public void Encrypt(byte[] data)
{
_sm3C3.BlockUpdate(data, 0, data.Length);
for (int i = 0; i < data.Length; i++)
{
if (_keyOff == _key.Length)
{
NextKey();
}
data[i] ^= _key[_keyOff++];
}
}
private void Reset()
{
_sm3KeyBase = new SM3Digest();
_sm3C3 = new SM3Digest();
byte[] array = ByteConvert32Bytes(_p2.Normalize().XCoord.ToBigInteger());
_sm3KeyBase.BlockUpdate(array, 0, array.Length);
_sm3C3.BlockUpdate(array, 0, array.Length);
array = ByteConvert32Bytes(_p2.Normalize().YCoord.ToBigInteger());
_sm3KeyBase.BlockUpdate(array, 0, array.Length);
_ct = 1;
NextKey();
}
public virtual void Encrypt(byte[] data)
{
//p2.Normalize();
sm3c3.BlockUpdate(data, 0, data.Length);
for (int i = 0; i < data.Length; i++)
{
if (keyOff == key.Length)
{
NextKey();
}
data[i] ^= key[keyOff++];
}
}
/// <summary>
/// 签名验证算法
/// 利用签名者的公钥和传过来的r,s来验证签名是否合法
/// </summary>
/// <param name="sm2">sm2对象</param>
/// <param name="ppk">签名者的公钥16进制字符串</param>
/// <param name="Z">签名算法产生的16进制字符串 Z</param>
/// <param name="r">签名算法生成的 R</param>
/// <param name="s">签名算法生成的 S</param>
/// <returns></returns>
public bool Signature_Check(SM2 sm2, string ppk, string Z, string r, string s)
{
ECPoint test_p = null;
//test_p = sm2.userKey;
//MessageBox.Show(ppk);
byte[] key = strToToHexByte(ppk);
test_p = sm2.ecc_curve.DecodePoint(key);
Com.Itrus.Crypto.SM2.SM2Result sm2Ret = new Com.Itrus.Crypto.SM2.SM2Result();//实例化一个SM2Result的对象sm2Ret
SM3Digest sm3 = new SM3Digest();
byte[] z = strToToHexByte(Z);
sm3.BlockUpdate(z, 0, z.Length);
byte[] md = new byte[32];
sm3.DoFinal(md, 0);
sm2Ret.r = new BigInteger(r, 16);
sm2Ret.s = new BigInteger(s, 16);
sm2.Sm2Verify(md, test_p, sm2Ret.r, sm2Ret.s, sm2Ret); //调用Sm2Verify方法,得到R
if (sm2Ret.r.Equals(sm2Ret.R)) //如果r==R
{
return(true); //System.Console.Out.WriteLine("\n签名结果验证通过!r == R\n");
}
else//r!=R
{
return(false);//System.Console.Out.WriteLine("\n签名结果验证失败!r != R\n");
}
}
/// <summary>
/// 数字签名算法
/// 利用自己的公私钥生成rs并存入文件
/// </summary>
/// <param name="sm2">sm2对象</param>
/// <param name="pripk">自己的私钥文件夹</param>
/// <param name="ppk">自己的公钥文件路径</param>
/// <param name="ida">用户名</param>
public string Test_sm2_sign(SM2 sm2, string pripk, string ppk, string ida)
{
BigInteger test_d = null;
ECPoint test_p = null;
byte[] key = null;
//读取私钥
Readprikey(out test_d, pripk);
//读取公钥
ReadpublicKey(out key, ppk);
test_p = sm2.ecc_curve.DecodePoint(key);
Com.Itrus.Crypto.SM2.SM2Result sm2Ret = new Com.Itrus.Crypto.SM2.SM2Result();//实例化一个SM2Result的对象sm2Ret
SM3Digest sm3 = new SM3Digest();
byte[] z = sm2.Sm2GetZ(Encoding.Default.GetBytes(ida), test_p);//调用Sm2GetZ方法求a的Z的字节数组
sm3.BlockUpdate(z, 0, z.Length);
byte[] md = new byte[32];
sm3.DoFinal(md, 0);
sm2.Sm2Sign(md, test_d, test_p, sm2Ret); //生成rs
Writers(sm2Ret.r, sm2Ret.s, ida + "rs" + ".txt"); //写入rs文件
return(byteToHexStr(z));
}
// D5puPvS6GzfOsdaW6Kjwle63AUeLFVVc
private void SetSn(IntPtr m_Handle, string codeStr)
{
int resLen = 256;
byte[] res = new byte[resLen];
int v = YouyiSdk.M_GetDevSn(m_Handle, ref resLen, ref res[0]);
if (v == 0)
{
byte[] sec = new UTF8Encoding().GetBytes(BaseConfig.AC_SECRET);
byte[] newRes = new byte[resLen];
Array.Copy(res, newRes, resLen);
LogHelper.ShowLog("设备SN:{0}", new UTF8Encoding().GetString(Hex.Encode(newRes)));
// 验证激活码与SN
byte[] md = new byte[32];
byte[] code = Encoding.Default.GetBytes(codeStr);
byte[] bt = new byte[resLen + sec.Length + code.Length];
newRes.CopyTo(bt, 0);
sec.CopyTo(bt, newRes.Length);
code.CopyTo(bt, bt.Length - code.Length);
SM3Digest sm3 = new SM3Digest();
sm3.BlockUpdate(bt, 0, bt.Length);
sm3.DoFinal(md, 0);
string s = new UTF8Encoding().GetString(Hex.Encode(md));
LogHelper.ShowLog("摘要加密:{0} 长度:{1}", s.ToUpper(), s.Length);
YouyiSdk.M_SetUserData(m_Handle, md.Length, ref md[0]);
}
}
/// <summary>
/// 获取杂凑值H
/// </summary>
/// <param name="z">Z值</param>
/// <param name="data">待签名消息</param>
/// <returns></returns>
public virtual byte[] Sm2GetH(byte[] z, byte[] data)
{
SM3Digest sm3 = new SM3Digest();
//Z
sm3.BlockUpdate(z, 0, z.Length);
//待签名消息
sm3.BlockUpdate(data, 0, data.Length);
// H
byte[] md = new byte[sm3.GetDigestSize()];
sm3.DoFinal(md, 0);
return(md);
}
public virtual void Init(bool forSigning, ICipherParameters parameters)
{
ICipherParameters baseParam;
byte[] userID;
if (parameters is ParametersWithID)
{
baseParam = ((ParametersWithID)parameters).Parameters;
userID = ((ParametersWithID)parameters).GetID();
}
else
{
baseParam = parameters;
userID = Hex.Decode("31323334353637383132333435363738"); // the default value (ASCII "1234567812345678")
}
if (forSigning)
{
if (baseParam is ParametersWithRandom)
{
ParametersWithRandom rParam = (ParametersWithRandom)baseParam;
ecKey = (ECKeyParameters)rParam.Parameters;
ecParams = ecKey.Parameters;
kCalculator.Init(ecParams.N, rParam.Random);
}
else
{
ecKey = (ECKeyParameters)baseParam;
ecParams = ecKey.Parameters;
kCalculator.Init(ecParams.N, new SecureRandom());
}
pubPoint = CreateBasePointMultiplier().Multiply(ecParams.G, ((ECPrivateKeyParameters)ecKey).D).Normalize();
}
else
{
ecKey = (ECKeyParameters)baseParam;
ecParams = ecKey.Parameters;
pubPoint = ((ECPublicKeyParameters)ecKey).Q;
}
digest.Reset();
z = GetZ(userID);
digest.BlockUpdate(z, 0, z.Length);
}
protected override void HashCore(byte[] array, int ibStart, int cbSize)
{
if (HashValue is null)
{
Initialize();
}
_digest.BlockUpdate(array, ibStart, cbSize);
}
/**
* 计算hash值,在数据量不大时使用,数据量大应使用原生接口,分段计算sm3值
* @param srcData 待计算hash值的数据
* @return
*/
public static byte[] Hash(byte[] srcData)
{
SM3Digest digest = new SM3Digest();
digest.BlockUpdate(srcData, 0, srcData.Length);
byte[] hash = new byte[digest.GetDigestSize()];
digest.DoFinal(hash, 0);
return(hash);
}
public static byte[] SM3Digest(byte[] srcBytes)
{
SM3Digest sm3 = new SM3Digest();
sm3.BlockUpdate(srcBytes, 0, srcBytes.Length);
byte[] res = new byte[32];
sm3.DoFinal(res, 0);
return(res);
}
public static string Compute(string str)
{
var data = Encoding.UTF8.GetBytes(str);
var digest = new SM3Digest();
digest.BlockUpdate(data, 0, data.Length);
var result = DigestUtilities.DoFinal(digest);
return(BitConverter.ToString(result).Replace("-", "").ToLower());
}
private void Reset()
{
sm3keybase = new SM3Digest();
sm3c3 = new SM3Digest();
byte[] p;
p = p2.Normalize().XCoord.ToBigInteger().ToByteArray();
sm3keybase.BlockUpdate(p, 0, p.Length);
sm3c3.BlockUpdate(p, 0, p.Length);
p = p2.Normalize().YCoord.ToBigInteger().ToByteArray();
sm3keybase.BlockUpdate(p, 0, p.Length);
ct = 1;
NextKey();
}
/// <summary>
/// SM3加密
/// <para>
/// SM3是中华人民共和国政府采用的一种密码散列函数标准,由国家密码管理局于2010年12月17日发布。相关标准为“GM/T 0004-2012 《SM3密码杂凑算法》”。
/// 在商用密码体系中,SM3主要用于数字签名及验证、消息认证码生成及验证、随机数生成等,其算法公开。据国家密码管理局表示,其安全性及效率与SHA-256相当。
/// </para>
/// </summary>
/// <param name="data">待加密的数据</param>
/// <returns>返回SM3加密后的二进制字节数组</returns>
public static byte[] SM3(this string data)
{
if (string.IsNullOrEmpty(data))
{
return(null);
}
var digest = new SM3Digest();
var bytes = Encoding.UTF8.GetBytes(data);
digest.BlockUpdate(bytes, 0, bytes.Length);
return(DigestUtilities.DoFinal(digest));
}
/// <summary>
/// sha1
/// </summary>
/// <param name="dataStr"></param>
/// <param name="encoding"></param>
/// <returns></returns>
public static byte[] Sm3(string dataStr, Encoding encoding)
{
try
{
byte[] data = encoding.GetBytes(dataStr);
SM3Digest digest = new SM3Digest();
digest.BlockUpdate(data, 0, data.Length);
byte[] result = DigestUtilities.DoFinal(digest);
return(result);
}
catch
{
return(null);
}
}
public void DigestTest()
{
SM3Digest sm3Digest = new SM3Digest();
string ofdXml = Path.Combine(Directory.GetCurrentDirectory(), "Files", "OFD.xml");
byte[] ofdXmlContent = File.ReadAllBytes(ofdXml);
sm3Digest.BlockUpdate(ofdXmlContent, 0, ofdXmlContent.Length);
byte[] output = new byte[32];
sm3Digest.DoFinal(output, 0);
byte[] expect = Convert.FromBase64String("/Ew+hIIgEQwmbW71cvPmIjkT9S7ABpRZTUPHtNBwhZg=");
Assert.AreEqual(true, Arrays.AreEqual(output, expect));
}
public static string Compute(string data)
{
if (string.IsNullOrEmpty(data))
{
throw new ArgumentNullException(nameof(data));
}
var digest = new SM3Digest();
var bytes = Encoding.UTF8.GetBytes(data);
digest.BlockUpdate(bytes, 0, bytes.Length);
var result = DigestUtilities.DoFinal(digest);
return(BitConverter.ToString(result).Replace("-", "").ToLower());
}
/// <summary>
/// sha1
/// </summary>
/// <param name="dataStr"></param>
/// <param name="encoding"></param>
/// <returns></returns>
public static byte[] Sm3(string dataStr, Encoding encoding)
{
try
{
byte[] data = encoding.GetBytes(dataStr);
SM3Digest digest = new SM3Digest();
digest.BlockUpdate(data, 0, data.Length);
byte[] result = DigestUtilities.DoFinal(digest);
return(result);
}
catch (Exception e)
{
log.Error("sm3失败:" + e.Message);
return(null);
}
}
/// <summary>
/// 签名数据验证
/// </summary>
/// <param name="type">电子签名类型</param>
/// <param name="tbsContent">待签章内容</param>
/// <param name="signedValue">电子签章数据或签名值(SignedValue.xml文件内容)</param>
public override VerifyResult Validate(SigType type, byte[] tbsContent, byte[] signedValue)
{
if (type == SigType.Sign)
{
throw new ArgumentOutOfRangeException(nameof(type), "签名类型(type)必须是 Seal,不支持电子印章验证");
}
//计算原文摘要
SM3Digest md = new SM3Digest();
md.BlockUpdate(tbsContent, 0, tbsContent.Length);
byte[] output = new byte[32];
md.DoFinal(output, 0);
SesSignature sesSignature = SesSignature.GetInstance(signedValue);
TbsSign toSign = sesSignature.TbsSign;
byte[] exceptHash = toSign.DataHash.GetOctets();
if (!Arrays.AreEqual(output, exceptHash))
{
return(VerifyResult.SignedNotMatch);
}
//加载证书
byte[] certDer = sesSignature.Cert.GetOctets();
X509CertificateParser parser = new X509CertificateParser();
X509Certificate cert = parser.ReadCertificate(certDer);
//判断证书是否过期
if (!cert.IsValid(DateTime.Now))
{
return(VerifyResult.SealOutdated);
}
//获取签名验证对象
ISigner signer = SignerUtilities.GetSigner(sesSignature.SignatureAlgId);
AsymmetricKeyParameter p = cert.GetPublicKey();
signer.Init(false, p);
byte[] buf = toSign.GetDerEncoded();
signer.BlockUpdate(buf, 0, buf.Length);
//预期的电子签章数据,签章值
byte[] expect = sesSignature.Signature.GetOctets();
//验证签名
bool result = signer.VerifySignature(expect);
return(result ? VerifyResult.Success : VerifyResult.SealTampered);
}
public override VerifyResult Validate(SigType type, byte[] tbsContent, byte[] signedValue)
{
if (type == SigType.Sign)
{
throw new ArgumentOutOfRangeException(nameof(type), "签名类型(type)必须是 Seal,不支持电子印章验证");
}
// 计算原文摘要
GeneralDigest md = new SM3Digest();
md.BlockUpdate(tbsContent, 0, tbsContent.Length);
byte[] expect = new byte[32];
md.DoFinal(expect, 0);
SesSignature sesSignature = SesSignature.GetInstance(signedValue);
TbsSign toSign = sesSignature.ToSign;
byte[] expectDataHash = toSign.DataHash.GetOctets();
// 比较原文摘要
if (!Arrays.AreEqual(expect, expectDataHash))
{
return(VerifyResult.SignedTampered);
}
// 预期的电子签章数据,签章值
byte[] expSigVal = sesSignature.Signature.GetOctets();
ISigner sg = SignerUtilities.GetSigner(toSign.SignatureAlgorithm);
byte[] certDer = toSign.Cert.GetOctets();
// 构造证书对象
X509Certificate x509Certificate = new X509CertificateParser().ReadCertificate(certDer);
AsymmetricKeyParameter p = x509Certificate.GetPublicKey();
sg.Init(false, p);
byte[] input = toSign.GetDerEncoded();
sg.BlockUpdate(input, 0, input.Length);
if (!sg.VerifySignature(expSigVal))
{
return(VerifyResult.SignedTampered);
}
return(VerifyResult.Success);
}
private void ValiCode(object sender, EventArgs e)
{
string codeStr = _ActivationCode;
int resLen = 256;
byte[] res = new byte[resLen];
int v = YouyiSdk.M_GetDevSn(_globalParam.m_Handle, ref resLen, ref res[0]);
if (v == 0)
{
byte[] sec = new UTF8Encoding().GetBytes(BaseConfig.AC_SECRET);
byte[] newRes = new byte[resLen];
Array.Copy(res, newRes, resLen);
LogHelper.ShowLog("设备SN:{0}", new UTF8Encoding().GetString(Hex.Encode(newRes)));
// 验证激活码与SN
byte[] md = new byte[32];
byte[] code = Encoding.Default.GetBytes(codeStr);
byte[] bt = new byte[resLen + sec.Length + code.Length];
newRes.CopyTo(bt, 0);
sec.CopyTo(bt, newRes.Length);
code.CopyTo(bt, bt.Length - code.Length);
SM3Digest sm3 = new SM3Digest();
sm3.BlockUpdate(bt, 0, bt.Length);
sm3.DoFinal(md, 0);
//string s = new UTF8Encoding().GetString(Hex.Encode(md));
//LogHelper.ShowLog("摘要加密:{0} 长度:{1}", s.ToUpper(), s.Length);
// 验证自定义数据
int vali = YouyiSdk.M_VerifyUserData(_globalParam.m_Handle, md.Length, ref md[0]);
LogHelper.ShowLog("验证结果:{0}", vali);
Loading = false;
if (vali != 0)
{
// 失败信息
MessageBox.Show("卡密不正确,请联系客服处理!");
_window.DelegeteShutDown();
}
else
{
// 写入激活码
INIHelper.Write("Info", "ActivationCode", codeStr, BaseConfig.CONFIG_PATH);
_window.DelegeteClose();
}
}
}
// codeStr:D5puPvS6GzfOsdaW6Kjwle63AUeLFVVc
private void ValiCode(IntPtr m_Handle, string codeStr)
{
int resLen = 256;
byte[] res = new byte[resLen];
int v = YouyiSdk.M_GetDevSn(m_Handle, ref resLen, ref res[0]);
if (v == 0)
{
byte[] sec = new UTF8Encoding().GetBytes(BaseConfig.AC_SECRET);
byte[] newRes = new byte[resLen];
Array.Copy(res, newRes, resLen);
LogHelper.ShowLog("设备SN:{0}", new UTF8Encoding().GetString(Hex.Encode(newRes)));
// 验证激活码与SN
byte[] md = new byte[32];
byte[] code = Encoding.Default.GetBytes(codeStr);
byte[] bt = new byte[resLen + sec.Length + code.Length];
newRes.CopyTo(bt, 0);
sec.CopyTo(bt, newRes.Length);
code.CopyTo(bt, bt.Length - code.Length);
SM3Digest sm3 = new SM3Digest();
sm3.BlockUpdate(bt, 0, bt.Length);
sm3.DoFinal(md, 0);
// 验证自定义数据
int vali = YouyiSdk.M_VerifyUserData(m_Handle, md.Length, ref md[0]);
LogHelper.ShowLog("验证结果:{0}", vali);
if (vali != 0)
{
_valiCode += 1;
}
else
{
if (_valiCode != 0)
{
_valiCode = 0;
}
}
}
else
{
_valiCode += 1;
}
}
/// <summary>
/// Hash the raw data with signatureAlgorithm
/// </summary>
/// <param name="raw">hashing data</param>
/// <param name="signatureAlgorithm">the autograph method</param>
/// <returns>hashed bytes</returns>
public static byte[] Hash(byte[] raw, string signatureAlgorithm)
{
if (signatureAlgorithm == "ACS3-HMAC-SHA256" || signatureAlgorithm == "ACS3-RSA-SHA256")
{
byte[] signData;
using (SHA256 sha256 = new SHA256Managed())
{
signData = sha256.ComputeHash(raw);
}
return(signData);
}
else if (signatureAlgorithm == "ACS3-HMAC-SM3")
{
byte[] md = new byte[32];
SM3Digest sm3 = new SM3Digest();
sm3.BlockUpdate(raw, 0, raw.Length);
sm3.DoFinal(md, 0);
return(md);
}
return(null);
}
public virtual byte[] Sm2GetZ(byte[] userId, ECPoint userKey)
{
SM3Digest sm3 = new SM3Digest();
byte[] p;
// userId length
int len = userId.Length * 8;
sm3.Update((byte)(len >> 8 & 0x00ff));
sm3.Update((byte)(len & 0x00ff));
// userId
sm3.BlockUpdate(userId, 0, userId.Length);
// a,b
p = ecc_a.ToByteArray();
sm3.BlockUpdate(p, 0, p.Length);
p = ecc_b.ToByteArray();
sm3.BlockUpdate(p, 0, p.Length);
// gx,gy
p = ecc_gx.ToByteArray();
sm3.BlockUpdate(p, 0, p.Length);
p = ecc_gy.ToByteArray();
sm3.BlockUpdate(p, 0, p.Length);
// x,y
p = userKey.AffineXCoord.ToBigInteger().ToByteArray();
sm3.BlockUpdate(p, 0, p.Length);
p = userKey.AffineYCoord.ToBigInteger().ToByteArray();
sm3.BlockUpdate(p, 0, p.Length);
// Z
byte[] md = new byte[sm3.GetDigestSize()];
sm3.DoFinal(md, 0);
return(md);
}
/// <summary>
/// 获取Z值
/// Z=SM3(ENTL∣∣userId∣∣a∣∣b∣∣gx∣∣gy ∣∣x∣∣y)
/// </summary>
/// <param name="userId">签名方的用户身份标识</param>
/// <param name="userKey">签名方公钥</param>
/// <returns></returns>
public virtual byte[] Sm2GetZ(byte[] userId, ECPoint userKey)
{
SM3Digest sm3 = new SM3Digest();
byte[] p;
// ENTL由2个字节标识的ID的比特长度
int len = userId.Length * 8;
sm3.Update((byte)(len >> 8 & 0x00ff));
sm3.Update((byte)(len & 0x00ff));
// userId用户身份标识ID
sm3.BlockUpdate(userId, 0, userId.Length);
// a,b为系统曲线参数;
p = EccA.ToByteArray();
sm3.BlockUpdate(p, 0, p.Length);
p = EccB.ToByteArray();
sm3.BlockUpdate(p, 0, p.Length);
// gx、gy为基点
p = EccGx.ToByteArray();
sm3.BlockUpdate(p, 0, p.Length);
p = EccGy.ToByteArray();
sm3.BlockUpdate(p, 0, p.Length);
// x,y用户的公钥的X和Y
p = userKey.Normalize().XCoord.ToBigInteger().ToByteArray();
sm3.BlockUpdate(p, 0, p.Length);
p = userKey.Normalize().YCoord.ToBigInteger().ToByteArray();
sm3.BlockUpdate(p, 0, p.Length);
// Z
byte[] md = new byte[sm3.GetDigestSize()];
sm3.DoFinal(md, 0);
return(md);
}
public override void Validate(SigType type, string signAlgName, byte[] tbsContent, byte[] signedValue)
{
if (type == SigType.Sign)
{
throw new ArgumentOutOfRangeException(nameof(type), "签名类型(type)必须是 Seal,不支持电子印章验证");
}
// 计算原文摘要
GeneralDigest md = new SM3Digest();
md.BlockUpdate(tbsContent, 0, tbsContent.Length);
byte[] expect = new byte[32];
md.DoFinal(expect, 0);
SesSignature sesSignature = SesSignature.GetInstance(signedValue);
TbsSign toSign = sesSignature.ToSign;
byte[] expectDataHash = toSign.DataHash.GetOctets();
// 比较原文摘要
if (!Arrays.AreEqual(expect, expectDataHash))
{
//throw new InvalidSignedValueException("Signature.xml 文件被篡改,电子签章失效。("+ toSign.getPropertyInfo().getString() + ")");
}
//sg.initVerify(signCert);
//sg.update(toSign.getEncoded("DER"));
//if (!sg.verify(expSigVal))
//{
// throw new InvalidSignedValueException("电子签章数据签名值不匹配,电子签章数据失效。");
//}
// 预期的电子签章数据,签章值
byte[] expSigVal = sesSignature.Signature.GetOctets();
//Signature sg = Signature(toSign.getSignatureAlgorithm().getId(),new BouncyCastleProvider());
ISigner sg = SignerUtilities.GetSigner(GMObjectIdentifiers.sm2encrypt_with_sm3);
byte[] certDER = toSign.Cert.GetOctets();
//new X509V1CertificateGenerator().Generate()
// 构造证书对象
//Certificate signCert = new CertificateFactory().engineGenerateCertificate(new ByteArrayInputStream(certDER));
//X509Certificate x509Certificate = new X509Certificate(new X509CertificateStructure(TbsCertificateStructure.GetInstance(certDER), null, new DerBitString(certDER)));
X509Certificate x509Certificate = new X509CertificateParser().ReadCertificate(certDER);
//x509Certificate.Verify();
AsymmetricKeyParameter p = x509Certificate.GetPublicKey();
sg.Init(false, p);
//System.Security.Cryptography.X509Certificates.X509Certificate x509 = new System.Security.Cryptography.X509Certificates.X509Certificate(certDER);
//sg.Init(false,new ECPublicKeyParameters());
// 获取一条SM2曲线参数
X9ECParameters sm2EcParameters = GMNamedCurves.GetByName("sm2p256v1");
// 构造domain参数
ECDomainParameters domainParameters = new ECDomainParameters(sm2EcParameters.Curve, sm2EcParameters.G, sm2EcParameters.N);
//提取公钥点
ECPoint pukPoint = sm2EcParameters.Curve.DecodePoint(certDER);
// 公钥前面的02或者03表示是压缩公钥,04表示未压缩公钥, 04的时候,可以去掉前面的04
ECPublicKeyParameters publicKeyParameters = new ECPublicKeyParameters(pukPoint, domainParameters);
sg.Init(false, publicKeyParameters);
byte[] input = toSign.GetDerEncoded();
sg.BlockUpdate(input, 0, input.Length);
bool pass = sg.VerifySignature(expSigVal);
if (!pass)
{
throw new Exception();
}
}