public int ZJ_Hmac_SM3(string key, string secret, string unix_timestamp, string request_body, out string value) { try { var stringToSign = $"{unix_timestamp}\n{ request_body}"; byte[] msg1 = Encoding.UTF8.GetBytes(stringToSign); byte[] key1 = Encoding.UTF8.GetBytes(secret); Org.BouncyCastle.Crypto.Parameters.KeyParameter keyParameter = new Org.BouncyCastle.Crypto.Parameters.KeyParameter(key1); Org.BouncyCastle.Crypto.Digests.SM3Digest sm3 = new Org.BouncyCastle.Crypto.Digests.SM3Digest(); Org.BouncyCastle.Crypto.Macs.HMac mac = new Org.BouncyCastle.Crypto.Macs.HMac(sm3);//带密钥的杂凑算法 mac.Init(keyParameter); mac.BlockUpdate(msg1, 0, msg1.Length); byte[] result = new byte[mac.GetMacSize()]; mac.DoFinal(result, 0); value = new UTF8Encoding().GetString(Org.BouncyCastle.Utilities.Encoders.Hex.Encode(result)); return(0); } catch (Exception ex) { value = ex.Message; return(1); } }
/// <summary> /// /// </summary> /// <param name="key"></param> /// <param name="data"></param> /// <returns></returns> public static byte[] HMACSHA256(byte[] key, byte[] data) { var mac = new Org.BouncyCastle.Crypto.Macs.HMac(new Org.BouncyCastle.Crypto.Digests.Sha256Digest()); mac.Init(new Org.BouncyCastle.Crypto.Parameters.KeyParameter(key)); mac.BlockUpdate(data, 0, data.Length); byte[] result = new byte[mac.GetMacSize()]; mac.DoFinal(result, 0); return(result); }
public static byte[] HmacSha512(string text, string key) { byte[] bytes = System.Text.Encoding.UTF8.GetBytes(text); Org.BouncyCastle.Crypto.Macs.HMac hmac = new Org.BouncyCastle.Crypto.Macs.HMac(new Org.BouncyCastle.Crypto.Digests.Sha512Digest()); hmac.Init(new Org.BouncyCastle.Crypto.Parameters.KeyParameter(System.Text.Encoding.UTF8.GetBytes(key))); byte[] result = new byte[hmac.GetMacSize()]; hmac.BlockUpdate(bytes, 0, bytes.Length); hmac.DoFinal(result, 0); return(result); }
// http://crypto.stackexchange.com/questions/5646/what-are-the-differences-between-a-digital-signature-a-mac-and-a-hash // Integrity: Can the recipient be confident that the message has not been accidentally modified? // Authentication: Can the recipient be confident that the message originates from the sender? // Non-repudiation: If the recipient passes the message and the proof to a third party, // can the third party be confident that the message originated from the sender? // Cryptographic primitive | Hash | MAC | Digital // Security Goal | | | signature // ------------------------+------+-----------+------------- // Integrity | Yes | Yes | Yes // Authentication | No | Yes | Yes // Non-repudiation | No | No | Yes // ------------------------+------+-----------+------------- // Kind of keys | none | symmetric | asymmetric // | | keys | keys static JsonWebToken() { JsonSerializer = new DefaultJsonSerializer(); UnixEpoch = new System.DateTime(1970, 1, 1, 0, 0, 0, 0, System.DateTimeKind.Utc); // https://stackoverflow.com/questions/10055158/is-there-a-json-web-token-jwt-example-in-c // https://stackoverflow.com/questions/34403823/verifying-jwt-signed-with-the-rs256-algorithm-using-public-key-in-c-sharp // http://codingstill.com/2016/01/verify-jwt-token-signed-with-rs256-using-the-public-key/ HashAlgorithms = new System.Collections.Generic.Dictionary <JwtHashAlgorithm, GenericHashFunction_t> { { JwtHashAlgorithm.None, delegate(JwtKey key, byte[] value) { throw new TokenAlgorithmRefusedException(); } }, { JwtHashAlgorithm.HS256, delegate(JwtKey key, byte[] value) { // using (HMACSHA256 sha = new HMACSHA256(key.MacKeyBytes)) { return sha.ComputeHash(value); } Org.BouncyCastle.Crypto.Macs.HMac hmac = new Org.BouncyCastle.Crypto.Macs.HMac( new Org.BouncyCastle.Crypto.Digests.Sha256Digest() ); hmac.Init(new Org.BouncyCastle.Crypto.Parameters.KeyParameter(key.MacKeyBytes)); byte[] result = new byte[hmac.GetMacSize()]; hmac.BlockUpdate(value, 0, value.Length); hmac.DoFinal(result, 0); return(result); } }, // { JwtHashAlgorithm.HS384, delegate(byte[] key, byte[]value) { using (HMACSHA384 sha = new HMACSHA384(key)) { return sha.ComputeHash(value); } } }, { JwtHashAlgorithm.HS384, delegate(JwtKey key, byte[] value) { // using (HMACSHA384 sha = new HMACSHA384(key.MacKeyBytes)) { return sha.ComputeHash(value); } Org.BouncyCastle.Crypto.Macs.HMac hmac = new Org.BouncyCastle.Crypto.Macs.HMac( new Org.BouncyCastle.Crypto.Digests.Sha384Digest() ); hmac.Init(new Org.BouncyCastle.Crypto.Parameters.KeyParameter(key.MacKeyBytes)); byte[] result = new byte[hmac.GetMacSize()]; hmac.BlockUpdate(value, 0, value.Length); hmac.DoFinal(result, 0); return(result); } }, { JwtHashAlgorithm.HS512, delegate(JwtKey key, byte[] value) { // using (HMACSHA512 sha = new HMACSHA512(key.MacKeyBytes)) { return sha.ComputeHash(value); } Org.BouncyCastle.Crypto.Macs.HMac hmac = new Org.BouncyCastle.Crypto.Macs.HMac( new Org.BouncyCastle.Crypto.Digests.Sha512Digest() ); hmac.Init(new Org.BouncyCastle.Crypto.Parameters.KeyParameter(key.MacKeyBytes)); byte[] result = new byte[hmac.GetMacSize()]; hmac.BlockUpdate(value, 0, value.Length); hmac.DoFinal(result, 0); return(result); } }, { JwtHashAlgorithm.RS256, delegate(JwtKey key, byte[] value) { Org.BouncyCastle.Crypto.AsymmetricKeyParameter privKey = key.PrivateKey; Org.BouncyCastle.Crypto.ISigner signer = // https://github.com/neoeinstein/bouncycastle/blob/master/crypto/src/security/SignerUtilities.cs Org.BouncyCastle.Security.SignerUtilities.GetSigner("SHA-256withRSA"); signer.Init(true, privKey); signer.BlockUpdate(value, 0, value.Length); return(signer.GenerateSignature()); } }, { JwtHashAlgorithm.RS384, delegate(JwtKey key, byte[] value) { Org.BouncyCastle.Crypto.AsymmetricKeyParameter privKey = key.PrivateKey; Org.BouncyCastle.Crypto.ISigner signer = // https://github.com/neoeinstein/bouncycastle/blob/master/crypto/src/security/SignerUtilities.cs Org.BouncyCastle.Security.SignerUtilities.GetSigner("SHA-384withRSA"); signer.Init(true, privKey); signer.BlockUpdate(value, 0, value.Length); return(signer.GenerateSignature()); } }, { JwtHashAlgorithm.RS512 , delegate(JwtKey key, byte[] value) { Org.BouncyCastle.Crypto.AsymmetricKeyParameter privKey = key.PrivateKey; Org.BouncyCastle.Crypto.ISigner signer = // https://github.com/neoeinstein/bouncycastle/blob/master/crypto/src/security/SignerUtilities.cs Org.BouncyCastle.Security.SignerUtilities.GetSigner("SHA-512withRSA"); signer.Init(true, privKey); signer.BlockUpdate(value, 0, value.Length); return(signer.GenerateSignature()); } }, // https://github.com/mono/mono/tree/master/mcs/class/referencesource/System.Core/System/Security/Cryptography // https://github.com/mono/mono/blob/master/mcs/class/referencesource/System.Core/System/Security/Cryptography/ECDsaCng.cs // https://github.com/mono/mono/blob/master/mcs/class/referencesource/System.Core/System/Security/Cryptography/ECDsa.cs // ECDsaCng => next generation cryptography // Is just a wrapper around ncrypt, plus some constructors throw on mono/netstandard... in short - horrible thing { JwtHashAlgorithm.ES256, delegate(JwtKey key, byte[] value) { Org.BouncyCastle.Crypto.AsymmetricKeyParameter privKey = key.PrivateKey; Org.BouncyCastle.Crypto.ISigner signer = // https://github.com/neoeinstein/bouncycastle/blob/master/crypto/src/security/SignerUtilities.cs Org.BouncyCastle.Security.SignerUtilities.GetSigner("SHA-256withECDSA"); signer.Init(true, privKey); signer.BlockUpdate(value, 0, value.Length); return(signer.GenerateSignature()); } }, { JwtHashAlgorithm.ES384, delegate(JwtKey key, byte[] value) { Org.BouncyCastle.Crypto.AsymmetricKeyParameter privKey = key.PrivateKey; Org.BouncyCastle.Crypto.ISigner signer = // https://github.com/neoeinstein/bouncycastle/blob/master/crypto/src/security/SignerUtilities.cs Org.BouncyCastle.Security.SignerUtilities.GetSigner("SHA-384withECDSA"); signer.Init(true, privKey); signer.BlockUpdate(value, 0, value.Length); return(signer.GenerateSignature()); } }, { JwtHashAlgorithm.ES512, delegate(JwtKey key, byte[] value) { Org.BouncyCastle.Crypto.AsymmetricKeyParameter privKey = key.PrivateKey; Org.BouncyCastle.Crypto.ISigner signer = // https://github.com/neoeinstein/bouncycastle/blob/master/crypto/src/security/SignerUtilities.cs Org.BouncyCastle.Security.SignerUtilities.GetSigner("SHA-512withECDSA"); signer.Init(true, privKey); signer.BlockUpdate(value, 0, value.Length); return(signer.GenerateSignature()); } }, }; } // End Constructor