Question

我一直关注Googles网站上的Oauth2 Service account文档。我也一直在挑选Googles .net client libray试图让它发挥作用。

我已经达到计算机的签名阶段。

Google的隐私密钥就像这样

清理密钥

首先，我清理了一下钥匙

private const string PrivateKeyPrefix = "-----BEGIN PRIVATE KEY-----";
private const string PrivateKeySuffix = "-----END PRIVATE KEY-----";

 /// <summary>Converts the PKCS8 private key to RSA parameters. This method uses the Bouncy Castle library.</summary>
        private static RSAParameters ConvertPKCS8ToRSAParameters(string pkcs8PrivateKey)
        {

            var base64PrivateKey = pkcs8PrivateKey.Replace(PrivateKeyPrefix, "").Replace("\r\n", "").Replace(PrivateKeySuffix, "");           
            var privateKeyBytes = Convert.FromBase64String(base64PrivateKey);
            RsaPrivateCrtKeyParameters crtParameters = (RsaPrivateCrtKeyParameters)PrivateKeyFactory.CreateKey(privateKeyBytes);           


            return DotNetUtilities.ToRSAParameters(crtParameters);
        }

导入参数

 RSAParameters rsaParameters = ConvertPKCS8ToRSAParameters(results.private_key);
 RSACryptoServiceProvider key = new RSACryptoServiceProvider();
 key.ImportParameters(rsaParameters);

错误

发生'System.Security.Cryptography.CryptographicException'   mscorlib.dll中

其他信息：错误数据。

我的想法

{p> dp值关闭我读过的所有内容都说它应该是128个字节而不是127个。

注意：

我没有使用p12。文件我正在使用Json服务帐户文件。使用X509Certificate2和p12密钥文件的答案无济于事。

{
  "private_key_id": "xxxxxx",
  "private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDcmuyQC8rwWdPQ\nmIdksgzSJbVWTU5MeUxy+HAap3yut9wR/L6KGMJ4FBYcsPmXN5gQAhErybavGoZG\nfS1X1/PCpPVpTCA4749K8gbvuZg1JEIAqMtmHiBBrJj5l8eiekQc8pd7Pq35H4wi\nJYXAJGwggPcttkLBRi0xZzd+jdwL1st+7zRt8nMao/xFibInBBvKwb/gP4mJxlQg\nnRdGO6zgMk+PLTcA5C+gFyPA4SdkylrLib5CJO9123FgcfTJZJTukeHo1v0EfU+4\n3bK8HBZnOFa4DHH4mXhkhgYMjibv4Sr/WCEoomJJwNN04SbUEdyhgpM2rZ3cvx+4\nsmB0SQflAgMBAAECggEAXZ100+/dL7++zh9cHVQdcrRDzprBplw3H/bjg7wdgftN\n7Wgm5214YQKNG6HSWORjqC9oX/+agZYs8w69xjBDJg9ggU2nwuGOGky4utQ0jiCT\nzbnTjsMsBxKaXBiXxBBEhVBBDjDcHQLRMdBggNgz9lskCYb1rxT7qqJVf2PtxCuZ\nuxw3whLMRHXvKosER12sMQgGB/0+Nk86GWCqPigpfu7Ec92V0ffcSUaq3gjIUD54\n67TduTWaRDQNB+j2yQsWQZnqRv+TvIXOjinAI+pPbvCUovtiTSZAoz3EalsiXQ0l\nUqDVx26uzEJqhB2kzvAeApuW2Nd5EPxUnf48c4xh4QKBgQDw01mEChWyENV5CBKU\nMSfY0rpAPtq7ahHRR458ZKtITDBlqiZLMjydI65Rr1XxpQ3pJZALObMdUhbvCDfm\nu4BY/lCCt+hcdt9IICvVZsgXgvb6M+Fj2IbYZcAnOm4T1Z1D3I+pW5NdK2ALQRiK\nWsGINOqWCB9WRd7nhmb/XwWyjQKBgQDqgWht5laDuLMc4qpj9finY4qmk57eT3KG\npzbVlT3h7kv7j/j6e+6o9psrqdf1PXpu9XZi3bPtPbH1fX9x5pZgJQRMP4FGOURY\nQDkJfiOOSN/8Vl0senqkscT7DSbe2BqyqQlSlTB4BBF29p1wxb5Wz5HH2BvYE2zI\ni9B4WJcAuQKBgADnajCasRYoBgUcSKWRwaqIr/ZJxhxp+4Mjl59T6WiuEIhxKQ+j\nMqMMXT0lQVdU3UaAw5enMcrsYfWnvD37ejHbUoYLFq4yLAhjRobYieu8rByoUTJE\nv8zUJPKAv6UHaj20+D0UgOsanJOuPN9YE93lBPRnN2blgD6yPHS88JKJAoGABFyh\n16F4LH0L/9aLes6BcIOeeZi3VMU/iRelInXjL8eh7CzyYZ5agxQLMNW46ZvaIiQ4\nroAXL6t9GubZrwGt/F3T5aMswWShS87uAKoy+RuL5wKoOwKQM24HDvBgr7ZvULFq\nNfoGa8UPmhneNdHHx4+W05PGeM9rr5NCLmrfbCkCgYA0nMvEDIJvU3KA3S1cQ3fs\nVopRJwqRIFFL1cHTWaEyIsxEh6i/zAUc/habK82dN3/ZDn/XvWY14k7VZPsSdDC9\noVlQj2z8DVO2K99Oxyh0VlthtecW8exjzkIPJL4srOSl/dooQZS/7ZZyaRQU/BLI\nMdzKHlUKKXWcUU+Ko8W4+w\u003d\u003d\n-----END PRIVATE KEY-----\n",
  "client_email": "dddddd-2a1f881e7rabfkt2eb1p84aisg30pedg@developer.gserviceaccount.com",
  "client_id": "ddddd-2a1f881e7rabfkt2eb1p84aisg30pedg.apps.googleusercontent.com",
  "type": "service_account"
}

Answer 1

刚刚意识到这是多久以前报道过的。我认为你找到了答案或放弃了。

您的代码现在可以正常运行 - 我在BouncyCastle 1.8.1上尝试了这个并且它可以工作，它在1.7.0上失败了。

使用的代码：

using System;
using System.Security.Cryptography;
using Newtonsoft.Json;
using Org.BouncyCastle.Crypto.Parameters;
using Org.BouncyCastle.Security;

namespace ConsoleApp1
{
    class Program
    {
        public static void Main()
        {
            var json = "{\"private_key_id\":\"xxxxxx\",\"private_key\":\"-----BEGIN PRIVATE KEY-----\\nMIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDcmuyQC8rwWdPQ\\nmIdksgzSJbVWTU5MeUxy+HAap3yut9wR/L6KGMJ4FBYcsPmXN5gQAhErybavGoZG\\nfS1X1/PCpPVpTCA4749K8gbvuZg1JEIAqMtmHiBBrJj5l8eiekQc8pd7Pq35H4wi\\nJYXAJGwggPcttkLBRi0xZzd+jdwL1st+7zRt8nMao/xFibInBBvKwb/gP4mJxlQg\\nnRdGO6zgMk+PLTcA5C+gFyPA4SdkylrLib5CJO9123FgcfTJZJTukeHo1v0EfU+4\\n3bK8HBZnOFa4DHH4mXhkhgYMjibv4Sr/WCEoomJJwNN04SbUEdyhgpM2rZ3cvx+4\\nsmB0SQflAgMBAAECggEAXZ100+/dL7++zh9cHVQdcrRDzprBplw3H/bjg7wdgftN\\n7Wgm5214YQKNG6HSWORjqC9oX/+agZYs8w69xjBDJg9ggU2nwuGOGky4utQ0jiCT\\nzbnTjsMsBxKaXBiXxBBEhVBBDjDcHQLRMdBggNgz9lskCYb1rxT7qqJVf2PtxCuZ\\nuxw3whLMRHXvKosER12sMQgGB/0+Nk86GWCqPigpfu7Ec92V0ffcSUaq3gjIUD54\\n67TduTWaRDQNB+j2yQsWQZnqRv+TvIXOjinAI+pPbvCUovtiTSZAoz3EalsiXQ0l\\nUqDVx26uzEJqhB2kzvAeApuW2Nd5EPxUnf48c4xh4QKBgQDw01mEChWyENV5CBKU\\nMSfY0rpAPtq7ahHRR458ZKtITDBlqiZLMjydI65Rr1XxpQ3pJZALObMdUhbvCDfm\\nu4BY/lCCt+hcdt9IICvVZsgXgvb6M+Fj2IbYZcAnOm4T1Z1D3I+pW5NdK2ALQRiK\\nWsGINOqWCB9WRd7nhmb/XwWyjQKBgQDqgWht5laDuLMc4qpj9finY4qmk57eT3KG\\npzbVlT3h7kv7j/j6e+6o9psrqdf1PXpu9XZi3bPtPbH1fX9x5pZgJQRMP4FGOURY\\nQDkJfiOOSN/8Vl0senqkscT7DSbe2BqyqQlSlTB4BBF29p1wxb5Wz5HH2BvYE2zI\\ni9B4WJcAuQKBgADnajCasRYoBgUcSKWRwaqIr/ZJxhxp+4Mjl59T6WiuEIhxKQ+j\\nMqMMXT0lQVdU3UaAw5enMcrsYfWnvD37ejHbUoYLFq4yLAhjRobYieu8rByoUTJE\\nv8zUJPKAv6UHaj20+D0UgOsanJOuPN9YE93lBPRnN2blgD6yPHS88JKJAoGABFyh\\n16F4LH0L/9aLes6BcIOeeZi3VMU/iRelInXjL8eh7CzyYZ5agxQLMNW46ZvaIiQ4\\nroAXL6t9GubZrwGt/F3T5aMswWShS87uAKoy+RuL5wKoOwKQM24HDvBgr7ZvULFq\\nNfoGa8UPmhneNdHHx4+W05PGeM9rr5NCLmrfbCkCgYA0nMvEDIJvU3KA3S1cQ3fs\\nVopRJwqRIFFL1cHTWaEyIsxEh6i/zAUc/habK82dN3/ZDn/XvWY14k7VZPsSdDC9\\noVlQj2z8DVO2K99Oxyh0VlthtecW8exjzkIPJL4srOSl/dooQZS/7ZZyaRQU/BLI\\nMdzKHlUKKXWcUU+Ko8W4+w==\\n-----END PRIVATE KEY-----\\n\",\"client_email\":\"dddddd-2a1f881e7rabfkt2eb1p84aisg30pedg@developer.gserviceaccount.com\",\"client_id\":\"ddddd-2a1f881e7rabfkt2eb1p84aisg30pedg.apps.googleusercontent.com\",\"type\":\"service_account\"}";

            dynamic jsonObject = JsonConvert.DeserializeObject(json);

            var rsaParams = ConvertPKCS8ToRSAParameters((string)jsonObject.private_key);

            RSACryptoServiceProvider key = new RSACryptoServiceProvider();
            key.ImportParameters(rsaParams);

            Console.WriteLine($"Key size: {key.KeySize}, DP: {rsaParams.DP.Length}");
            Console.ReadLine();
        }

        private const string PrivateKeyPrefix = "-----BEGIN PRIVATE KEY-----";
        private const string PrivateKeySuffix = "-----END PRIVATE KEY-----";

        /// <summary>Converts the PKCS8 private key to RSA parameters. This method uses the Bouncy Castle library.</summary>
        private static RSAParameters ConvertPKCS8ToRSAParameters(string pkcs8PrivateKey)
        {

            var base64PrivateKey = pkcs8PrivateKey.Replace(PrivateKeyPrefix, "").Replace("\r\n", "").Replace(PrivateKeySuffix, "");
            var privateKeyBytes = Convert.FromBase64String(base64PrivateKey);
            RsaPrivateCrtKeyParameters crtParameters = (RsaPrivateCrtKeyParameters)PrivateKeyFactory.CreateKey(privateKeyBytes);


            return DotNetUtilities.ToRSAParameters(crtParameters);
        }
    }
}

Answer 2

我已经创建了这个.net项目，它使用json和p12文件来验证服务帐户，无论是否有用户模仿。

GoogleApiServiceFactory

使用Json文件进行Google服务帐户身份验证

2 个答案: