要求 我们的网站将把我们的客户发送到第三方网站,并且第三方要求我们: •创建一个RSA签名,为我们生成一个我们将创建的令牌的值,该令牌包括(时间戳+“ |” +策略编号),并在重定向期间将其传递到查询字符串url中。创建签名时,我们将使用第三方提供的唯一证书,其中包含在签名时使用的正确密钥。 •然后第三方将验证签名并从令牌中检索数据
我有用于令牌创建签名和验证的代码,请参阅下面的EX-A代码以及.NET生成RSA密钥。
我们还没有带有密钥的第三方证书。由于我是新手,因此我想准备编码以使用它们提供的密钥。我有一些非常基本的问题,请给我帮助和指导。
问题
1.是否可以一次提取其密钥并将其放入C#常量变量编译的dll以在网站上使用?
如果是这样,我如何更改下面的代码以使用该键?
2.如果无法进行一次提取-必须将其存储在Web服务器和我的本地计算机上以运行我的本地网站,请说明步骤和提取方法。应该在哪里存储?它将是什么类型的文件?
EX-A代码 该代码可以正常工作,并且使用.NET生成的RSA密钥
公共类VfbRSASafeliteCryption {
public static string SafeliteEncodedSignature(string policyNumber)
{
var returnSignature = string.Empty;
try
{
var requestedPolicyNumber = policyNumber;
if (string.IsNullOrWhiteSpace(requestedPolicyNumber))
{
return string.Empty;
}
var currentDateTime = DateTime.Now;
String timeStamp = currentDateTime.ToString("yyyyMMddHHmmss");
//TOKEN is data to sign. timestamp+ | + polnum
String tokenString = timeStamp + "|" + policyNumber;
// Create a UnicodeEncoder to convert between byte array and string.
ASCIIEncoding ByteConverter = new ASCIIEncoding();
// Create byte arrays to hold original, encrypted
byte[] originalData = ByteConverter.GetBytes(tokenString);
byte[] signedData;
// Create a new instance of the RSACryptoServiceProvider class automatically create a new key-pair.
RSACryptoServiceProvider RSAalg = new RSACryptoServiceProvider();
// Export the key information to an RSAParameters object.
// You must pass true to export the private key for signing.
// However, you do not need to export the private key
// for verification.
RSAParameters Key = RSAalg.ExportParameters(true); //TODO use a key from safelite
// Hash and sign the data.
signedData = HashAndSignBytes(originalData, Key);
// Verify the data
if (VerifySignedHash(originalData, signedData, Key))
{
//64encode
returnSignature = Convert.ToBase64String(signedData);
}
else
{
//todo logging
return string.Empty;
}
}
catch (Exception ex)
{
//todo logging
return string.Empty;
}
return returnSignature;
}
public static byte[] HashAndSignBytes(byte[] DataToSign, RSAParameters Key)
{
// Create a new instance of RSACryptoServiceProvider using the
// key from RSAParameters.
using (var RSAalg = new RSACryptoServiceProvider())
{
try
{
RSAalg.ImportParameters(Key);
// Hash and sign the data. Pass a new instance of SHA1CryptoServiceProvider
// to specify the use of SHA1 for hashing.
return RSAalg.SignData(DataToSign, new SHA1CryptoServiceProvider());
// ALT code below
// return RSAalg.SignData(DataToSign, CryptoConfig.MapNameToOID("SHA512"));
}
catch (CryptographicException e)
{
Console.WriteLine(e.Message);
return null;
}
finally
{
// Set the keycontainer to be cleared when rsa is garbage collected.
RSAalg.PersistKeyInCsp = false;
}
}
}
public static bool VerifySignedHash(byte[] DataToVerify, byte[] SignedData, RSAParameters Key)
{
// Create a new instance of RSACryptoServiceProvider using the
// key from RSAParameters.
using (var RSAalg = new RSACryptoServiceProvider())
{
try
{
RSAalg.ImportParameters(Key);
// Verify the data using the signature. Pass a new instance of SHA1CryptoServiceProvider
// to specify the use of SHA1 for hashing.
return RSAalg.VerifyData(DataToVerify, new SHA1CryptoServiceProvider(), SignedData);
//ALT CODE
// return RSAalg.VerifyData(DataToVerify, CryptoConfig.MapNameToOID("SHA512"), SignedData);
}
catch (CryptographicException e)
{
Console.WriteLine(e.Message);
return false;
}
finally
{
// Set the keycontainer to be cleared when rsa is garbage collected.
RSAalg.PersistKeyInCsp = false;
}
}
}
}