private static void Rsa()
{
var text = "Hello World!";
// 加密解密
var provider = new RsaProvider(RsaType.RSA2, Encoding.UTF8);
var enc = provider.Encrypt(text);
var dec = provider.Decrypt(enc);
Console.WriteLine($"Enc: {enc}");
Console.WriteLine($"Dec: {dec}");
// 签名验证
provider = new RsaProvider(RsaType.RSA2, Encoding.UTF8, Const.RSAPrivateKey, Const.RSAPublicKey);
var sig = provider.Sign(text);
var ver = provider.Verify(text, sig);
Console.WriteLine(sig);
Console.WriteLine(ver);
//var prik = Const.RSAPrivateKey;
//var pubk = Const.RSAPublicKey;
//var sign = RsaVerify.Sign(text, prik);
//var verify = RsaVerify.SignCheck(text, sign, pubk);
//Console.WriteLine(sign);
//Console.WriteLine(verify);
}
/// <summary>
/// RSA encrypt
/// </summary>
/// <param name="publicKey">public key</param>
/// <param name="srcString">src string</param>
/// <param name="padding">rsa encryptPadding <see cref="RSAEncryptionPadding"/> RSAEncryptionPadding.Pkcs1 for linux/mac openssl </param>
/// <param name="isPemKey">set key is pem format,default is false</param>
/// <returns>encrypted string</returns>
public static string RSADecrypt(string privateKey, string srcString, RSAEncryptionPadding padding, bool isPemKey = false)
{
Check.Argument.IsNotEmpty(privateKey, nameof(privateKey));
Check.Argument.IsNotEmpty(srcString, nameof(srcString));
Check.Argument.IsNotNull(padding, nameof(padding));
RSA rsa;
if (isPemKey)
{
rsa = RsaProvider.FromPem(privateKey);
}
else
{
rsa = RSA.Create();
rsa.FromJsonString(privateKey);
}
using (rsa)
{
byte[] srcBytes = srcString.ToBytes();
byte[] decryptBytes = rsa.Decrypt(srcBytes, padding);
return(Encoding.UTF8.GetString(decryptBytes));
}
}
public void RsaTest()
{
var text = "Hello NStandard.";
var data = text.Bytes();
var encryptRsa = new RsaProvider();
encryptRsa.FromXmlString(@"<RSAKeyValue>
<Modulus>wyL0Tl0oPhililRHagPFIlKjWotnDKeK84p9sMjCPUfQqTb9zTne/K7KdpNnHSE5zmjUNWPGFSFxkdec/XVrLz0ZD0euTJo8ZN7Wx1eVYGczh5seLIOazf6zMgEW5jqwVx69Zs0K39alJDPqOYF7Q/2bBD9/BWvhRymkfKlSI5Z9LNi0i5ZRzuXqz6RcvPR35O/FdzWypKQsuRU73szDEwStkwu1ZgsSdyV50RoMAWodnvPDhJnVNdLtpeE6d2EDXKSnmmh+64h4HAK753UlCgjPuJ/jBxSiveSO6yOp18Hs1/tLHfZblgz8BM3tzMPgrPU3xNE3CHXujYSVKi4zsQ==</Modulus>
<Exponent>AQAB</Exponent>
<P>6gZc6Zm7gt1nvEqwU5/HdDIZGx0hYwa5OIOL1J72km35JVwYrheC/40MtwLOBt6cnuVeVWy5Q/LaJOeRs3k3dZjo15CeUZ59jvg3JzkHdk2hgDN/Cw9JamM1fEanAdgVKzU70fvbZ5K+gqcNkbacV/hh7cyOwBZUpxIqld9UVe8=</P>
<Q>1XXFALNiLtSE24/k7PQK6yriaf4T/obVZh8oJbB9z8Af+FdfT3NeNdwHrl6GcQHYVPHLNudD3XCLIzhWkysKaITKKx2JZgRFffb8wh5eyRvPWa0ymiZ1R6Ye2A36BeNXno1pT9f2OkbuUgkavZ3KcSlTvFXzHpYGFjEBmPwSsF8=</Q>
<DP>3fg1Dnj7Ss/YAddR0a9+Ti7qczY5IaUR75GOApjYROE8bHwjCJVScjOF+NwXMJrbMTdbN2lNfC6PTGu8Xd++g7MKPtRz5fSPIRk7rt8/va06Xs/5UzMnrln1NDALXgtnYLk4SR46581fF6t9ilULi8ESmavpRjaoCmOHsunGI08=</DP>
<DQ>k9850fpyka53OwK7u8pzpeXXY0W35CLTwiLjVPimrzyQ6SDdzdRF91mtmIWy7KYyjuXRuP8MbGKCgKuOjfTLCQy0YJndjOZ4nYJ0JqWTVA4H3j+1RkROCoxx4YoNIfcTw6qCweUBle19OydDdwfQLgRLFbUU7qNPJCBe0vQMnlE=</DQ>
<InverseQ>DE+NWEF21QkpVCJRPbjq01Vy7gHfy0WnpMDW+NEVBEJCbBfza+h6/FsO+c5RtVT3QN0stP+EfhDzeZSqNG/0Pf5GKhDKF7YsxFB8yHs3kUf0fN8PuoIFFqPwRXB4PytmvKg9h5e/aSbA7P3W2iDt5gH+IVUODF5cKfPvilk7izc=</InverseQ>
<D>hawGK0BJdvAvRikhmo/mlPKDEF16RALpfpeaLmX4GT5+w8v15IYGKJYb/0pOUngWPz00UTZ91K/KOpu24TF0MTHrXro9vh/Ry0+TVY67twQ7GmO6McgdXYtieZihdSky7xsRp8BB+L/y9G/TvXzjUdoCPNC6VJ5n/fWaxgK/T7xujQVKWa0MEY0BtPma0tqWb1t0UxGseuG7Kb2JyYZDKc3sCr4ILkvpL9+nXkG8jS8kZcYyNEzEKhwOTU4SyMcHHq0tyuE9Iq6KEnHDcAekaXRvZnG/Sw1SDH7Yg44NOtdfZxhUxIOP8Gj1yFiDy/QJUsxAW7V60+2UwFb6DnEGuQ==</D>
</RSAKeyValue>");
var cipher = encryptRsa.Encrypt(data);
var signature = encryptRsa.SignData(data, HashAlgorithmName.SHA1);
var hash = Sha1Hasher.Hash(data);
var hashSignature = encryptRsa.SignHash(hash, HashAlgorithmName.SHA1);
var decryptRsa = new RsaProvider();
decryptRsa.FromPemString(@"-----BEGIN PRIVATE KEY-----
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDDIvROXSg+GKWK
VEdqA8UiUqNai2cMp4rzin2wyMI9R9CpNv3NOd78rsp2k2cdITnOaNQ1Y8YVIXGR
15z9dWsvPRkPR65Mmjxk3tbHV5VgZzOHmx4sg5rN/rMyARbmOrBXHr1mzQrf1qUk
M+o5gXtD/ZsEP38Fa+FHKaR8qVIjln0s2LSLllHO5erPpFy89Hfk78V3NbKkpCy5
FTvezMMTBK2TC7VmCxJ3JXnRGgwBah2e88OEmdU10u2l4Tp3YQNcpKeaaH7riHgc
ArvndSUKCM+4n+MHFKK95I7rI6nXwezX+0sd9luWDPwEze3Mw+Cs9TfE0TcIde6N
hJUqLjOxAgMBAAECggEBAIWsBitASXbwL0YpIZqP5pTygxBdekQC6X6Xmi5l+Bk+
fsPL9eSGBiiWG/9KTlJ4Fj89NFE2fdSvyjqbtuExdDEx6166Pb4f0ctPk1WOu7cE
OxpjujHIHV2LYnmYoXUpMu8bEafAQfi/8vRv071841HaAjzQulSeZ/31msYCv0+8
bo0FSlmtDBGNAbT5mtLalm9bdFMRrHrhuym9icmGQynN7Aq+CC5L6S/fp15BvI0v
JGXGMjRMxCocDk1OEsjHBx6tLcrhPSKuihJxw3AHpGl0b2Zxv0sNUgx+2IOODTrX
X2cYVMSDj/Bo9chYg8v0CVLMQFu1etPtlMBW+g5xBrkCgYEA6gZc6Zm7gt1nvEqw
U5/HdDIZGx0hYwa5OIOL1J72km35JVwYrheC/40MtwLOBt6cnuVeVWy5Q/LaJOeR
s3k3dZjo15CeUZ59jvg3JzkHdk2hgDN/Cw9JamM1fEanAdgVKzU70fvbZ5K+gqcN
kbacV/hh7cyOwBZUpxIqld9UVe8CgYEA1XXFALNiLtSE24/k7PQK6yriaf4T/obV
Zh8oJbB9z8Af+FdfT3NeNdwHrl6GcQHYVPHLNudD3XCLIzhWkysKaITKKx2JZgRF
ffb8wh5eyRvPWa0ymiZ1R6Ye2A36BeNXno1pT9f2OkbuUgkavZ3KcSlTvFXzHpYG
FjEBmPwSsF8CgYEA3fg1Dnj7Ss/YAddR0a9+Ti7qczY5IaUR75GOApjYROE8bHwj
CJVScjOF+NwXMJrbMTdbN2lNfC6PTGu8Xd++g7MKPtRz5fSPIRk7rt8/va06Xs/5
UzMnrln1NDALXgtnYLk4SR46581fF6t9ilULi8ESmavpRjaoCmOHsunGI08CgYEA
k9850fpyka53OwK7u8pzpeXXY0W35CLTwiLjVPimrzyQ6SDdzdRF91mtmIWy7KYy
juXRuP8MbGKCgKuOjfTLCQy0YJndjOZ4nYJ0JqWTVA4H3j+1RkROCoxx4YoNIfcT
w6qCweUBle19OydDdwfQLgRLFbUU7qNPJCBe0vQMnlECgYAMT41YQXbVCSlUIlE9
uOrTVXLuAd/LRaekwNb40RUEQkJsF/Nr6Hr8Ww75zlG1VPdA3Sy0/4R+EPN5lKo0
b/Q9/kYqEMoXtizEUHzIezeRR/R83w+6ggUWo/BFcHg/K2a8qD2Hl79pJsDs/dba
IO3mAf4hVQ4MXlwp8++KWTuLNw==
-----END PRIVATE KEY-----");
var decipher = decryptRsa.Decrypt(cipher).String();
Assert.Equal(text, decipher);
Assert.True(encryptRsa.VerifyData(data, signature, HashAlgorithmName.SHA1));
Assert.True(encryptRsa.VerifyHash(hash, hashSignature, HashAlgorithmName.SHA1));
Assert.True(encryptRsa.ToXmlString(true) == decryptRsa.ToXmlString(true));
Assert.True(encryptRsa.ToPemString(true) == decryptRsa.ToPemString(true));
}
public bool Delete()
{
try
{
// if a rsaprovider exists, make non persistent, clear it and nullify --> the key is deleted
if (RsaProvider.IsAssigned())
{
// Delete the key entry in the container.
RsaProvider.PersistKeyInCsp = false;
// Call Clear to release resources and delete the key from the container.
RsaProvider.Clear();
RsaProvider = null;
return(true);
}
return(false);
}
catch (CryptographicException e)
{
Debug.WriteLine("Encryption: UtilHelper.DeleteKeyFromContainer(...) unable to delete key - " + e.Message);
return(false);
}
}
/// <summary>
/// RSA encrypt
/// </summary>
/// <param name="publicKey">public key</param>
/// <param name="srcString">src string</param>
/// <param name="padding">rsa encryptPadding <see cref="RSAEncryptionPadding"/> RSAEncryptionPadding.Pkcs1 for linux/mac openssl </param>
/// <param name="isPemKey">set key is pem format,default is false</param>
/// <returns>encrypted string</returns>
public static string RSAEncrypt(string publicKey, string srcString, RSAEncryptionPadding padding, bool isPemKey = false)
{
Check.Argument.IsNotEmpty(publicKey, nameof(publicKey));
Check.Argument.IsNotEmpty(srcString, nameof(srcString));
Check.Argument.IsNotNull(padding, nameof(padding));
RSA rsa;
if (isPemKey)
{
rsa = RsaProvider.FromPem(publicKey);
}
else
{
rsa = RSA.Create();
rsa.FromJsonString(publicKey);
}
using (rsa)
{
var maxLength = GetMaxRsaEncryptLength(rsa, padding);
var rawBytes = Encoding.UTF8.GetBytes(srcString);
if (rawBytes.Length > maxLength)
{
throw new OutofMaxlengthException($"'{srcString}' is out of max encrypt length {maxLength}", maxLength, rsa.KeySize, padding);
}
byte[] encryptBytes = rsa.Encrypt(rawBytes, padding);
return(encryptBytes.ToHexString());
}
}
/// <summary>
/// RSA encrypt
/// </summary>
/// <param name="publicKey">public key</param>
/// <param name="data">src string</param>
/// <param name="padding">rsa encryptPadding <see cref="RSAEncryptionPadding"/> RSAEncryptionPadding.Pkcs1 for linux/mac openssl </param>
/// <param name="isPemKey">set key is pem format,default is false</param>
/// <returns>encrypted string</returns>
public static byte[] RSADecrypt(string privateKey, byte[] data, RSAEncryptionPadding padding, bool isPemKey = false)
{
Check.Argument.IsNotEmpty(privateKey, nameof(privateKey));
Check.Argument.IsNotNull(data, nameof(data));
Check.Argument.IsNotNull(padding, nameof(padding));
RSA rsa;
if (isPemKey)
{
rsa = RsaProvider.FromPem(privateKey);
}
else
{
rsa = RSA.Create();
rsa.FromJsonString(privateKey);
}
using (rsa)
{
byte[] srcBytes = data;
byte[] decryptBytes = rsa.Decrypt(srcBytes, padding);
return(decryptBytes);
}
}
/// <summary>
/// RSA公玥加密
/// </summary>
/// <param name="publicKey"></param>
/// <param name="text"></param>
/// <returns></returns>
public static string RsaEncrypt(string publicKey, string text)
{
byte[] dataBytes = Encoding.UTF8.GetBytes(text); //对普通的文字操作,用Encoding.UTF8.GetBytes()
using (RSA publicKeyRsaProvider = RsaProvider.CreateRsaProviderFromPublicKey(publicKey))
{
return(Convert.ToBase64String(publicKeyRsaProvider.Encrypt(dataBytes, RSAEncryptionPadding.Pkcs1)));
}
}
/// <summary>
/// RSA私玥解密
/// </summary>
/// <param name="privateKey"></param>
/// <param name="cipherText"></param>
/// <returns></returns>
public static string RsaDecrypt(string privateKey, string cipherText)
{
byte[] dataBytes = Convert.FromBase64String(cipherText); //对加密方法返回的byte[],用Convert.ToBase64String,普通的文字并不是 base 64 编码的,不能使用 FromBase64String 转换成 byte[]
using (RSA privateKeyRsaProvider = RsaProvider.CreateRsaProviderFromPrivateKey(privateKey))
{
return(Encoding.UTF8.GetString(privateKeyRsaProvider.Decrypt(dataBytes, RSAEncryptionPadding.Pkcs1)));
}
}
/// <summary>
/// Decrypts data with the System.Security.Cryptography.RSA algorithm.
/// </summary>
/// <param name="base64Text">The data to be decrypted.</param>
/// <returns>The decrypted data, which is the original plain text before encryption.</returns>
public string RsaDecrypt(string base64Text)
{
byte[] bytes = System.Convert.FromBase64String(base64Text);
byte[] decrypted;
lock (RsaProviderLock)
{
decrypted = RsaProvider.Decrypt(bytes, false);
}
return(System.Text.Encoding.UTF8.GetString(decrypted));
}
/// <summary>
/// 使用私钥签名
/// </summary>
/// <param name="data">原始数据</param>
/// <returns></returns>
public static string RsaSign(string privateKey, string data)
{
byte[] dataBytes = Encoding.UTF8.GetBytes(data);
using (RSA privateKeyRsaProvider = RsaProvider.CreateRsaProviderFromPrivateKey(privateKey))
{
var signatureBytes = privateKeyRsaProvider.SignData(dataBytes, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
return(Convert.ToBase64String(signatureBytes));
}
}
private static void RSA2048Decrypt()
{
var rsaHelper = new RsaProvider(RsaType.RSA2, Encoding.UTF8);
ConsoleHelper.LoopProcessInputUntil(input =>
{
var dec = rsaHelper.Decrypt(input);
Console.WriteLine($" Input: {input}");
Console.WriteLine($"Decrypt: {dec}");
}, "$End");
}
/// <summary>
/// Decrypts data with the System.Security.Cryptography.RSA algorithm.
/// </summary>
/// <param name="base64Text">The data to be decrypted.</param>
/// <returns>The decrypted data, which is the original plain text before encryption.</returns>
public string RsaDecrypt(string base64Text)
{
byte[] bytes = System.Convert.FromBase64String(base64Text);
byte[] decrypted;
lock (RsaProviderLock)
{
// Enable OAEP padding for better security.
// Disable for compatibility.
decrypted = RsaProvider.Decrypt(bytes, RsaUseOaepValue);
}
return(System.Text.Encoding.UTF8.GetString(decrypted));
}
/// <summary>
/// 使用公钥验证签名
/// </summary>
/// <param name="data">原始数据</param>
/// <param name="sign">签名</param>
/// <returns></returns>
public static bool RsaVerify(string publicKey, string data, string sign)
{
byte[] dataBytes = Encoding.UTF8.GetBytes(data);
byte[] signBytes = Convert.FromBase64String(sign);
using (RSA publicKeyRsaProvider = RsaProvider.CreateRsaProviderFromPublicKey(publicKey))
{
var verify = publicKeyRsaProvider.VerifyData(dataBytes, signBytes, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
return(verify);
}
}
protected virtual void Dispose(bool disposing)
{
if (!_disposed)
{
if (RsaProvider.IsAssigned())
{
RsaProvider.Clear(); // resources vrijgeven.
RsaProvider = null;
}
}
_disposed = true;
}
/// <summary>
/// Private RSA key is required to sign data.
/// </summary>
/// <param name="bytes"></param>
/// <returns></returns>
/// <remarks>Private RSA key is required to sign data.</remarks>
string RsaGenerateSignature(byte[] bytes)
{
//byte[] hash = RsaSignatureHashAlgorithm.ComputeHash(bytes);
//byte[] sign = RsaProvider.SignHash(hash, System.Security.Cryptography.CryptoConfig.MapNameToOID("SHA1"));
byte[] sign;
lock (RsaProviderLock)
{
sign = RsaProvider.SignData(bytes, RsaSignatureHashAlgorithm);
}
string signature = System.Convert.ToBase64String(sign);
return(signature);
}
/// <summary>
/// RSA Converter to pem
/// </summary>
/// <param name="isPKCS8"></param>
/// <returns></returns>
public static (string publicPem, string privatePem) RSAToPem(bool isPKCS8)
{
var rsaKey = CreateRsaKey();
using (RSA rsa = RSA.Create())
{
rsa.FromJsonString(rsaKey.PrivateKey);
var publicPem = RsaProvider.ToPem(rsa, false, isPKCS8);
var privatePem = RsaProvider.ToPem(rsa, true, isPKCS8);
return(publicPem, privatePem);
}
}
/// <summary>
/// Configures services
/// </summary>
/// <param name="services">services</param>
public void ConfigureServices(IServiceCollection services)
{
services.AddMvc()
.SetCompatibilityVersion(CompatibilityVersion.Version_2_2);
services.AddScoped <IUserRepository, UserRepository>();
services.AddIdentityServer()
.AddSigningCredential(RsaProvider.GenerateSigningCredential())
.AddInMemoryIdentityResources(Config.GetIdentityResources())
.AddInMemoryApiResources(Config.GetApiResources())
.AddInMemoryClients(Config.GetClients())
.AddProfileService <ProfileService>();
services.AddTransient <IResourceOwnerPasswordValidator, ResourceOwnerPasswordValidator>();
services.AddTransient <IProfileService, ProfileService>();
services.AddTransient <IPersistedGrantStore, PersistedGrantStore>();
}
/// <summary>
/// Constructor
/// </summary>
public MainWindow()
{
InitializeComponent();
this.Rsa = new RsaProvider(RsaProvider.BitLength.RSA512);
}
public void ReadKey([NotNull] string key)
{
RsaProvider.FromXmlString(key);
_maxBytesServer = RsaProvider.KeySize / 8;
}
/// <summary>
/// RSA From pem
/// </summary>
/// <param name="pem"></param>
/// <returns></returns>
public static System.Security.Cryptography.RSA RSAFromPem(string pem)
{
Check.Argument.IsNotEmpty(pem, nameof(pem));
return(RsaProvider.FromPem(pem));
}
private void GetKeyContainer(string containerName)
{
// - if this is a clientsize Encryption determine maximum keysize
// - get the serviceprovider
// - if the serviceprovider allready exists, with the wrong keysize, delete the serviceprovider
// - get a new serviceprovider if deleted
// - if the Encryption is temporary, make sure it is not persistend
try
{
var cp = GetCspParameters(containerName);
if (!RsaProvider.IsAssigned())
{
try
{
RsaProvider = new RSACryptoServiceProvider(_maxBytesServer * 8, cp);
}
catch (CryptographicException e)
{
if (RsaProvider.IsAssigned())
{
Delete();
}
throw new Exception("create: " + e.Message, e);
}
}
if (_maxBytesServer > 0 && RsaProvider.KeySize != _maxBytesServer * 8)
{
try
{
try
{
Delete();
}
catch (CryptographicException e)
{
{
throw new Exception("delete: " + e.Message, e);
}
}
if (!RsaProvider.IsAssigned())
{
RsaProvider = new RSACryptoServiceProvider(_maxBytesServer * 8, cp);
}
}
catch (CryptographicException e)
{
{
throw new Exception("replace: " + e.Message, e);
}
}
}
}
catch (CryptographicException e)
{
Debug.WriteLine("Encryption: Utilhelper.GetKeyContainer(...) unexpected exception - " + e.Message);
throw new Exception("most outer: " + e.Message, e);
}
}
/// <summary>
/// RSA From pem
/// </summary>
/// <param name="pem"></param>
/// <returns></returns>
public static RSA RSAFromPem(string pem)
{
Check.Argument.IsNotEmpty(pem, nameof(pem));
return(RsaProvider.FromPem(pem));
}
