/// <summary> /// 对待签名数据签名 /// </summary> /// <param name="inData">在操作过程中请勿对流进行关闭</param> /// <param name="propertyInfo">签章属性信息</param> /// <returns></returns> public override byte[] Sign(Stream inData, string propertyInfo) { //原文杂凑值计算 GeneralDigest digest = GetDigest(); byte[] block = inData.ToArray(); digest.BlockUpdate(block, 0, block.Length); byte[] outBytes = new byte[32]; digest.DoFinal(outBytes, 0); //计算杂凑值 DerUtcTime signTime = new DerUtcTime(DateTime.Now); TbsSign tbsSign = new TbsSign { Version = new DerInteger(1), EsSeal = _seal, TimeInfo = new DerBitString(signTime), DataHash = new DerBitString(outBytes), PropertyInfo = new DerIA5String(propertyInfo), Cert = new DerOctetString(_certificate.GetEncoded()), SignatureAlgorithm = GetSignAlgOId() }; ISigner signer = SignerUtilities.GetSigner(GMObjectIdentifiers.sm2sign_with_sm3); signer.Init(true, _privateKey); byte[] signBytes = tbsSign.GetDerEncoded(); signer.BlockUpdate(signBytes, 0, signBytes.Length); byte[] sign = signer.GenerateSignature(); SesSignature sesSignature = new SesSignature(tbsSign, new DerBitString(sign)); return(sesSignature.GetDerEncoded()); }
/// <summary> /// 对待签名数据签名 /// </summary> /// <param name="inData">在操作过程中请勿对流进行关闭</param> /// <param name="propertyInfo">签章属性信息</param> /// <returns></returns> public override byte[] Sign(Stream inData, string propertyInfo) { GeneralDigest md = GetDigest(); byte[] input = inData.ToArray(); md.BlockUpdate(input, 0, input.Length); byte[] output = new byte[32]; md.DoFinal(output, 0); TbsSign tbsSign = new TbsSign { Version = SesHeader.V4, EsSeal = _seal, TimeInfo = new DerGeneralizedTime(DateTime.Now), DataHash = new DerBitString(output), PropertyInfo = new DerIA5String(propertyInfo) }; ISigner signer = SignerUtilities.GetSigner(GMObjectIdentifiers.sm2sign_with_sm3); signer.Init(true, _privateKey); byte[] toSign = tbsSign.GetDerEncoded(); signer.BlockUpdate(toSign, 0, toSign.Length); byte[] signed = signer.GenerateSignature(); SesSignature sesSignature = new SesSignature(tbsSign, new DerOctetString(_certificate.GetEncoded()), GMObjectIdentifiers.sm2sign_with_sm3, new DerBitString(signed)); return(sesSignature.GetDerEncoded()); }
/// <summary> /// 签名数据验证 /// </summary> /// <param name="type">电子签名类型</param> /// <param name="tbsContent">待签章内容</param> /// <param name="signedValue">电子签章数据或签名值(SignedValue.xml文件内容)</param> public override VerifyResult Validate(SigType type, byte[] tbsContent, byte[] signedValue) { if (type == SigType.Sign) { throw new ArgumentOutOfRangeException(nameof(type), "签名类型(type)必须是 Seal,不支持电子印章验证"); } //计算原文摘要 SM3Digest md = new SM3Digest(); md.BlockUpdate(tbsContent, 0, tbsContent.Length); byte[] output = new byte[32]; md.DoFinal(output, 0); SesSignature sesSignature = SesSignature.GetInstance(signedValue); TbsSign toSign = sesSignature.TbsSign; byte[] exceptHash = toSign.DataHash.GetOctets(); if (!Arrays.AreEqual(output, exceptHash)) { return(VerifyResult.SignedNotMatch); } //加载证书 byte[] certDer = sesSignature.Cert.GetOctets(); X509CertificateParser parser = new X509CertificateParser(); X509Certificate cert = parser.ReadCertificate(certDer); //判断证书是否过期 if (!cert.IsValid(DateTime.Now)) { return(VerifyResult.SealOutdated); } //获取签名验证对象 ISigner signer = SignerUtilities.GetSigner(sesSignature.SignatureAlgId); AsymmetricKeyParameter p = cert.GetPublicKey(); signer.Init(false, p); byte[] buf = toSign.GetDerEncoded(); signer.BlockUpdate(buf, 0, buf.Length); //预期的电子签章数据,签章值 byte[] expect = sesSignature.Signature.GetOctets(); //验证签名 bool result = signer.VerifySignature(expect); return(result ? VerifyResult.Success : VerifyResult.SealTampered); }
public override VerifyResult Validate(SigType type, byte[] tbsContent, byte[] signedValue) { if (type == SigType.Sign) { throw new ArgumentOutOfRangeException(nameof(type), "签名类型(type)必须是 Seal,不支持电子印章验证"); } // 计算原文摘要 GeneralDigest md = new SM3Digest(); md.BlockUpdate(tbsContent, 0, tbsContent.Length); byte[] expect = new byte[32]; md.DoFinal(expect, 0); SesSignature sesSignature = SesSignature.GetInstance(signedValue); TbsSign toSign = sesSignature.ToSign; byte[] expectDataHash = toSign.DataHash.GetOctets(); // 比较原文摘要 if (!Arrays.AreEqual(expect, expectDataHash)) { return(VerifyResult.SignedTampered); } // 预期的电子签章数据,签章值 byte[] expSigVal = sesSignature.Signature.GetOctets(); ISigner sg = SignerUtilities.GetSigner(toSign.SignatureAlgorithm); byte[] certDer = toSign.Cert.GetOctets(); // 构造证书对象 X509Certificate x509Certificate = new X509CertificateParser().ReadCertificate(certDer); AsymmetricKeyParameter p = x509Certificate.GetPublicKey(); sg.Init(false, p); byte[] input = toSign.GetDerEncoded(); sg.BlockUpdate(input, 0, input.Length); if (!sg.VerifySignature(expSigVal)) { return(VerifyResult.SignedTampered); } return(VerifyResult.Success); }
public override void Validate(SigType type, string signAlgName, byte[] tbsContent, byte[] signedValue) { if (type == SigType.Sign) { throw new ArgumentOutOfRangeException(nameof(type), "签名类型(type)必须是 Seal,不支持电子印章验证"); } // 计算原文摘要 GeneralDigest md = new SM3Digest(); md.BlockUpdate(tbsContent, 0, tbsContent.Length); byte[] expect = new byte[32]; md.DoFinal(expect, 0); SesSignature sesSignature = SesSignature.GetInstance(signedValue); TbsSign toSign = sesSignature.ToSign; byte[] expectDataHash = toSign.DataHash.GetOctets(); // 比较原文摘要 if (!Arrays.AreEqual(expect, expectDataHash)) { //throw new InvalidSignedValueException("Signature.xml 文件被篡改,电子签章失效。("+ toSign.getPropertyInfo().getString() + ")"); } //sg.initVerify(signCert); //sg.update(toSign.getEncoded("DER")); //if (!sg.verify(expSigVal)) //{ // throw new InvalidSignedValueException("电子签章数据签名值不匹配,电子签章数据失效。"); //} // 预期的电子签章数据,签章值 byte[] expSigVal = sesSignature.Signature.GetOctets(); //Signature sg = Signature(toSign.getSignatureAlgorithm().getId(),new BouncyCastleProvider()); ISigner sg = SignerUtilities.GetSigner(GMObjectIdentifiers.sm2encrypt_with_sm3); byte[] certDER = toSign.Cert.GetOctets(); //new X509V1CertificateGenerator().Generate() // 构造证书对象 //Certificate signCert = new CertificateFactory().engineGenerateCertificate(new ByteArrayInputStream(certDER)); //X509Certificate x509Certificate = new X509Certificate(new X509CertificateStructure(TbsCertificateStructure.GetInstance(certDER), null, new DerBitString(certDER))); X509Certificate x509Certificate = new X509CertificateParser().ReadCertificate(certDER); //x509Certificate.Verify(); AsymmetricKeyParameter p = x509Certificate.GetPublicKey(); sg.Init(false, p); //System.Security.Cryptography.X509Certificates.X509Certificate x509 = new System.Security.Cryptography.X509Certificates.X509Certificate(certDER); //sg.Init(false,new ECPublicKeyParameters()); // 获取一条SM2曲线参数 X9ECParameters sm2EcParameters = GMNamedCurves.GetByName("sm2p256v1"); // 构造domain参数 ECDomainParameters domainParameters = new ECDomainParameters(sm2EcParameters.Curve, sm2EcParameters.G, sm2EcParameters.N); //提取公钥点 ECPoint pukPoint = sm2EcParameters.Curve.DecodePoint(certDER); // 公钥前面的02或者03表示是压缩公钥,04表示未压缩公钥, 04的时候,可以去掉前面的04 ECPublicKeyParameters publicKeyParameters = new ECPublicKeyParameters(pukPoint, domainParameters); sg.Init(false, publicKeyParameters); byte[] input = toSign.GetDerEncoded(); sg.BlockUpdate(input, 0, input.Length); bool pass = sg.VerifySignature(expSigVal); if (!pass) { throw new Exception(); } }