internal bool VerifySignature(RSA rsa)
{
RSAPKCS1SignatureDeformatter rsapkcs1SignatureDeformatter = new RSAPKCS1SignatureDeformatter(rsa);
string hashNameFromOID = this.GetHashNameFromOID(this.m_signaturealgo);
if (hashNameFromOID == null)
{
throw new CryptographicException("Unsupported hash algorithm: " + this.m_signaturealgo);
}
rsapkcs1SignatureDeformatter.SetHashAlgorithm(hashNameFromOID);
return(rsapkcs1SignatureDeformatter.VerifySignature(this.Hash, this.Signature));
}
/// <summary>
/// Verifies a PKS1 signature of SHA1 digest
/// </summary>
/// <param name="xParam">Keys</param>
/// <param name="xHash">Hash to sign</param>
/// <param name="xSignature">Outputs the signature</param>
/// <returns></returns>
public static bool SignatureVerify(RSAParameters xParam, byte[] xHash, byte[] xSignature)
{
RSACryptoServiceProvider xRSACrypto = new RSACryptoServiceProvider();
RSAPKCS1SignatureDeformatter xRSASigDeformat = new RSAPKCS1SignatureDeformatter();
try { xRSACrypto.ImportParameters(xParam); }
catch (Exception xerror) { throw xerror; }
xRSASigDeformat.SetHashAlgorithm("SHA1");
xRSASigDeformat.SetKey(xRSACrypto);
try { return(xRSASigDeformat.VerifySignature(xHash, xSignature)); }
catch { throw CryptoExcepts.CryptoVeri; }
}
/// <summary>
/// RSA_SignatureVerify
/// </summary>
/// <param name="publicKey">publicKey</param>
/// <param name="RSA_HashDescription_String">RSA_HashDescription_String</param>
/// <param name="RSA_Signature_String">RSA_Signature_String</param>
/// <returns></returns>
public static bool RSA_SignatureVerify(string publicKey, string RSA_HashDescription_String, string RSA_Signature_String)
{
using (RSACryptoServiceProvider RSA = new RSACryptoServiceProvider())
{
RSA.FromXmlString(publicKey);
RSAPKCS1SignatureDeformatter RSADeformatter = new RSAPKCS1SignatureDeformatter(RSA);
RSADeformatter.SetHashAlgorithm("MD5");
byte[] HashDescription_String = Convert.FromBase64String(RSA_HashDescription_String);
byte[] Signature_String = Convert.FromBase64String(RSA_Signature_String);
return(RSADeformatter.VerifySignature(HashDescription_String, Signature_String) == true ? true : false);
}
}
public override bool Verify(byte[] signature, byte[] toCompare)
{
using var rsaProvider = new RSACryptoServiceProvider((int)Options.KeySize, Options.CspParameters)
{
PersistKeyInCsp = true,
};
var rsaDeformatter = new RSAPKCS1SignatureDeformatter(rsaProvider);
rsaDeformatter.SetHashAlgorithm(Options.HashAlgorithm.ToString());
return(rsaDeformatter.VerifySignature(toCompare, signature));
}
public bool VerificarAssinatura(byte[] hashDeDadosParaAssinar, byte[] assinatura)
{
using (var rsa = new RSACryptoServiceProvider(2048))
{
rsa.ImportParameters(_chavePublica);
var rsaDesformato = new RSAPKCS1SignatureDeformatter(rsa);
rsaDesformato.SetHashAlgorithm("SHA256");
return(rsaDesformato.VerifySignature(hashDeDadosParaAssinar, assinatura));
}
}
/// <summary>
/// Create a deformatter
/// </summary>
/// <param name="key">Key</param>
/// <returns>Deformatter</returns>
public override AsymmetricSignatureDeformatter CreateDeformatter(AsymmetricAlgorithm key)
{
if (key == null)
{
throw new ArgumentNullException(nameof(key));
}
var df = new RSAPKCS1SignatureDeformatter(key);
df.SetHashAlgorithm(typeof(SHA256Managed).FullName);
return(df);
}
public static bool CheckSignature(byte[] data, byte[] sig, RSAParameters rsaParams)
{
RSACryptoServiceProvider provider = new RSACryptoServiceProvider();
provider.ImportParameters(rsaParams);
RSAPKCS1SignatureDeformatter formatter = new RSAPKCS1SignatureDeformatter(provider);
formatter.SetHashAlgorithm("SHA256");
return(formatter.VerifySignature(Hash(data), sig));
}
public void OnActionExecuting(ActionExecutingContext filterContext)
{
if (filterContext.HttpContext.User != null && (filterContext.HttpContext.User.Identity as ClaimsIdentity).Claims.Any())
{
var currentUserClaim = (filterContext.HttpContext.User.Identity as ClaimsIdentity).Claims.FirstOrDefault(claim => claim.Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier");
if (currentUserClaim != null)
{
var currentUser = currentUserClaim.Value;
if (currentUser != null)
{
if (UserForLogOutDictionary.ContainsKey(currentUser))
{
FederatedAuthentication.SessionAuthenticationModule.DeleteSessionTokenCookie();
filterContext.HttpContext.Response.Redirect(UrlHelper.GenerateContentUrl("~/", filterContext.HttpContext));
filterContext.HttpContext.Response.End();
string temp;
UserForLogOutDictionary.TryRemove(currentUserClaim.Value, out temp);
}
}
}
}
var extendeduser = filterContext.HttpContext.Request.Form.Get("SAMLLogoutUser");
if (string.IsNullOrEmpty(extendeduser))
{
return;
}
var user = extendeduser.Split(";".ToCharArray())[0];
var issuer = HttpUtility.UrlDecode(extendeduser.Split(";".ToCharArray())[1]);
var signed = filterContext.HttpContext.Request.Form.Get("hash");
var cert = AuthServicesController.Options.IdentityProviders[new EntityId()
{
Id = issuer
}];
RSAPKCS1SignatureDeformatter RSADeformatter = new RSAPKCS1SignatureDeformatter(cert.SigningKeys.First());
RSADeformatter.SetHashAlgorithm("SHA1");
SHA1Managed SHhash = new SHA1Managed();
if (RSADeformatter.VerifySignature(
SHhash.ComputeHash(new UnicodeEncoding().GetBytes(HttpUtility.UrlEncode(extendeduser))),
System.Convert.FromBase64String(signed))
)
{
UserForLogOutDictionary[user] = "true";
return;
}
}
public override AsymmetricSignatureDeformatter CreateDeformatter(AsymmetricAlgorithm key)
{
if (key == null)
{
throw new ArgumentNullException("key");
}
var deformatter = new RSAPKCS1SignatureDeformatter(key);
deformatter.SetHashAlgorithm("SHA512");
return(deformatter);
}
public bool SignatureDeformatter(string p_strKeyPublic, byte[] HashbyteDeformatter, byte[] DeformatterData)
{
RSACryptoServiceProvider RSA = new RSACryptoServiceProvider();
RSA.FromXmlString(p_strKeyPublic);
RSAPKCS1SignatureDeformatter RSADeformatter = new RSAPKCS1SignatureDeformatter(RSA);
//指定解密的时候HASH算法为MD5
RSADeformatter.SetHashAlgorithm("MD5");
return(RSADeformatter.VerifySignature(HashbyteDeformatter, DeformatterData));
}
/// <summary>
/// Creates signature deformatter
/// </summary>
/// <param name="key">The key to use in the <see cref="T:System.Security.Cryptography.AsymmetricSignatureDeformatter" />.</param>
/// <returns>The newly created <see cref="T:System.Security.Cryptography.AsymmetricSignatureDeformatter" /> instance.</returns>
public override AsymmetricSignatureDeformatter CreateDeformatter(AsymmetricAlgorithm key)
{
if (key == null)
{
throw new ArgumentNullException("RSAPKCS1SHA256SignatureDescription AsymmetricAlgorithm param: key is null");
}
RSAPKCS1SignatureDeformatter deformatter = new RSAPKCS1SignatureDeformatter(key);
deformatter.SetHashAlgorithm("SHA256");
return(deformatter);
}
public bool VerifySignature(byte[] sha256hashOfDataToSign, string signature, string key)
{
this.rsa.ImportRSAPublicKey(this.ImportKey(key), out _);
var rsaDeformatter = new RSAPKCS1SignatureDeformatter(this.rsa);
rsaDeformatter.SetHashAlgorithm("SHA256");
var byteSignature = Convert.FromBase64String(signature);
return(rsaDeformatter.VerifySignature(sha256hashOfDataToSign, byteSignature));
}
/// <summary>
/// RSA签名认证
/// </summary>
/// <param name="publicKey">公钥</param>
/// <param name="hashDateStr">hash描述符</param>
/// <param name="inputString">签名后的字符串</param>
/// <returns></returns>
public static bool SignatureDeformatter(string publicKey, string hashDateStr, string inputString)
{
byte[] hashbyteDeformatter = Convert.FromBase64String(hashDateStr);
byte[] deformatterDate = Convert.FromBase64String(inputString);
RSACryptoServiceProvider rsp = new RSACryptoServiceProvider();
rsp.FromXmlString(publicKey);
RSAPKCS1SignatureDeformatter rsaDeformatter = new RSAPKCS1SignatureDeformatter(rsp);
rsaDeformatter.SetHashAlgorithm("MD5");
return(rsaDeformatter.VerifySignature(hashbyteDeformatter, deformatterDate));
}
public bool VerifySignature(byte[] hashOfDataToSign, byte[] signature, string senderEmail)
{
using (var rsa = new RSACryptoServiceProvider(2048))
{
rsa.FromXmlString(File.ReadAllText($"storage/{senderEmail}/keys/publicKey{senderEmail}.xml"));
var rsaDeformatter = new RSAPKCS1SignatureDeformatter(rsa);
rsaDeformatter.SetHashAlgorithm("SHA256");
return(rsaDeformatter.VerifySignature(hashOfDataToSign, signature));
}
}
public static bool ValidSignature(byte[] digestBytes, byte[] signatureBytes, string xmlPublicKey)
{
var rsaCsp = new RSACryptoServiceProvider();
rsaCsp.FromXmlString(xmlPublicKey);
var rsaPsd = new RSAPKCS1SignatureDeformatter(rsaCsp);
rsaPsd.SetHashAlgorithm(hashAlgorithmName);
var isValid = rsaPsd.VerifySignature(digestBytes, signatureBytes);
return(isValid);
}
public bool VerifySignature(byte[] data, byte[] signature, byte[] publicKey)
{
using (var rsa = new RSACryptoServiceProvider(2048))
{
rsa.ImportRSAPublicKey(publicKey, out _);
var rsaDeformatter = new RSAPKCS1SignatureDeformatter(rsa);
rsaDeformatter.SetHashAlgorithm("SHA256");
return(rsaDeformatter.VerifySignature(data, signature));
}
}
internal bool VerifySignature(RSA rsa)
{
// SHA1-1 with DSA
if (m_signaturealgo == "1.2.840.10040.4.3")
{
return(false);
}
RSAPKCS1SignatureDeformatter v = new RSAPKCS1SignatureDeformatter(rsa);
v.SetHashAlgorithm(PKCS1.HashNameFromOid(m_signaturealgo));
return(v.VerifySignature(this.Hash, this.Signature));
}
public static bool VerifySignature(byte[] hashOfDataToSign, byte[] signature)
{
using (var rsa = new RSACryptoServiceProvider(2048))
{
rsa.ImportParameters(_publicKey);
var rsaDeformatter = new RSAPKCS1SignatureDeformatter(rsa);
rsaDeformatter.SetHashAlgorithm("SHA256");
return(rsaDeformatter.VerifySignature(hashOfDataToSign, signature));
}
}
public bool SignatureDeformatter(string p_strKeyPublic, string p_strHashbyteDeformatter, string p_strDeformatterData)
{
byte[] rgbHash = Convert.FromBase64String(p_strHashbyteDeformatter);
RSACryptoServiceProvider key = new RSACryptoServiceProvider();
key.FromXmlString(p_strKeyPublic);
RSAPKCS1SignatureDeformatter deformatter = new RSAPKCS1SignatureDeformatter(key);
deformatter.SetHashAlgorithm("MD5");
byte[] rgbSignature = Convert.FromBase64String(p_strDeformatterData);
return(deformatter.VerifySignature(rgbHash, rgbSignature));
}
private void ValidateDownload()
{
if (bw.CancellationPending)
{
return;
}
if (Adler32 != 0 && Adler32 != downloadedAdler32.Value)
{
throw new Exception("The downloaded file \"" + Path.GetFileName(DownloadingTo) + "\" failed the Adler32 validation.");
}
if (PublicSignKey != null)
{
if (SignedSHA1Hash == null)
{
throw new Exception("The downloaded file \"" + Path.GetFileName(DownloadingTo) + "\" is not signed.");
}
byte[] array = null;
try
{
using (FileStream inputStream = new FileStream(DownloadingTo, FileMode.Open, FileAccess.Read))
{
using (SHA1CryptoServiceProvider sHA1CryptoServiceProvider = new SHA1CryptoServiceProvider())
{
array = sHA1CryptoServiceProvider.ComputeHash(inputStream);
}
}
RSACryptoServiceProvider rSACryptoServiceProvider = new RSACryptoServiceProvider();
rSACryptoServiceProvider.FromXmlString(PublicSignKey);
RSAPKCS1SignatureDeformatter rSAPKCS1SignatureDeformatter = new RSAPKCS1SignatureDeformatter(rSACryptoServiceProvider);
rSAPKCS1SignatureDeformatter.SetHashAlgorithm("SHA1");
if (!rSAPKCS1SignatureDeformatter.VerifySignature(array, SignedSHA1Hash))
{
throw new Exception("Verification failed.");
}
}
catch (Exception ex)
{
string str = "The downloaded file \"" + Path.GetFileName(DownloadingTo) + "\" failed the signature validation: " + ex.Message;
long length = new FileInfo(DownloadingTo).Length;
str = str + "\r\n\r\nThis error is likely caused by a download that ended prematurely. Total size of the downloaded file: " + BytesToString(length, time: false);
if ((double)length >= 921.6)
{
object obj = str;
str = obj + " (" + length + " bytes).";
}
if (array != null)
{
str = str + "\r\n\r\nComputed SHA1 hash of the downloaded file: " + BitConverter.ToString(array);
}
throw new Exception(str);
}
}
}
/// <summary>
/// RSA 签名验证
/// </summary>
/// <param name="pStrKeyPublic">公钥</param>
/// <param name="hashbyteDeformatter"></param>
/// <param name="deformatterData"></param>
/// <returns></returns>
public bool SignatureDeformatter(string pStrKeyPublic, byte[] hashbyteDeformatter, byte[] deformatterData)
{
var rsa = new RSACryptoServiceProvider();
rsa.FromXmlString(pStrKeyPublic);
var rsaDeformatter = new RSAPKCS1SignatureDeformatter(rsa);
//指定解密的时候HASH算法为MD5
rsaDeformatter.SetHashAlgorithm("MD5");
return(rsaDeformatter.VerifySignature(hashbyteDeformatter, deformatterData));
}
public static bool VerifySignature(string publicKeyPath, byte[] hashOfDataToSign, byte[] signature)
{
using (var rsa = new RSACryptoServiceProvider(2048))
{
rsa.FromXmlString(File.ReadAllText(publicKeyPath));
var rsaDeformatter = new RSAPKCS1SignatureDeformatter(rsa);
rsaDeformatter.SetHashAlgorithm("SHA256");
return(rsaDeformatter.VerifySignature(hashOfDataToSign, signature));
}
}
public bool veritifySignature(byte[] hash, byte[] signedHash)
{
signatureDeformatter.SetHashAlgorithm("SHA256");
if (signatureDeformatter.VerifySignature(hash, signedHash) == true)
{
return(true);
}
else
{
return(false);
}
}
public bool VerifySignature(byte[] hashOfDataToSign, byte[] signature)
{
using (RSACryptoServiceProvider rsaProvider = new RSACryptoServiceProvider(2048))
{
rsaProvider.ImportParameters(publicKey);
RSAPKCS1SignatureDeformatter rsaDeformatter = new RSAPKCS1SignatureDeformatter(rsaProvider);
rsaDeformatter.SetHashAlgorithm(_hashAlgorithm);
return(rsaDeformatter.VerifySignature(hashOfDataToSign, signature));
}
}
internal bool VerifySignature(RSA rsa)
{
RSAPKCS1SignatureDeformatter v = new RSAPKCS1SignatureDeformatter(rsa);
switch (m_signaturealgo)
{
// MD2 with RSA encryption
case "1.2.840.113549.1.1.2":
// maybe someone installed MD2 ?
v.SetHashAlgorithm("MD2");
break;
// MD4 with RSA encryption
case "1.2.840.113549.1.1.3":
// maybe someone installed MD4 ?
v.SetHashAlgorithm("MD4");
break;
// MD5 with RSA encryption
case "1.2.840.113549.1.1.4":
v.SetHashAlgorithm("MD5");
break;
// SHA-1 with RSA Encryption
case "1.2.840.113549.1.1.5":
case "1.3.14.3.2.29":
v.SetHashAlgorithm("SHA1");
break;
// SHA-256 with RSA Encryption
case "1.2.840.113549.1.1.11":
v.SetHashAlgorithm("SHA256");
break;
// SHA-384 with RSA Encryption
case "1.2.840.113549.1.1.12":
v.SetHashAlgorithm("SHA384");
break;
// SHA-512 with RSA Encryption
case "1.2.840.113549.1.1.13":
v.SetHashAlgorithm("SHA512");
break;
// SHA1-1 with DSA
case "1.2.840.10040.4.3":
// invalid but this can occurs when building a bad chain - e.g. missing certificate(s)
// we return false so we can report the "chain" error to the user (not an exception)
return(false);
default:
throw new CryptographicException("Unsupported hash algorithm: " + m_signaturealgo);
}
return(v.VerifySignature(this.Hash, this.Signature));
}
private RSAPKCS1SignatureDeformatter GetDefaultDeformatter(string hashName)
{
// no need for the private key
RSA rsa = RSA.Create();
rsa.ImportParameters(AllTests.GetRsaKey(false));
RSAPKCS1SignatureDeformatter fmt = new RSAPKCS1SignatureDeformatter();
fmt.SetKey(rsa);
fmt.SetHashAlgorithm(hashName);
return(fmt);
}
public static bool VerifySignature(string xmlPublicKey, byte[] encryptBuffer, byte[] signatureBuffer)
{
bool result;
using (RSACryptoServiceProvider rsa = new RSACryptoServiceProvider())
{
rsa.FromXmlString(xmlPublicKey);
RSAPKCS1SignatureDeformatter RSADeformatter = new RSAPKCS1SignatureDeformatter(rsa);
RSADeformatter.SetHashAlgorithm("MD5");
result = RSADeformatter.VerifySignature(MD5.Create(encryptBuffer), signatureBuffer);
}
return(result);
}
/// <inheritdoc />
public override AsymmetricSignatureDeformatter CreateDeformatter(AsymmetricAlgorithm key)
{
if (key == null)
{
throw new ArgumentNullException(nameof(key));
}
key = GetSha2CompatibleKey(key);
var deformatter = new RSAPKCS1SignatureDeformatter(key);
deformatter.SetHashAlgorithm("SHA256");
return(deformatter);
}
public override AsymmetricSignatureDeformatter CreateDeformatter(AsymmetricAlgorithm key)
{
if (key == null)
{
throw new Exception("Invalid key specified for RSAPKCS1SHA256SignatureDescription!");
}
RSAPKCS1SignatureDeformatter deformatter = new RSAPKCS1SignatureDeformatter(key);
deformatter.SetHashAlgorithm("SHA256");
return(deformatter);
}
/// <summary>
/// Check given signature
/// </summary>
/// <param name="signature">Signature</param>
/// <param name="publicKey">Public key of user who created signature</param>
/// <param name="expectedResult">Expected answer of signature</param>
/// <returns>True or false</returns>
public static bool CheckSignature(byte[] signature, RSAParameters publicKey, byte[] expectedResult)
{
using (var rsa = new RSACryptoServiceProvider())
{
rsa.PersistKeyInCsp = false;
rsa.ImportParameters(publicKey);
var rsaDeformatter = new RSAPKCS1SignatureDeformatter(rsa);
rsaDeformatter.SetHashAlgorithm("SHA512");
return(rsaDeformatter.VerifySignature(expectedResult, signature));
}
}
public static void InvalidHashAlgorithm()
{
using (RSA rsa = RSAFactory.Create())
{
var formatter = new RSAPKCS1SignatureFormatter(rsa);
var deformatter = new RSAPKCS1SignatureDeformatter(rsa);
// Exception is deferred until VerifySignature
formatter.SetHashAlgorithm("INVALIDVALUE");
deformatter.SetHashAlgorithm("INVALIDVALUE");
using (SHA1 alg = SHA1.Create())
{
Assert.Throws<CryptographicUnexpectedOperationException>(() =>
VerifySignature(formatter, deformatter, alg, "INVALIDVALUE"));
}
}
}
public override AsymmetricSignatureDeformatter CreateDeformatter(AsymmetricAlgorithm key)
{
if (key == null)
{
throw new ArgumentNullException("key");
}
RSAPKCS1SignatureDeformatter deformatter = new RSAPKCS1SignatureDeformatter(key);
deformatter.SetHashAlgorithm("SHA256");
return deformatter;
}
/// <summary>
/// Verifies a PKS1 signature of SHA1 digest
/// </summary>
/// <param name="xParam">Keys</param>
/// <param name="xHash">Hash to sign</param>
/// <param name="xSignature">Outputs the signature</param>
/// <returns></returns>
public static bool SignatureVerify(RSAParameters xParam, byte[] xHash, byte[] xSignature)
{
RSACryptoServiceProvider xRSACrypto = new RSACryptoServiceProvider();
RSAPKCS1SignatureDeformatter xRSASigDeformat = new RSAPKCS1SignatureDeformatter();
try { xRSACrypto.ImportParameters(xParam); }
catch (Exception xerror) { throw xerror; }
xRSASigDeformat.SetHashAlgorithm("SHA1");
xRSASigDeformat.SetKey(xRSACrypto);
try { return xRSASigDeformat.VerifySignature(xHash, xSignature); }
catch { throw CryptoExcepts.CryptoVeri; }
}
public static void VerifyKnownSignature()
{
byte[] hash = "012d161304fa0c6321221516415813022320620c".HexToByteArray();
byte[] sig;
using (RSA key = RSAFactory.Create())
{
key.ImportParameters(TestData.RSA1024Params);
RSAPKCS1SignatureFormatter formatter = new RSAPKCS1SignatureFormatter(key);
formatter.SetHashAlgorithm("SHA1");
sig = formatter.CreateSignature(hash);
byte[] expectedSig =
("566390012605b1c4c01c3c2f91ce27d19476ab7131d9ee9cd1b811afb2be02ab6b498b862f0b2368ed6b09ccc9e0ec0d4f97a4f318f4f11" +
"ae882a1131012dc35d2e0b810a38e05da71d291e88b306605c9d34815091641370bd7db7a87b115bd427fcb9993bc5ba2bd518745aef80c" +
"a4557cfa1d827ff1610595d8eeb4c15073").HexToByteArray();
Assert.Equal(expectedSig, sig);
}
using (RSA key = RSAFactory.Create()) // Test against a different instance
{
key.ImportParameters(TestData.RSA1024Params);
RSAPKCS1SignatureDeformatter deformatter = new RSAPKCS1SignatureDeformatter(key);
deformatter.SetHashAlgorithm("SHA1");
bool verified = deformatter.VerifySignature(hash, sig);
Assert.True(verified);
sig[3] ^= 0xff;
verified = deformatter.VerifySignature(hash, sig);
Assert.False(verified);
}
}