数字签名错误的价值

时间:2011-11-11 02:03:41

标签: .net certificate digital-signature x509

我正在尝试为一个文本块创建数字签名。虽然我似乎能够创建签名,但它与我们的测试用例所要求的数字测试签名不同。我正在使用的代码如下。

X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
store.Open(OpenFlags.OpenExistingOnly);

X509Certificate2Collection certcol  = store.Certificates.Find(X509FindType.FindByIssuerName, "eBusiness Development CA", false);
if (certcol.Count > 0) {
    X509Certificate2 cert = certcol[0];

    System.Security.Cryptography.RSACryptoServiceProvider privateKey = cert.PrivateKey as System.Security.Cryptography.RSACryptoServiceProvider;
    System.Security.Cryptography.SHA1CryptoServiceProvider sha = new System.Security.Cryptography.SHA1CryptoServiceProvider();
    byte[] hash = sha.ComputeHash(System.Text.ASCIIEncoding.ASCII.GetBytes(txtIn.Text));

    byte[] SignedHash = privateKey.SignHash(hash, System.Security.Cryptography.CryptoConfig.MapNameToOID("SHA"));
    String val = Convert.ToBase64String(SignedHash) + Environment.NewLine + Environment.NewLine;
}  



**Below is the test certificate being used**

    -----BEGIN CERTIFICATE-----
    MIIDajCCAtOgAwIBAgIBCjANBgkqhkiG9w0BAQQFADCBhDELMAkGA1UEBhMCQVUx
    DDAKBgNVBAgTA05TVzEPMA0GA1UEBxMGU3lkbmV5MQ0wCwYDVQQKEwRBU0lDMSQw
    IgYDVQQLExtJVFNCIGVCdXNpbmVzcyBTeXN0ZW1zIFRlYW0xITAfBgNVBAMTGGVC
    dXNpbmVzcyBEZXZlbG9wbWVudCBDQTAeFw0wMjA1MjcwMzA4MDlaFw0wMzA1Mjcw
    MzA4MDlaMF0xCzAJBgNVBAYTAkFVMQwwCgYDVQQIEwNOU1cxDzANBgNVBAcTBlN5
    ZG5leTENMAsGA1UEChMEQVNJQzENMAsGA1UECxMEVGVzdDERMA8GA1UEAxMIVGVz
    dGVyIDIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM3zyt6WrajwGLx7L9b/
    ji36J5cUi3FCiAnHWT6rU4iO/0kO5GC5DhIlEVW64e29sXD7V5G+Dc1DyhweHOFC
    1nz55zci4peeg+QPj8LApexjKcCjm6y6hilN8u5YUzBG7lkI0miUcrF2zF9Kxrqo
    c/GxKL7Btdj3jGCZpwmVmQrHAgMBAAGjggEQMIIBDDAJBgNVHRMEAjAAMCwGCWCG
    SAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4E
    FgQUwvFqXS71CPKI/CUSuTqzZmTKY8AwgbEGA1UdIwSBqTCBpoAUdVgA2CTNbQWg
    /GHtVe7HDcH/Ci2hgYqkgYcwgYQxCzAJBgNVBAYTAkFVMQwwCgYDVQQIEwNOU1cx
    DzANBgNVBAcTBlN5ZG5leTENMAsGA1UEChMEQVNJQzEkMCIGA1UECxMbSVRTQiBl
    QnVzaW5lc3MgU3lzdGVtcyBUZWFtMSEwHwYDVQQDExhlQnVzaW5lc3MgRGV2ZWxv
    cG1lbnQgQ0GCAQAwDQYJKoZIhvcNAQEEBQADgYEAM3NVo4i+ndGqddZAtGxqpeE0
    dWondUaN3DV+0CpQFYfH3cblGtnTkQdgUFbBxrDrFvIuoYZWv2X1zYl3SAFbF91U
    WFxklCCmU9POoeB+j4fDqN+H69eAUZUz2vVHcLVePhNJhm64lYAhA83Rodv/sj6c
    vxkxeg9xtdlZXGrmKik=
    -----END CERTIFICATE-----
    -----BEGIN RSA PRIVATE KEY-----
    MIICXgIBAAKBgQDN88relq2o8Bi8ey/W/44t+ieXFItxQogJx1k+q1OIjv9JDuRg
    uQ4SJRFVuuHtvbFw+1eRvg3NQ8ocHhzhQtZ8+ec3IuKXnoPkD4/CwKXsYynAo5us
    uoYpTfLuWFMwRu5ZCNJolHKxdsxfSsa6qHPxsSi+wbXY94xgmacJlZkKxwIDAQAB
    AoGBALSKsd3dAxFkoJqh9rcnwhDmCUy00uSPqUfBPKfmcsz0ZjA6YNO1hfM8EW0w
    7ZuGvgVIIGT/0YOOmJ97el+yQukp8ViYQLWidLOe/IWPzWrcK+D7gBs/sGUNakWl
    Dqen6+HcUV9NBW/AvY4wWigllWx+F9fRt2Y+BLV3lO7EngsJAkEA+haLzFi4+Sdm
    SPot7f2yYy366Ktqt9XbAWbWllE/Md2kt0wFI3gs85uURIf9UIrLL+JbrPRw1rzq
    j94qXdE7TQJBANLSJpZougjyQG+rgbkf4BbUlfy9S8iKNDk4YfYviDQ4EJ99c5Mb
    qF5ukiqnPSRNuKm5iePdFT2kB/F4mbvFjGMCQQCPjqmpH7TusQMyGQqMdvkTna1O
    KjgUVxpkb5f2qaTRBx4qaeT5O17yZ/hwbm+m8EU6s4FUguzTF5a+BxXizNxxAkEA
    qZZxggbGuBGfsfTmCnRQwCzMZp4jyzMZpXnsm6xKxa7f+FxjT1AtVaFepT8Y2Q5I
    YQemm40p3AcKeL2J9VmJfwJAHTf41K9iQlbQEyq8LMF7EQ7IqwmOlebh86qJPVqE
    Fv9xZRAOzxG/ZgsXImMvWEUabqcIoXA7i9CZOJNg/kvKdw==
    -----END RSA PRIVATE KEY-----

**Below is the Data I am trying to create a digital signature for Starting from ZHDASCRA53  0700 to the end of ZTRENDRA53   22 including the new line contstant at the very end**

ZHDASCRA53  0700    956456
ZXCMIIDajCCAtOgAwIBAgIBCjANBgkqhkiG9w0BAQQFADCBhDELMAkGA1UEBhMCQVUx
ZXCDDAKBgNVBAgTA05TVzEPMA0GA1UEBxMGU3lkbmV5MQ0wCwYDVQQKEwRBU0lDMSQw
ZXCIgYDVQQLExtJVFNCIGVCdXNpbmVzcyBTeXN0ZW1zIFRlYW0xITAfBgNVBAMTGGVC
ZXCdXNpbmVzcyBEZXZlbG9wbWVudCBDQTAeFw0wMjA1MjcwMzA4MDlaFw0wMzA1Mjcw
ZXCMzA4MDlaMF0xCzAJBgNVBAYTAkFVMQwwCgYDVQQIEwNOU1cxDzANBgNVBAcTBlN5
ZXCZG5leTENMAsGA1UEChMEQVNJQzENMAsGA1UECxMEVGVzdDERMA8GA1UEAxMIVGVz
ZXCdGVyIDIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM3zyt6WrajwGLx7L9b/
ZXCji36J5cUi3FCiAnHWT6rU4iO/0kO5GC5DhIlEVW64e29sXD7V5G+Dc1DyhweHOFC
ZXC1nz55zci4peeg+QPj8LApexjKcCjm6y6hilN8u5YUzBG7lkI0miUcrF2zF9Kxrqo
ZXCc/GxKL7Btdj3jGCZpwmVmQrHAgMBAAGjggEQMIIBDDAJBgNVHRMEAjAAMCwGCWCG
ZXCSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4E
ZXCFgQUwvFqXS71CPKI/CUSuTqzZmTKY8AwgbEGA1UdIwSBqTCBpoAUdVgA2CTNbQWg
ZXC/GHtVe7HDcH/Ci2hgYqkgYcwgYQxCzAJBgNVBAYTAkFVMQwwCgYDVQQIEwNOU1cx
ZXCDzANBgNVBAcTBlN5ZG5leTENMAsGA1UEChMEQVNJQzEkMCIGA1UECxMbSVRTQiBl
ZXCQnVzaW5lc3MgU3lzdGVtcyBUZWFtMSEwHwYDVQQDExhlQnVzaW5lc3MgRGV2ZWxv
ZXCcG1lbnQgQ0GCAQAwDQYJKoZIhvcNAQEEBQADgYEAM3NVo4i+ndGqddZAtGxqpeE0
ZXCdWondUaN3DV+0CpQFYfH3cblGtnTkQdgUFbBxrDrFvIuoYZWv2X1zYl3SAFbF91U
ZXCWFxklCCmU9POoeB+j4fDqN+H69eAUZUz2vVHcLVePhNJhm64lYAhA83Rodv/sj6c
ZXCvxkxeg9xtdlZXGrmKik=
ZDCALPHA    ADAM                20110801    Y   Y                           A96373
ZTRENDRA53  22

**^ Include last newline constant** 

**Below is the expected signature**
jrnTLMj6W4vbZ/FJ13TLl+nsfsIWkbUU6UgZqIutPmQlZgB6eYWwF5noHsTc90CXXEXUV1GS3UZvedFEzr8D1cqbf4EOHYZJclcHlF/Ve47lXwggZ1G7FIlqHAmlGNcLktyLehOsyHapYY6oyqQF6by2/I9sMD5qy/LpxHObSaS=

**Below is the signature I get (which is wrong)**
C1r3XVKCl/yfg0lm67C95ozma/L1EWQFgmHV4T1RDq+yxqxCF4FN7fcmuF8eSoLuyJZWx4HnNPqTZwetmKzyDhGpzZaBf4FMfCC7bgIBWaZrHUgVmswUITbQmNZv2T2Ka4q8PpNAhPRv3VhXb2UPeuz7zcsmNwTsCRzT+gvw/c8=

任何可以产生预期签名的天才都会永远感激我。如果社区无法回答这个问题,我们愿意支付专业费用,因此很乐意接受建议。

全心全意 - 布鲁斯

1 个答案:

答案 0 :(得分:0)

我验证了您使用证书公钥提供的两个签名,两者都是正确的RSA / PKCS#1签名。然而,签名使用不同的摘要算法:您的签名使用SHA-1算法,“正确”签名使用MD5算法。这解释了签名不同的原因。

相关问题
最新问题