/// <summary>
/// Verify a signature.
/// Throws only on unexpected failures.
/// </summary>
/// <param name="data">Data, utf8</param>
/// <param name="signature">Signature, base64</param>
/// <returns>True or false (or throws)</returns>
public static bool Verify(string data, string signature)
{
// Construct the cert
byte[] certdata = new System.Text.ASCIIEncoding().GetBytes(CERT);
byte[] rawdata = Encoding.UTF8.GetBytes(data);
// Compute hash of the raw data.
SHA1 sha = new SHA1CryptoServiceProvider();
byte[] contenthash = sha.ComputeHash(rawdata);
// Base64-decode the signature
int sl = (signature.Length % 4);
if (sl > 0)
{
for (int j = 0; j < 4 - sl; j++)
{
signature += "=";
}
}
byte[] sigdata = Convert.FromBase64String(signature);
bool ok = false;
X509Certificate2 cert = new X509Certificate2(certdata);
RSAPKCS1SignatureDeformatter RSADeformatter = new RSAPKCS1SignatureDeformatter();
RSADeformatter.SetHashAlgorithm("SHA1");
RSADeformatter.SetKey(cert.PublicKey.Key);
ok = RSADeformatter.VerifySignature(contenthash, sigdata);
return(ok);
}
public bool VerifyingSignature(string publicKey, string base64Signature, string base64Cypher, int bitSize = 2048, string hashType = "SHA1")
{
RSACryptoServiceProvider RSA = default;
bool hasVerify = false;
try
{
RSAParameters _key = publicKey.ToRsaParametersXML();
byte[] _bytesCypher = Convert.FromBase64String(base64Cypher);
byte[] _bytesSignature = Convert.FromBase64String(base64Signature);
RSA = new RSACryptoServiceProvider(bitSize);
RSA.ImportParameters(_key);
RSAPKCS1SignatureDeformatter RsaDeformatter = new RSAPKCS1SignatureDeformatter();
RsaDeformatter.SetKey(RSA);
RsaDeformatter.SetHashAlgorithm(hashType);
hasVerify = RsaDeformatter.VerifySignature(_bytesCypher, _bytesSignature);
}
catch (Exception ex)
{
Console.WriteLine("VerifyingSignature FAIL: {0}", ex.Message);
}
finally
{
RSA.Dispose();
}
return(hasVerify);
}
public void VerifySignatureNullSignature()
{
RSAPKCS1SignatureDeformatter fmt = new RSAPKCS1SignatureDeformatter();
fmt.SetHashAlgorithm("SHA1");
fmt.SetKey(rsa);
byte[] hash = new byte [20];
fmt.VerifySignature(hash, null);
}
// TODO: This doesn't work on mono for some reason. Investigate.
public static bool IsSignedBy(TmodFile mod, string xmlPublicKey)
{
var f = new RSAPKCS1SignatureDeformatter();
var v = AsymmetricAlgorithm.Create("RSA");
f.SetHashAlgorithm("SHA1");
v.FromXmlString(xmlPublicKey);
f.SetKey(v);
return(f.VerifySignature(mod.hash, mod.signature));
}
public void VerifySignatureWithBadHash()
{
RSAPKCS1SignatureDeformatter fmt = new RSAPKCS1SignatureDeformatter();
fmt.SetKey(rsa);
// no hash algorithm
byte[] hash = new byte [1];
byte[] signature = new byte [1];
fmt.VerifySignature(hash, signature);
}
public void VerifySignatureNullHash()
{
RSAPKCS1SignatureDeformatter fmt = new RSAPKCS1SignatureDeformatter();
fmt.SetHashAlgorithm("SHA1");
fmt.SetKey(rsa);
byte[] hash = null;
byte[] signature = new byte [128];
fmt.VerifySignature(hash, signature);
}
/// <summary>
/// Verifies a PKS1 signature of SHA1 digest
/// </summary>
/// <param name="xParam">Keys</param>
/// <param name="xHash">Hash to sign</param>
/// <param name="xSignature">Outputs the signature</param>
/// <returns></returns>
public static bool SignatureVerify(RSAParameters xParam, byte[] xHash, byte[] xSignature)
{
var xRSACrypto = new RSACryptoServiceProvider();
var xRSASigDeformat = new RSAPKCS1SignatureDeformatter();
xRSACrypto.ImportParameters(xParam);
xRSASigDeformat.SetHashAlgorithm("SHA1");
xRSASigDeformat.SetKey(xRSACrypto);
try { return(xRSASigDeformat.VerifySignature(xHash, xSignature)); }
catch { throw CryptoExcepts.CryptoVeri; }
}
private RSAPKCS1SignatureDeformatter GetDefaultDeformatter(string hashName)
{
// no need for the private key
RSA rsa = RSA.Create();
rsa.ImportParameters(AllTests.GetRsaKey(false));
RSAPKCS1SignatureDeformatter fmt = new RSAPKCS1SignatureDeformatter();
fmt.SetKey(rsa);
fmt.SetHashAlgorithm(hashName);
return(fmt);
}
private bool verify(byte[] signature, byte[] message)
{
if (certificate.PublicKey == null)
{
throw new Exception("a public key is required " +
" OAuthConsumer.setProperty when " +
"verifying RSA-SHA1 signatures.");
}
using (HashAlgorithm hasher = HashAlgorithm.Create("SHA1"))
{
RSAPKCS1SignatureDeformatter signatureDeformatter = new RSAPKCS1SignatureDeformatter(certificate.PrivateKey);
signatureDeformatter.SetKey(certificate.PublicKey.Key);
signatureDeformatter.SetHashAlgorithm("SHA1");
byte[] hash = hasher.ComputeHash(message);
return(signatureDeformatter.VerifySignature(hash, signature));
}
}
/// <summary>
/// Validiert einen signierten String
/// </summary>
/// <param name="textToValidate">Der unsignierte Text welcher mit der Signatur überprüft werden soll.</param>
/// <param name="signToValidate">Die Signatur des Textes.</param>
/// <param name="publicKey">Der öffentliche Schlüssel.</param>
/// <returns></returns>
public static bool validateSign(string textToValidate, string signToValidate, string publicKey)
{
//Initialisieren der Provider
var rsacryptoprov = new RSACryptoServiceProvider();
var rsaDeFormatter = new RSAPKCS1SignatureDeformatter(rsacryptoprov);
System.Security.Cryptography.RSA rsa = System.Security.Cryptography.RSA.Create();
var sha1 = new SHA1Managed();
var encoding = new ASCIIEncoding();
//Zuweisen des Hashalgorithmus und des öffentlichen Schlüssels
rsaDeFormatter.SetHashAlgorithm("SHA1");
rsa.FromXmlString(publicKey);
rsaDeFormatter.SetKey(rsa);
//String nach Byte[]
byte[] hashed_value = encoding.GetBytes(textToValidate);
byte[] signed_value = Convert.FromBase64String(signToValidate);
//Signatur validieren und wert zurückgeben true/false
return(rsaDeFormatter.VerifySignature(sha1.ComputeHash(hashed_value), signed_value));
}
static void Main(string[] args)
{
#if TEST_VERIFY_SIGNATURE
string
inputString = "{\"ExpirationDate\":\"2017-04-04T18:37:50.2396443Z\",\"Id\":\"6703cd90-cc9b-4153-81bd-d5ee397bc085\",\"Key\":null,\"Name\":\"ST Чикаго Юнит. Базовая лицензия на 1 пользователя\",\"UserId\":7318349394477057,\"UserName\":\"STDev User 1\",\"ProductId\":\"3434333d-0eb2-4f01-9b0f-8a9e83c8c945\",\"Version\":{\"Major\":1,\"Minor\":0,\"Build\":0,\"Revision\":-1,\"MajorRevision\":-1,\"MinorRevision\":-1},\"CustomerId\":\"04a83e85-8714-44d6-b167-7f7b0d27d0c2\",\"CustomerName\":\"ST.development\",\"DistributorId\":null,\"DistributorName\":null}",
RSAKey = "<RSAKeyValue><Modulus>aH29MQQRYuZuAzBFCB/ZGfFBYjB7yTs4TTQxndQ6BuhHl0CpI0EU9MCjI6MrbIDGa07gJ5qr0f3CxRLIT3Pm0FctGh7x3j3WKPokZlgWwotWtLZvNEF/E+dgXwIMp8d88vdETorbh6zt2Gl7ATunbvsHzeQaKVmlea5d0kvOTMCFZfwadQQt+qSHHQDbtsjdu6xxAQCo/JCRnbKzXPAIbADWFVTzmMdwqMBQ6XHHlpft7dtmJpocCBawOPEPELA6ZrrmLscC+l7hSa6kg8zHi/ZomDf2C8q8TGJL3LAXDuleSiA/epOgLqDBVnIQRER7L4Km/pT9/ALkcTlGVahGWQ==</Modulus><Exponent>JQ==</Exponent></RSAKeyValue>",
signatureStr = "DoBt429dlJCL4UxMgoyQdFaHov+l3ifSqZgYxoq+7+OOApNaHhxqdaKdwVpA1VypiYbH2hcLMZsslMhudhpjtEC2RD7MD9IK8OeWEMZvl6Q0z9Q8/HBy8mePw0amWSXa794KCgZrtT4/K8AODXZv7sXSS+rwyCdPZ6a45JcsR2v6Jqhp3a1pYQhPcNs+3g51AI+/cpllqPeVIaXA6LPHnjU9dp8ate58vg0nnBDj0PW4i2Fh+tgMU8ALOXxNuVK6HPlc8lNLUuwEJKcaBiw1PDwPE4Ul4cZA5L3iiZxrAV+DdbNjesEJfCCruDbUbZcQUDwUs6sIzlZLsE4B2xVRrw==";
var asymmetricAlgorithm = new RSACryptoServiceProvider();
var hashAlgorithm = new SHA512Managed();
var signatureDeformatter = new RSAPKCS1SignatureDeformatter();
asymmetricAlgorithm.FromXmlString(RSAKey);
signatureDeformatter.SetKey(asymmetricAlgorithm);
signatureDeformatter.SetHashAlgorithm("SHA512");
byte[]
hash = hashAlgorithm.ComputeHash(Encoding.UTF8.GetBytes(inputString)),
signature = Convert.FromBase64String(signatureStr);
var isOk = signatureDeformatter.VerifySignature(hash, signature);
#endif
}
/// <summary>
/// Verifies a PKS1 signature of SHA1 digest
/// </summary>
/// <param name="xParam">Keys</param>
/// <param name="xHash">Hash to sign</param>
/// <param name="xSignature">Outputs the signature</param>
/// <returns></returns>
public static bool SignatureVerify(RSAParameters xParam, byte[] xHash, byte[] xSignature)
{
RSACryptoServiceProvider xRSACrypto = new RSACryptoServiceProvider();
RSAPKCS1SignatureDeformatter xRSASigDeformat = new RSAPKCS1SignatureDeformatter();
try { xRSACrypto.ImportParameters(xParam); }
catch (Exception xerror) { throw xerror; }
xRSASigDeformat.SetHashAlgorithm("SHA1");
xRSASigDeformat.SetKey(xRSACrypto);
try { return xRSASigDeformat.VerifySignature(xHash, xSignature); }
catch { throw CryptoExcepts.CryptoVeri; }
}
public void SetNullKey()
{
RSAPKCS1SignatureDeformatter fmt = new RSAPKCS1SignatureDeformatter();
fmt.SetKey(null);
}
public void SetDSAKey()
{
RSAPKCS1SignatureDeformatter fmt = new RSAPKCS1SignatureDeformatter();
fmt.SetKey(dsa);
}
public static bool VerifyHash(byte[] hashData, string signature, string publicKey)
{
if (hashData == null)
{
throw new ArgumentNullException("空的哈西值");
}
if (hashData.Length == 0)
{
throw new ArgumentNullException("零长度的哈西值");
}
if (signature == null)
{
throw new ArgumentNullException("空的数字签名");
}
if (signature.Length == 0)
{
throw new ArgumentNullException("零长度的数字签名");
}
if (publicKey == null)
{
throw new ArgumentNullException("空的公钥字符串");
}
if (publicKey.Length == 0)
{
throw new ArgumentNullException("零长度的公钥字符串");
}
byte[] arraySignedData;
try
{
arraySignedData = Convert.FromBase64String(signature);
}
catch
{
throw new ArgumentException("无效的签名数据");
}
RSACryptoServiceProvider provider;
RSAPKCS1SignatureDeformatter deformatter;
lock (syncRoot)
{
provider = new RSACryptoServiceProvider();
try
{
provider.FromXmlString(publicKey);
}
catch (Exception e)
{
throw new ArgumentException(String.Format("无效的公钥参数:{0}", e.Message));
}
try
{
deformatter = new RSAPKCS1SignatureDeformatter();
deformatter.SetKey(provider);
deformatter.SetHashAlgorithm("SHA1");
if (deformatter.VerifySignature(hashData, arraySignedData))
{
return(true);
}
else
{
return(false);
}
}
catch (Exception e)
{
throw new Exception(String.Format("验证数字签名失败:{0}", e.Message));
}
}
}
