internal ParametersWithID GetPrivateKey()
{
var key = PrivateKeyFactory.CreateKey(Convert.FromBase64String(PrivateKey));
var parametersWithId = new ParametersWithID(key, Encoding.UTF8.GetBytes(DefaultUserId));
return(parametersWithId);
}
private ParametersWithID BuildPrivateKeyParams(string privateKey)
{
AsymmetricKeyParameter key = PrivateKeyFactory.CreateKey(Convert.FromBase64String(privateKey));
ParametersWithID parametersWithID = new ParametersWithID(key, Encoding.UTF8.GetBytes(DEFAULT_USER_ID));
return(parametersWithID);
}
/**
* sm2验签
* @param userId ID值,若无约定,使用默认:1234567812345678
* @param publicKey 公钥,二进制数据
* @param sourceData 待验签数据
* @param signData 签名值
* @return 返回是否成功
*/
public static Boolean VerifySign(byte[] userId, byte[] publicKey, byte[] sourceData, byte[] signData)
{
if (publicKey.Length == 64)
{
byte[] tmp = new byte[65];
Buffer.BlockCopy(publicKey, 0, tmp, 1, publicKey.Length);
tmp[0] = 0x04;
publicKey = tmp;
}
X9ECParameters sm2p256v1 = GMNamedCurves.GetByName("sm2p256v1");
ECDomainParameters parameters = new ECDomainParameters(sm2p256v1.Curve, sm2p256v1.G, sm2p256v1.N);
ECPublicKeyParameters pubKeyParameters = new ECPublicKeyParameters(sm2p256v1.Curve.DecodePoint(publicKey), parameters);
SM2Signer signer = new SM2Signer();
ICipherParameters param;
if (userId != null)
{
param = new ParametersWithID(pubKeyParameters, userId);
}
else
{
param = pubKeyParameters;
}
signer.Init(false, param);
signer.BlockUpdate(sourceData, 0, sourceData.Length);
return(signer.VerifySignature(signData));
}
/// <summary>
/// 验证签名
/// </summary>
/// <param name="publicKey">公钥</param>
/// <param name="content">待签名内容</param>
/// <param name="sign">签名值</param>
/// <returns></returns>
public static bool Verify(string publicKey, string content, string sign)
{
//待签名内容
byte[] message = Hex.Decode(content);
byte[] signData = Hex.Decode(sign);
// 获取一条SM2曲线参数
X9ECParameters sm2EcParameters = GMNamedCurves.GetByName("sm2p256v1");
// 构造domain参数
ECDomainParameters domainParameters = new ECDomainParameters(sm2EcParameters.Curve, sm2EcParameters.G, sm2EcParameters.N);
//提取公钥点
ECPoint pukPoint = sm2EcParameters.Curve.DecodePoint(Hex.Decode(publicKey));
// 公钥前面的02或者03表示是压缩公钥,04表示未压缩公钥, 04的时候,可以去掉前面的04
ECPublicKeyParameters publicKeyParameters = new ECPublicKeyParameters(pukPoint, domainParameters);
//创建签名实例
SM2Signer sm2Signer = new SM2Signer();
ParametersWithID parametersWithId = new ParametersWithID(publicKeyParameters, Strings.ToByteArray("1234567812345678"));
sm2Signer.Init(false, parametersWithId);
//sm2Signer.BlockUpdate();
//验证签名结果
bool verify = sm2Signer.VerifySignature(message);
return(verify);
}
protected override bool DoVerify(string content, string charset, string publicKey, string sign)
{
//加载公钥参数
ParametersWithID parametersWithID = BuildPublickKeyParams(publicKey);
//加载签名器
SM2Signer signer = new SM2Signer();
signer.Init(false, parametersWithID);
//向签名器中输入原文
byte[] input = Encoding.GetEncoding(charset).GetBytes(content);
signer.BlockUpdate(input, 0, input.Length);
//传入指定签名串进行验签并返回结果
return(signer.VerifySignature(Convert.FromBase64String(sign)));
}
protected override string DoSign(string content, string charset, string privateKey)
{
//加载私钥参数
ParametersWithID parametersWithID = BuildPrivateKeyParams(privateKey);
//加载签名器
SM2Signer signer = new SM2Signer();
signer.Init(true, parametersWithID);
//向签名器中输入原文
byte[] input = Encoding.GetEncoding(charset).GetBytes(content);
signer.BlockUpdate(input, 0, input.Length);
//将签名结果转换为Base64
return(Convert.ToBase64String(signer.GenerateSignature()));
}
/// <summary>
///
/// </summary>
/// <param name="msg"></param>
/// <param name="signature"></param>
/// <param name="id"></param>
/// <returns></returns>
public bool VerifySignWithRsAsn1(byte[] msg, byte[] signature, byte[] id = null)
{
var signer = SignerUtilities.GetSigner("SM3withSM2");
ICipherParameters cp;
if (id != null)
{
cp = new ParametersWithID(new ParametersWithRandom(key.PrivateKeyParameters), id);
}
else
{
cp = new ParametersWithRandom(key.PrivateKeyParameters);
}
signer.Init(true, cp);
signer.BlockUpdate(msg, 0, msg.Length);
return(signer.VerifySignature(RsPlainByteArrayToAsn1(signature)));
}
/// <summary>
///
/// </summary>
/// <param name="msg"></param>
/// <param name="signature"></param>
/// <param name="id"></param>
/// <returns></returns>
public bool VerifySign(byte[] msg, byte[] signature, byte[] id = null)
{
var sm2 = new SM2Signer(new SM3());
ICipherParameters cp;
if (id != null)
{
cp = new ParametersWithID(key.PublicKeyParameters, id);
}
else
{
cp = key.PublicKeyParameters;
}
sm2.Init(false, cp);
sm2.BlockUpdate(msg, 0, msg.Length);
return(sm2.VerifySignature(signature));
}
/// <summary>
///
/// </summary>
/// <param name="msg"></param>
/// <param name="id"></param>
/// <returns></returns>
public byte[] Sign(byte[] msg, byte[] id = null)
{
var sm2 = new SM2Signer(new SM3());
ICipherParameters cp;
if (id != null)
{
cp = new ParametersWithID(new ParametersWithRandom(key.PrivateKeyParameters), id);
}
else
{
cp = new ParametersWithRandom(key.PrivateKeyParameters);
}
sm2.Init(true, cp);
sm2.BlockUpdate(msg, 0, msg.Length);
return(sm2.GenerateSignature());
}
/**
* sm2签名
* @param userId ID值,若无约定,使用默认:1234567812345678
* @param privateKey 私钥,二进制数据
* @param sourceData 待签名数据
* @return 返回der编码的签名值
* @throws CryptoException
*/
public static byte[] Sign(byte[] userId, byte[] privateKey, byte[] sourceData)
{
X9ECParameters sm2p256v1 = GMNamedCurves.GetByName("sm2p256v1");
ECDomainParameters parameters = new ECDomainParameters(sm2p256v1.Curve, sm2p256v1.G, sm2p256v1.N);
ECPrivateKeyParameters priKeyParameters = new ECPrivateKeyParameters(new BigInteger(1, privateKey), parameters);
SM2Signer signer = new SM2Signer();
ICipherParameters param = null;
ParametersWithRandom pwr = new ParametersWithRandom(priKeyParameters, new SecureRandom());
if (userId != null)
{
param = new ParametersWithID(pwr, userId);
}
else
{
param = pwr;
}
signer.Init(true, param);
signer.BlockUpdate(sourceData, 0, sourceData.Length);
return(signer.GenerateSignature());
}
///**
// * 私钥签名
// * @param privateKey 私钥
// * @param content 待签名内容
// * @return
// */
//public static String sign(String privateKey, String content)
//{
// //待签名内容转为字节数组
// byte[] message = Hex.Decode(content);
// //获取一条SM2曲线参数
// X9ECParameters sm2ECParameters = GMNamedCurves.GetByName("sm2p256v1");
// //构造domain参数
// ECDomainParameters domainParameters = new ECDomainParameters(sm2ECParameters.Curve,sm2ECParameters.G, sm2ECParameters.N);
// BigInteger privateKeyD = new BigInteger(privateKey, 16);
// ECPrivateKeyParameters privateKeyParameters = new ECPrivateKeyParameters(privateKeyD, domainParameters);
// //创建签名实例
// SM2Signer sm2Signer = new SM2Signer();
// //初始化签名实例,带上ID,国密的要求,ID默认值:1234567812345678
// sm2Signer.Init(true, new ParametersWithID(new ParametersWithRandom(privateKeyParameters, SecureRandom.GetInstance("SHA1PRNG")), Strings.ToByteArray("1234567812345678")));
// //生成签名,签名分为两部分r和s,分别对应索引0和1的数组
// byte[] bigIntegers = sm2Signer.GenerateSignature();
// byte[] rBytes = modifyRSFixedBytes(bigIntegers[0].toByteArray());
// byte[] sBytes = modifyRSFixedBytes(bigIntegers[1].toByteArray());
// byte[] signBytes = ByteUtils.concatenate(rBytes, sBytes);
// String sign = Hex.toHexString(signBytes);
// return sign;
//}
///**
// * 将R或者S修正为固定字节数
// * @param rs
// * @return
// */
//private static byte[] modifyRSFixedBytes(byte[] rs)
//{
// int length = rs.length;
// int fixedLength = 32;
// byte[] result = new byte[fixedLength];
// if (length < 32)
// {
// System.arraycopy(rs, 0, result, fixedLength - length, length);
// }
// else
// {
// System.arraycopy(rs, length - fixedLength, result, 0, fixedLength);
// }
// return result;
//}
/**
* 验证签名
* @param publicKey 公钥
* @param content 待签名内容
* @param sign 签名值
* @return
*/
public static bool verify(string publicKey, string content, string sign)
{
//待签名内容
byte[] message = Hex.Decode(content);
byte[] signData = Hex.Decode(sign);
// 获取一条SM2曲线参数
X9ECParameters sm2EcParameters = GMNamedCurves.GetByName("sm2p256v1");
// 构造domain参数
ECDomainParameters domainParameters = new ECDomainParameters(sm2EcParameters.Curve, sm2EcParameters.G, sm2EcParameters.N);
//提取公钥点
ECPoint pukPoint = sm2EcParameters.Curve.DecodePoint(Hex.Decode(publicKey));
// 公钥前面的02或者03表示是压缩公钥,04表示未压缩公钥, 04的时候,可以去掉前面的04
ECPublicKeyParameters publicKeyParameters = new ECPublicKeyParameters(pukPoint, domainParameters);
//获取签名
//BigInteger R = null;
//BigInteger S = null;
//byte[] rBy = new byte[33];
//Array.Copy(signData, 0, rBy, 1, 32);
//rBy[0] = 0x00;
//byte[] sBy = new byte[33];
//Array.Copy(signData, 32, sBy, 1, 32);
//sBy[0] = 0x00;
//R = new BigInteger(rBy);
//S = new BigInteger(sBy);
//创建签名实例
SM2Signer sm2Signer = new SM2Signer();
ParametersWithID parametersWithId = new ParametersWithID(publicKeyParameters, Strings.ToByteArray("1234567812345678"));
sm2Signer.Init(false, parametersWithId);
//验证签名结果
bool verify = sm2Signer.VerifySignature(message);
return(verify);
}
