我正在尝试使用C# OpenSSL 验证 (created using openssl_sign with SHA1 in PHP) 签名RSACryptoProvider.VerifyData。它使用正确的公钥证书返回false。
有关如何成功完成此操作的想法吗?
编辑:
我尝试使用BouncyCastle使用以下代码验证OpenSSL SHA1签名,但验证失败。签名的计算方式不同吗?如何使用可由.NET验证的OpenSSL创建签名?
byte[] signatureBytes = UTF8Encoding.Default.GetBytes(signature);
byte[] dataBytes = UTF8Encoding.Default.GetBytes(data);
StreamReader sr = new StreamReader(Path.Combine(@"C:\test", @"test\test.crt"));
PemReader pr = new PemReader(sr);
Org.BouncyCastle.X509.X509Certificate cert = (Org.BouncyCastle.X509.X509Certificate)pr.ReadObject();
ISigner sig = SignerUtilities.GetSigner("SHA1WithRSAEncryption");
sig.Init(false, cert.GetPublicKey());
sig.BlockUpdate(dataBytes, 0, dataBytes.Length);
if (sig.VerifySignature(signatureBytes)) {
Console.WriteLine("all good!");
}
PHP代码:
function signTokenWithPrivateKey($message, $keyLocation) {
try {
if (file_exists($keyLocation)) {
$privateKey= openssl_get_privatekey(file_get_contents($keyLocation));
$signature = '';
if (!openssl_sign($message, $signature, $privateKey)) {
die('Failed to encrypt');
}
openssl_free_key($privateKey);
}
}
catch (Exception $ex) {
}
return $signature;
}
答案 0 :(得分:2)
以下代码应该为您解决问题。 它从给定的文件路径加载证书,然后使用公钥根据给定的签名验证数据。如果有效,则返回true。
byte[] signature = Convert.FromBase64String(Signature);
byte[] data = Encoding.UTF8.GetBytes(Data);
var x509 = new X509Certificate2(Path.Combine(@"C:\test", @"test\test.crt"));
var rsa = x509.PublicKey.Key as RSACryptoServiceProvider;
if (rsa == null)
{
LogMessage("Authorize", "Invalid", Level.Alert);
return false;
}
string sha1Oid = CryptoConfig.MapNameToOID("SHA1");
//use the certificate to verify data against the signature
bool sha1Valid = rsa.VerifyData(data, sha1Oid, signature);
return sha1Valid;