使用带有密码私钥的RSA解密消息使用C#中的pem文件

时间:2018-02-07 00:06:29

标签: c# encryption bouncycastle pem .net-core-2.0

我尝试解码HelloWorks回调签名以增加端点的安全性。因为它停留在documentation我需要使用以下openssl命令生成私钥:

openssl genrsa -des3 -out helloworks.pem 4096

然后创建公钥:

openssl rsa -in helloworks.pem -outform PEM -pubout -out public.pem

我创建了两个密钥并对其进行了配置。现在我需要解码base64由他们发送的X-Helloworks-Signature,然后使用私钥解密结果。

我一直在尝试用C#做几种方法,但没有运气。我使用BouncyCastle库完成的一种方法是:

        var signature = mvcContext.HttpContext.Request.Headers["X-Helloworks-Signature"];

        var url = mvcContext.HttpContext.Request.Path.Value;

        var bytesToDecrypt = Convert.FromBase64String(signature);

        AsymmetricCipherKeyPair keyPair;

        var pemPath = Path.Combine(env.ContentRootPath, "./helloworks.pem");
        using (var reader = File.OpenText(pemPath))
            keyPair = (AsymmetricCipherKeyPair)new PemReader(reader, new PasswordFinder("password")).ReadObject();

        var decryptEngine = new Pkcs1Encoding(new RsaEngine());
        decryptEngine.Init(false, keyPair.Private);

        var decryptedToken = Encoding.UTF8.GetString(decryptEngine.ProcessBlock(bytesToDecrypt, 0, bytesToDecrypt.Length));

但它总是抛出相同的异常消息:

Org.BouncyCastle.Crypto.DataLengthException: 'input too large for RSA cipher.'

我一直在尝试我在SO和网络上找到的其他方法,但没有运气。

如何使用私钥pem文件解密C#中的签名,特别是.Net Core 2?

更新1

签名的一个例子是:

X-Helloworks-Signature: bGNTNUVOZ0w5akx4U1VXUTFrcHQ0ZmZSZU1KQnNpbDhwVDFGVllSMzF5aVdtQkZOcTRMTFNrY2FmV3o5aFZJVk5rbmVRUEdydTZLZ1BHQ1dCdkFYVVRMWUs1bUYxSXplam5mZVEwVFZvMjFZRS1rM0l4SDBkNU45clJDX1RYOVZPcThwUzI5V2pTd1k2d0kxaGQ0VXpiSkU2NERJaVljaWxCWkJwVVJhN0NRcGphbkxlZV8tZFMxQWtUbTdRUHdEVTZtVDNnc2ZPQkNiMFZMeUR2TGVtdmVTZldXZnVUOXg0NTRYSU1rZjE3elRvR0xHT29YeEpKWjk5LUcyc3VjWkk5NWpmRldvaGo0S2Z0dXV1SHMtMmpZajZuNXhpMFI5S0hmT2xNRkRwRlFtbEpUbG9TTURGREVPeDE3RjNoX1NXMk1RSUR2b2hGazBtTkstMk9OVHhHQ05tQXhuS1c5Nm9SN0N4QlJnQ2xyLXlvOXJTWXp2anNlVVhGZ0hqakYzZE8ybGhUdXFPV1A0NU9TaUVoY21zSHVMRnV0Zy10a0J5QTJLYTB2Yk1sNi1wMVlLR09QZVdMVm9QN0k5ellyWFdNRFl0S2dPaXZkSldEa1B0SmdvbVMwbU1DdWMyblBFUHFxUTEtQkdJMHNFdjNNWVFfYVNjeGJsZ2p2VHVZZzRmZy1VXzk3R0pON1ZsM1IwWllZSF9QU2syQll6LTN3Vjc3QjMxbGFjT3lWSU15WDVJdktKWXIwTXZMQ190cjIwZk9hZkx5c011eWpsSXV6Tl96Q2VHbkpfbkJiQnJYNXNyNmktZDB4UW9rc0JKSUtUZUNMR3dVWWEtVEJVUE5FeWplM09RT0NOYW02R242OEdLeDRZdTlzZDVNa1BCQ1B6NTI3aUhoYm9aLTg9

1 个答案:

答案 0 :(得分:1)

感谢 James K Polk 评论,我结束了以下方法:

    private static byte[] Base64Decode(StringValues signature)
    {
        string incoming = signature.ToString().Replace('_', '/').Replace('-', '+');
        switch (signature.ToString().Length % 4)
        {
            case 2:
                incoming += "==";
                break;
            case 3:
                incoming += "=";
                break;
        }

        return Convert.FromBase64String(incoming);
    }

并修改我的代码:

var bytesToDecrypt = Convert.FromBase64String(signature);

为:

var decoded = Base64Decode(signature);
var text = Encoding.ASCII.GetString(decoded);
var bytesToDecrypt = Base64Decode(text);

我需要使用URL安全版本的base64解码对签名进行两次解码。

相关问题
最新问题