size_Q = 0x80;
this.size_DP = 0x80;
this.size_DQ = 0x80;
this.size_InvQ = 0x80;
break;
case 4096:
this.size_Mod = 0x200;
this.size_Exp = -1;
this.size_D = 0x200;
this.size_P = 0x100;
this.size_Q = 0x100;
this.size_DP = 0x100;
this.size_DQ = 0x100;
this.size_InvQ = 0x100;
break;
default:
System.Diagnostics.Debug.Assert(false); // Unknown key size?
break;
}
} public int size_Mod = -1;
public int size_Exp = -1;
public int size_D = -1;
public int size_P = -1;
public int size_Q = -1;
public int size_DP = -1;
public int size_DQ = -1;
public int size_InvQ = -1;
}
openssl使用以及C#加密和数字签名的更多相关文章
- 加密方式&数字签名
1,对称加密 2,混合加密 3.数字签名 4,带加密的数字签名
- JS和利用openssl的object C加密得到相同的aes加密密文
这是之前接到的一个工作内容,项目原本的登录操作是获得账号和密码以后,对密码进行一遍MD5加密,然后传递账号和密文到cgi文件.在c中获取到账户以后,从数据库中获取到密码,对密码进行一次MD5的加密,然 ...
- C++调用openssl库生成RSA加密秘钥对
直接上代码.默认生成的是pkcs#1格式 // ---- rsa非对称加解密 ---- // #define KEY_LENGTH 1024 // 密钥长度 #define PUB_KEY_FILE ...
- [na]非对称加密方式&带加密的数字签名交互流程
1,对称加密 2,混合加密 3.数字签名 4,带加密的数字签名
- 加密和数字签名工具GPG
转载: 源文件位置:http://blog.chinaunix.net/uid-9525959-id-2001824.html GPG [功能] GPG是加密和数字签名的免费工具,大多用于加密信息的 ...
- linux以下C 利用openssl的AES库加密,解密
OpenSSL提供了AES加解密算法的API const char *AES_options(void); AES算法状态,是所有支持或者是部分支持. 返回值:"aes(full)" ...
- openssl 下的对称加密和非对称加密
对称加密: 在加密和解密过程中使用相同的密钥, 或是两个可以简单地相互推算的密钥的加密算法. 非对称加密: 也称为公开加密, 它需要一个密钥对, 一个是公钥, 一个是私钥, 一个负责加密, 一个负责解 ...
- 从支付宝SDK的支付流程理解什么是公钥和私钥,什么是加密和数字签名
------------------- 这是自己总结: 支付宝SDK支付用到的公钥与私钥整理如下: 1.商户应用公钥 2.商户应用私钥 3.支付宝公钥 4.支付宝私钥 商户应用的公钥与私钥生 ...
- 转!!通俗理解数字加密,数字签名,数字证书和https
原博文地址:https://www.jianshu.com/p/4932cb1499bf 前言 最近在开发关于PDF合同文档电子签章的功能,大概意思就是在一份PDF合同上签名,盖章,使其具有法律效应. ...
随机推荐
- PAT(B) 1027 打印沙漏(Java)
题目链接:1027 打印沙漏 (20 point(s)) 题目描述 本题要求你写个程序把给定的符号打印成沙漏的形状.例如给定17个"*",要求按下列格式打印 ***** *** * ...
- 对于Element-ui分页进行再次的封装使用
这是我项目的分页的目录结构,话不多说,直接上代码. <template> <div class="pagination-container"> <el ...
- vue -- 数组过滤 filter (vue 表格)
如下图: 左边表格滑动滚轮,可以自动赋值右边表格: 现在是后台只有一个接口,把整个页面的数据全部返回出来了, 左边表格滑动到每一项时显示右边表格内容,但是需要code相同: 问题: 右边表格 ...
- java保证多线程的执行顺序
1. java多线程环境中,如何保证多个线程按指定的顺序执行呢? 1.1 通过thread的join方法保证多线程的顺序执行, wait是让主线程等待 比如一个main方法里面先后运行thread1, ...
- OpenStack kilo版(8) 部署cinder
直接将cinder服务和块设备都部署在controller节点上 在controller节点添加一块100G的块设备/dev/sdb 配置数据库 (root@localhost) [(none)]&g ...
- 互联网项目中mysql推荐(读已提交RC)的事务隔离级别
[原创]互联网项目中mysql应该选什么事务隔离级别 Mysql为什么不和Oracle一样使用RC,而用RR 使用RC的原因 这个是有历史原因的,当然要从我们的主从复制开始讲起了!主从复制,是基于什么 ...
- Android笔记(三) 使得Activity之间可以跳转---Intent
什么是Intent 一个APP肯定不单单由一个Activity构成,我们在使用过程中,经常需要在多个Activity中跳转,Android中Intent可以帮我们来完成在各个Activity中跳转的功 ...
- JAVA 查找某个目录是否存在,如果存在,打印出来
题目:现有如下目录结构,查找结构中是否存在Directory11,如果存在,打印出来 |---test |---|---Directory1 |---|---|---Directory11 |---| ...
- MySql 8.0服务端安装后,用navicat12连接时报2059错误_解决
先看连接错误 连接失败:2059 - Authentication plugin 'caching_sha2_password' cannot be loaded: .... 解决方法: 进入MySQ ...
- Flink原理(一)——基础架构
Flink系列博客,基于Flink1.6,打算分为三部分:原理.源码.实例以及API使用分析,后期等系列博客完成后再弄一个目录. 该系列博客是我自己学习过程中的一些理解,若有不正确.不准确的地方欢迎大 ...