C#等同于OpenSSL签名

时间:2018-11-28 15:05:23

标签: c# openssl cryptography sha256

我必须使用SHA256签署一些数据,并且我有一个使用OpenSSL创建的示例:

johnd@johns-machine:~/sandboxcerts$ signingString="(request-target): post /oauth2/token
date: Wed, 11 Apr 2018 15:07:23 GMT
digest: SHA-256=47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=
x-ing-reqid: e86bf09b-d772-4528-af83-ba42aa594ac4"

johnd@johns-machine:~/sandboxcerts$ signature=`printf "$signingString" | openssl dgst -sha256 -sign ~/sandboxcerts/example_client_signing.key -passin "pass:changeit" | openssl base64 -A`

我正在尝试在C#中做同样的事情:

// loading my private key
X509Certificate2 cert = new X509Certificate2(certPath, certPass);
RSACryptoServiceProvider key = cert.PrivateKey as RSACryptoServiceProvider;

string signingString = @"(request-target): post /oauth2/token
date: Wed, 11 Apr 2018 15:07:23 GMT
digest: SHA - 256 = 47DEQpj8HBSa +/ TImW + 5JCeuQeRkm5NMpJWZG3hSuFU =
        x - ing - reqid: e86bf09b - d772 - 4528 - af83 - ba42aa594ac4";

signingString = signingString.Replace("\n", string.Empty);
signingString = signingString.Replace("\r", string.Empty);
signingString = signingString.Replace("\t", string.Empty);

byte[] sig = privKey.SignData(Encoding.ASCII.GetBytes(signingString), CryptoConfig.MapNameToOID("SHA256"));
Console.WriteLine(Convert.ToBase64String(sig));

但是我没有得到相同的结果。我尝试使用不同的编码,并删除或不删除新行,制表符等。但是我仍然没有正确。

1 个答案:

答案 0 :(得分:0)

确保两者都使用相同的签名方案。 SHA256不是签名方案。这只是产生要签名的摘要的算法。基于OpenSSL CLI Wiki(https://wiki.openssl.org/index.php/Command_Line_Utilities),签名算法由签名密钥类型(RSA,DSA等)定义。如果您使用的是RSA密钥,则该方案默认为pkcs#1 v1.5。

我不是C#专家,因此可能会有更好的方法来进行PKCS#1 v1.5签名,但是我在快速谷歌搜索(https://docs.microsoft.com/en-us/dotnet/api/system.security.cryptography.rsapkcs1signatureformatter?view=netframework-4.7.2之后发现了 RSAPKCS1SignatureFormatter 。该类似乎与您已经在使用的 RSACryptoServiceProvider 一起使用。

Microsoft的示例:

            Campaign                           REM
  Polestar - Remarketing - DN - BGLR        Remarkt
  Promenade - Remarketing - BLR             Remarkt
  Polestar -                                   -
  Polestar -BLR                                -
  Urbana-Display-GSP-UK-July                Mail

编辑:进一步检查C#文档后,您也可以尝试仅对当前代码段进行较小的更改。 using System; using System.Security.Cryptography; class RSASample { static void Main() { try { //Create a new instance of RSACryptoServiceProvider. using (RSACryptoServiceProvider rsa = new RSACryptoServiceProvider()) { //The hash to sign. byte[] hash; using (SHA256 sha256 = SHA256.Create()) { byte[] data = new byte[] { 59, 4, 248, 102, 77, 97, 142, 201, 210, 12, 224, 93, 25, 41, 100, 197, 213, 134, 130, 135 }; hash = sha256.ComputeHash(data); } //Create an RSASignatureFormatter object and pass it the //RSACryptoServiceProvider to transfer the key information. RSAPKCS1SignatureFormatter RSAFormatter = new RSAPKCS1SignatureFormatter(rsa); //Set the hash algorithm to SHA256. RSAFormatter.SetHashAlgorithm("SHA256"); //Create a signature for HashValue and return it. byte[] SignedHash = RSAFormatter.CreateSignature(hash); } } catch (CryptographicException e) { Console.WriteLine(e.Message); } } } 的第三个参数是SignData(),您可以尝试为其提供RSASignaturePaddinghttps://docs.microsoft.com/en-us/dotnet/api/system.security.cryptography.rsasignaturepadding?view=netframework-4.7.2

基本上,您的第二个代码行将如下所示:

RSASignaturePadding.Pkcs1
相关问题
最新问题