/// <summary>
/// 使用公钥验证签名
/// </summary>
/// <param name="data">原始数据</param>
/// <param name="sign">签名的base64格式数据</param>
/// <returns></returns>
public static bool Verify(string data, string sign, string publicPemKey)
{
var rsa = RSACryptoServiceProvider.Create();
rsa.ImportParameters(GetRSAParametersFromFromPublicPem(publicPemKey));
return(rsa.VerifyData(Encoding.UTF8.GetBytes(data), Convert.FromBase64String(sign), HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1));
}
public void RoundtripCertificate_Should_Succeed()
{
// Arrange
var originalRsaParameters = RSACryptoServiceProvider.Create(RsaKey.KeySize).ExportParameters(false);
// Act
var model = SerializationModelConverter.Convert(rsaParameters: originalRsaParameters);
var rsaParameters = SerializationModelConverter.Convert(rsaSerializationModel: model);
// Assert
model.D.Should().BeNull();
rsaParameters.D.Should().BeNull();
model.DP.Should().BeNull();
rsaParameters.DP.Should().BeNull();
model.DQ.Should().BeNull();
rsaParameters.DQ.Should().BeNull();
System.Convert.FromBase64String(model.Exponent).SequenceEqual(rsaParameters.Exponent).Should().BeTrue();
model.InverseQ.Should().BeNull();
rsaParameters.InverseQ.Should().BeNull();
System.Convert.FromBase64String(model.Modulus).SequenceEqual(rsaParameters.Modulus).Should().BeTrue();
model.P.Should().BeNull();
rsaParameters.P.Should().BeNull();
model.Q.Should().BeNull();
rsaParameters.Q.Should().BeNull();
}
/// <summary>
/// 使用私钥签名,并返回base64格式的签名
/// </summary>
/// <param name="data">原始数据</param>
/// <returns></returns>
public static string Sign(string data, string privatePemKey)
{
var rsa = RSACryptoServiceProvider.Create();
rsa.ImportParameters(GetRSAParametersFromFromPrivatePem(privatePemKey));
return(Convert.ToBase64String(rsa.SignData(Encoding.UTF8.GetBytes(data), HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1)));
}
static void Main(string[] args)
{
var plainText = "Hello world";
var HashAlgorithm = HashAlgorithmName.SHA256.Name;
var hashedData = HashData(plainText, HashAlgorithm);
Console.WriteLine($"Plain text: {plainText}");
Console.WriteLine($"Hashed text: {Convert.ToBase64String(hashedData)}");
const int KeySize = 2048;
using var rsa = RSACryptoServiceProvider.Create(KeySize);
Console.WriteLine("\nUsing Signature Formatters");
var signature1 = SignByFormatter(rsa, hashedData, HashAlgorithm);
var verificationResult1 = VerifySignatureByFormatter(rsa, hashedData, signature1, HashAlgorithm);
Console.WriteLine($"1st Signature: {Convert.ToBase64String(signature1)}");
Console.WriteLine($"1st Verification result: {verificationResult1}");
// Someone malicious edits your data
var hashedData2 = (byte[])hashedData.Clone();
hashedData2[0] = (byte)new Random().Next();
var verificationResult2 = VerifySignatureByFormatter(rsa, hashedData2, signature1, HashAlgorithm);
Console.WriteLine($"2nd Verification result: {verificationResult2}");
Console.WriteLine("\nUsing RSA only");
var signature2 = rsa.SignHash(hashedData, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
var verificationResult3 = rsa.VerifyHash(hashedData, signature2, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
Console.WriteLine($"2nd Signature: {Convert.ToBase64String(signature2)}");
Console.WriteLine($"3rd Verification result: {verificationResult1}");
}
/// <summary>
/// Generates a new public/private key pair as XML strings
/// </summary>
public void GenerateNewKeyset(ref string publicKeyXML, ref string privateKeyXML)
{
RSA rsa = RSACryptoServiceProvider.Create();
publicKeyXML = rsa.ToXmlString(false);
privateKeyXML = rsa.ToXmlString(true);
}
public override IE2eEndpoint GenerateEndpoint(IE2eSymmetricCipher Cipher)
{
RSA RSA = RSACryptoServiceProvider.Create();
RSA.KeySize = 1024;
return(new RsaEndpoint(RSA, Cipher));
}
/// <summary>
/// 根据pem格式的publicKey加密,此用的是RSACryptoServiceProvider,微软考虑到安全性,约定只有公钥能进行加密
/// </summary>
/// <param name="publicPemKey"></param>
/// <param name="inBuf"></param>
/// <returns></returns>
public static byte[] EncryptByPublicPemKey(string publicPemKey, byte[] inBuf)
{
var para = GetRSAParametersFromFromPublicPem(publicPemKey);
var rsa = RSACryptoServiceProvider.Create();
rsa.ImportParameters(para);
return(rsa.Encrypt(inBuf, RSAEncryptionPadding.Pkcs1));//大多数用的是pkcs1方式,考虑和其它系统或平台的兼容,用此方式
}
public SigningConfigurations()
{
using (var provider = RSACryptoServiceProvider.Create(2048))
{
Key = new RsaSecurityKey(provider.ExportParameters(true));
}
SigningCredentials = new SigningCredentials(Key, SecurityAlgorithms.RsaSha256Signature);
}
/// <summary>秘密鍵と公開鍵を取得する。</summary>
/// <param name="publicKey">公開鍵</param>
/// <param name="privateKey">秘密鍵</param>
public static void GetKeys(out string publicKey, out string privateKey)
{
// RSACryptoServiceProviderオブジェクトの作成
RSA rsa = RSACryptoServiceProvider.Create(); // devps(1703)
// 公開鍵をXML形式で取得
publicKey = rsa.ToXmlString(false);
// 秘密鍵をXML形式で取得
privateKey = rsa.ToXmlString(true);
rsa.Clear(); // devps(1725)
}
public void ConfigureServices(IServiceCollection services)
{
services.AddMvc();
services
.AddDbContext <ApplicationDbContext>(ConfigureDb())
.AddIdentity <ApplicationUser, IdentityRole>()
.AddEntityFrameworkStores <ApplicationDbContext>()
.AddDefaultTokenProviders();
services.ConfigureApplicationCookie(options =>
{
options.Cookie.Name = "Mimoto.Identity";
options.Cookie.HttpOnly = true;
options.ExpireTimeSpan = TimeSpan.FromMinutes(60);
options.SlidingExpiration = true;
});
var identityBuilder = services.AddIdentityServer()
.AddAspNetIdentity <ApplicationUser>()
.AddConfigurationStore(options =>
{
options.ConfigureDbContext = ConfigureDb();
})
// this adds the operational data from DB (codes, tokens, consents)
.AddOperationalStore(options =>
{
options.ConfigureDbContext = ConfigureDb();
// this enables automatic token cleanup. this is optional.
options.EnableTokenCleanup = true;
});
if (_env.IsDevelopment())
{
identityBuilder.AddDeveloperSigningCredential();
}
else
{
SecurityKey key = new RsaSecurityKey(RSACryptoServiceProvider.Create(512));
var signingCredentials = new SigningCredentials(key, SecurityAlgorithms.HmacSha256Signature);
identityBuilder.AddSigningCredential(signingCredentials);
}
services.AddExternalAuthentication(_config)
.AddIfExists("google", (p, a, c) => a.AddGoogle(p, c))
.AddIfExists("facebook", (p, a, c) => a.AddFacebook(p, c))
.AddIfExists("microsoft", (p, a, c) => a.AddMicrosoftAccount(p, c))
.AddIfExists("github", (p, a, c) => a.AddGitHub(p, c));
services.AddSingleton <IWindowsPrincipalProvider, WindowsPrincipalProvider>();
}
public String Sign(Byte[] iData)
{
using (SHA256 pSHAHash = SHA256CryptoServiceProvider.Create())
{
Byte[] pBytSHAHash = pSHAHash.ComputeHash(iData);
using (RSACryptoServiceProvider pCSPRSA = (RSACryptoServiceProvider)RSACryptoServiceProvider.Create())
{
pCSPRSA.ImportParameters(RSAParameters);
Byte[] pBytSignature = pCSPRSA.SignHash(pBytSHAHash, CryptoConfig.MapNameToOID("SHA256"));
return(Convert.ToBase64String(pBytSignature));
}
}
}
public Boolean VerifySignature(Byte[] iData,
Byte[] iSignature)
{
using (SHA256 pSHAHash = SHA256CryptoServiceProvider.Create())
{
Byte[] pBytSHAHash = pSHAHash.ComputeHash(iData);
using (RSACryptoServiceProvider pCSPRSA = (RSACryptoServiceProvider)RSACryptoServiceProvider.Create())
{
pCSPRSA.ImportParameters(RSAParameters);
return(pCSPRSA.VerifyHash(pBytSHAHash, CryptoConfig.MapNameToOID("SHA256"), iSignature));
}
}
}
static void Main(string[] args)
{
RSACryptoServiceProvider rsa = (RSACryptoServiceProvider)RSACryptoServiceProvider.Create();
using (StreamReader pemFile = File.OpenText("su.pem"))
{
rsa.LoadPrivateKeyPEM(pemFile.ReadToEnd());
}
MerchantApiClient client = new MerchantApiClient("c8kqcf", "su", rsa);
LogResponse(client.Get("/merchant/" + client.merchantId + "/"));
LogResponse(client.Post("/pos/", "{\"id\": \"pos1\", \"name\":\"pøs1\", \"type\":\"store\"}"));
LogResponse(client.Delete("/pos/pos1/"));
}
/// <summary>暗号化されたバイト配列を復号化する</summary>
/// <param name="source">暗号化されたバイト配列</param>
/// <param name="privateKey">復号化に使用する秘密鍵</param>
/// <returns>非対称アルゴリズムで復号化されたバイト配列</returns>
public static byte[] DecryptBytes(byte[] source, string privateKey)
{
// RSACryptoServiceProviderオブジェクトの作成
RSACryptoServiceProvider rsa
= (RSACryptoServiceProvider)RSACryptoServiceProvider.Create(); // devps(1703)
// 秘密鍵
rsa.FromXmlString(privateKey);
// 復号化
byte[] temp = rsa.Decrypt(source, false);
rsa.Clear(); // devps(1725)
return(temp);
}
/// <summary>バイト配列を暗号化する</summary>
/// <param name="source">暗号化するバイト配列</param>
/// <param name="publicKey">暗号化に使用する公開鍵</param>
/// <returns>非対称アルゴリズムで暗号化されたバイト配列</returns>
public static byte[] EncryptBytes(byte[] source, string publicKey)
{
// RSACryptoServiceProviderオブジェクトの作成
RSACryptoServiceProvider rsa
= (RSACryptoServiceProvider)RSACryptoServiceProvider.Create(); // devps(1703)
// 公開鍵
rsa.FromXmlString(publicKey);
// 暗号化する
byte[] temp = rsa.Encrypt(source, false);
rsa.Clear(); // devps(1725)
return(temp);
}
static void Main(string[] args)
{
Console.WriteLine("Enter the text to be Encrpted");
RSA Rsa = RSACryptoServiceProvider.Create(512);
//Console.WriteLine(Rsa.ToXmlString(true));
UnicodeEncoding ByteConverter = new UnicodeEncoding();
var cypher = Rsa.Encrypt(ByteConverter.GetBytes("Hello"), RSAEncryptionPadding.OaepSHA1);
Console.WriteLine(ByteConverter.GetString(cypher));
var text = Rsa.Decrypt(cypher, RSAEncryptionPadding.OaepSHA1);
Console.WriteLine(ByteConverter.GetString(text));
//RSAParameters RsaParameters = new RSAParameters();
RSAParameters rs = new RSAParameters();
}
/// <summary>秘密鍵と公開鍵を取得する。</summary>
/// <param name="publicKey">公開鍵</param>
/// <param name="privateKey">秘密鍵</param>
public static void GetKeys(out string publicKey, out string privateKey)
{
// RSACryptoServiceProviderオブジェクトの作成
RSACryptoServiceProvider rsa =
(RSACryptoServiceProvider)RSACryptoServiceProvider.Create();
// 公開鍵をXML形式で取得
publicKey = rsa.ToXmlString(false);
// 秘密鍵をXML形式で取得
privateKey = rsa.ToXmlString(true);
// https://msdn.microsoft.com/en-us/library/tswxhw92.aspx
// https://msdn.microsoft.com/ja-jp/library/tswxhw92.aspx
rsa.PersistKeyInCsp = false;
rsa.Clear(); // devps(1725)
}
/// <summary>対称アルゴリズム暗号化サービスプロバイダ生成</summary>
/// <param name="easa">EnumASymmetricAlgorithm</param>
/// <param name="certificateFilePath">X.509証明書(*.pfx, *.cer)へのパス</param>
/// <param name="password">パスワード</param>
/// <param name="flag">X509KeyStorageFlags</param>
/// <returns>AsymmetricAlgorithm</returns>
public static AsymmetricAlgorithm CreateCryptographySP(EnumASymmetricAlgorithm easa,
string certificateFilePath = "", string password = "",
X509KeyStorageFlags flag = X509KeyStorageFlags.DefaultKeySet)
{
AsymmetricAlgorithm asa = null;
if (easa == EnumASymmetricAlgorithm.X509)
{
// X.509対応
X509Certificate2 x509Key = new X509Certificate2(certificateFilePath, password, flag);
if (string.IsNullOrEmpty(password))
{
asa = x509Key.PublicKey.Key;
}
else
{
asa = x509Key.PrivateKey;
}
}
else
{
if (easa == EnumASymmetricAlgorithm.RsaCsp)
{
// RSACryptoServiceProviderサービスプロバイダ
asa = RSACryptoServiceProvider.Create(); // devps(1703)
}
#if !NET45
else if (easa == EnumASymmetricAlgorithm.RsaCng)
{
// RSACngサービスプロバイダ
asa = RSACng.Create(); // devps(1703)
}
#endif
#if NETSTD
else if (easa == EnumASymmetricAlgorithm.RsaOpenSsl)
{
// RSAOpenSslサービスプロバイダ
asa = RSAOpenSsl.Create(); // devps(1703)
}
#endif
}
return(asa);
}
/// <summary>バイト配列を暗号化する</summary>
/// <param name="source">暗号化するバイト配列</param>
/// <param name="publicKey">暗号化に使用する公開鍵</param>
/// <returns>非対称アルゴリズムで暗号化されたバイト配列</returns>
public static byte[] EncryptBytes(byte[] source, string publicKey)
{
// RSACryptoServiceProviderオブジェクトの作成
RSACryptoServiceProvider rsa
= (RSACryptoServiceProvider)RSACryptoServiceProvider.Create(); // devps(1703)
// 公開鍵
rsa.FromXmlString(publicKey);
// 暗号化する(XP以降の場合のみ2項目にTrueを指定し、OAEPパディングを使用できる)
byte[] temp = rsa.Encrypt(source, false);
// https://msdn.microsoft.com/en-us/library/tswxhw92.aspx
// https://msdn.microsoft.com/ja-jp/library/tswxhw92.aspx
rsa.PersistKeyInCsp = false;
rsa.Clear(); // devps(1725)
return(temp);
}
internal static void CreateKey()
{
using (RSACryptoServiceProvider RSA = new RSACryptoServiceProvider())
{
//Export the key information to an RSAParameters object.
//Pass false to export the public key information or pass
//true to export public and private key information.
RSAParameters RSAParams = RSA.ExportParameters(false);
}
RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();
using (StreamWriter writer = new StreamWriter("PrivateKey.xml")) //这个文件要保密...
{
writer.WriteLine(RSACryptoServiceProvider.Create().ToXmlString(true));
}
using (StreamWriter writer = new StreamWriter("PublicKey.xml"))
{
writer.WriteLine(rsa.ToXmlString(false));
}
}
public void Complete(string token)
{
//generate aes key and iv
AesCryptoServiceProvider aes = (AesCryptoServiceProvider)AesCryptoServiceProvider.Create();
aes.GenerateIV();
aes.GenerateKey();
aes.Padding = PaddingMode.PKCS7;
//encrypt the token and encode as hex
byte[] unencryptedTokenBytes = System.Text.Encoding.UTF8.GetBytes(token);
using (ICryptoTransform encrypt = aes.CreateEncryptor())
{
byte[] encryptedTokenBytes = encrypt.TransformFinalBlock(unencryptedTokenBytes, 0, unencryptedTokenBytes.Length);
EncryptedToken = encryptedTokenBytes.ToHexString();
}
//hex decode the public rsa key xml
string publicRSAKeyXML = PublicRSAKey.StringFromHexString();
//create an initialise an instance of the rsa provider
RSACryptoServiceProvider rsa = (RSACryptoServiceProvider)RSACryptoServiceProvider.Create();
rsa.FromXmlString(publicRSAKeyXML);
//encrypt and hex encode the key
byte[] encryptedAESKeyBytes = rsa.Encrypt(aes.Key, RSAEncryptionPadding.Pkcs1);
string encryptedAESKey = encryptedAESKeyBytes.ToHexString();
//hex encode the IV
string iv = aes.IV.ToHexString();
//concatenate the iv and encrypted key
EncryptedAESKey = String.Format("{0}.{1}", iv, encryptedAESKey);
State = "complete";
}
public ActionResult GetPasswordToken()
{
try
{
PasswordToken token = new PasswordToken
{
Rsa = (RSACryptoServiceProvider)RSACryptoServiceProvider.Create(),
ChallengeData = Guid.NewGuid().ToString("N").Substring(0, 8)
};
var rsa = _randomCodeHelper.CreateObject(RandomCodeNames.PasswordToken, token, TimeSpan.FromMinutes(1));
var p = token.Rsa.ExportParameters(false);
return(Json(new
{
Success = true,
RsaModulus = p.Modulus.ToHexString(),
RsaExponent = p.Exponent.ToHexString(),
ChallengeData = rsa.ChallengeData.GetBytesAscii().ToHexString()
}, JsonRequestBehavior.AllowGet));
}
catch (Exception ex)
{
return(Json(new SimpleAjaxResult(ex.Message), JsonRequestBehavior.AllowGet));
}
}
public IDictionary <string, string> Execute(IDictionary <string, string> options)
{
string keytype;
if (!options.TryGetValue(KEY_TYPE_NAME, out keytype))
{
keytype = DEFAULT_KEYTYPE;
}
string username;
if (!options.TryGetValue(KEY_USERNAME, out username))
{
username = DEFAULT_USERNAME;
}
string keylen_s;
if (!options.TryGetValue(KEY_KEYLEN, out keylen_s))
{
keylen_s = "0";
}
int keylen;
if (!int.TryParse(keylen_s, out keylen))
{
keylen = DEFAULT_KEYLEN;
}
if (KEYTYPE_RSA.Equals(keytype, StringComparison.InvariantCultureIgnoreCase))
{
var rsa = RSACryptoServiceProvider.Create();
if (keylen > 0)
{
rsa.KeySize = keylen;
}
else
{
rsa.KeySize = DEFAULT_KEYLEN;
}
var key = rsa.ExportParameters(true);
var privateEntries = new byte[][] { new byte[] { 0x0 }, key.Modulus, key.Exponent, key.D, key.P, key.Q, key.DP, key.DQ, key.InverseQ };
var publicEntries = new byte[][] {
System.Text.Encoding.ASCII.GetBytes(PUB_KEY_FORMAT_RSA),
key.Exponent,
key.Modulus
};
return(OutputKey(EncodeDER(privateEntries), EncodePEM(publicEntries), KEY_TEMPLATE_RSA, PUB_KEY_FORMAT_RSA, username));
}
else if (KEYTYPE_DSA.Equals(keytype, StringComparison.InvariantCultureIgnoreCase))
{
var dsa = DSACryptoServiceProvider.Create();
if (keylen > 0)
{
dsa.KeySize = keylen;
}
else
{
dsa.KeySize = DEFAULT_KEYLEN;
}
var key = dsa.ExportParameters(true);
var privateEntries = new byte[][] { new byte[] { 0x0 }, key.P, key.Q, key.G, key.Y, key.X };
var publicEntries = new byte[][] {
System.Text.Encoding.ASCII.GetBytes(PUB_KEY_FORMAT_DSA),
key.P,
key.Q,
key.G,
key.Y
};
return(OutputKey(EncodeDER(privateEntries), EncodePEM(publicEntries), KEY_TEMPLATE_DSA, PUB_KEY_FORMAT_DSA, username));
}
else
{
throw new Exception(string.Format("Unsupported key type: {0}", keytype));
}
}
