Rsa加密 解密 签名 验签
RsaBaseParameters
using System.Security.Cryptography; using System.Text; namespace Benchint.Util.Rsa.Models { /// <summary> /// RSA基础参数 /// </summary> public abstract class RsaBaseParameters { /// <summary> /// 编码 默认(UTF-8) /// </summary> public Encoding Encoding { get; set; } = Encoding.UTF8; } }
RsaDecryptParameters
using System.Security.Cryptography; namespace Benchint.Util.Rsa.Models { /// <summary> /// RSA解密参数 /// </summary> public class RsaDecryptParameters : RsaBaseParameters { /// <summary> /// 操作数据 /// </summary> public string Data { get; set; } /// <summary> /// 私钥 /// </summary> public string PrivateKey { get; set; } /// <summary> /// 加密填充方式 默认(Pkcs1) /// </summary> public RSAEncryptionPadding RsaEncryptionPadding { get; set; } = RSAEncryptionPadding.Pkcs1; } }
RsaEncryptParameters
using System.Security.Cryptography; namespace Benchint.Util.Rsa.Models { /// <summary> /// Rsa加密参数 /// </summary> public class RsaEncryptParameters : RsaBaseParameters { /// <summary> /// 操作数据 /// </summary> public string Data { get; set; } /// <summary> /// 私钥 /// </summary> public string PublicKey { get; set; } /// <summary> /// 加密填充方式 默认(Pkcs1) /// </summary> public RSAEncryptionPadding RsaEncryptionPadding { get; set; } = RSAEncryptionPadding.Pkcs1; } }
RsaSignParameters
using System.Security.Cryptography; namespace Benchint.Util.Rsa.Models { /// <summary> /// Rsa签名参数 /// </summary> public class RsaSignParameters : RsaBaseParameters { /// <summary> /// 操作数据 /// </summary> public string Data { get; set; } /// <summary> /// 私钥 /// </summary> public string PrivateKey { get; set; } /// <summary> /// 签名填充方式 默认(Pkcs1) /// </summary> public RSASignaturePadding RsaSignaturePadding { get; set; } = RSASignaturePadding.Pkcs1; /// <summary> /// 散列算法 默认(SHA256) /// </summary> public HashAlgorithmName HashAlgorithmName { get; set; } = HashAlgorithmName.SHA256; } }
RsaVerifyParameters
using System.Security.Cryptography; namespace Benchint.Util.Rsa.Models { /// <summary> /// 公钥验证签名参数 /// </summary> public class RsaVerifyParameters : RsaBaseParameters { /// <summary> /// 操作数据 /// </summary> public string Data { get; set; } /// <summary> /// 签名 /// </summary> public string Sign { get; set; } /// <summary> /// 公钥 /// </summary> public string PublicKey { get; set; } /// <summary> /// 签名填充方式 默认(Pkcs1) /// </summary> public RSASignaturePadding RsaSignaturePadding { get; set; } = RSASignaturePadding.Pkcs1; /// <summary> /// 散列算法 默认(SHA256) /// </summary> public HashAlgorithmName HashAlgorithmName { get; set; } = HashAlgorithmName.SHA256; } }
IRsaHelperService
using Benchint.Util.Rsa.Models; namespace Benchint.Util.Rsa { public interface IRsaHelperService { /// <summary> /// 使用私钥签名 /// </summary> /// <param name="rsaSignParameters">私钥签名参数</param> /// <returns>签名</returns> string Sign(RsaSignParameters rsaSignParameters); /// <summary> /// 使用公钥验证签名 /// </summary> /// <param name="rsaVerifyParameters">公钥验证签名参数</param> /// <returns>验证结果</returns> bool Verify(RsaVerifyParameters rsaVerifyParameters); /// <summary> /// 加密 /// </summary> /// <param name="rsaEncryptParameters">加密参数</param> /// <returns>加密字符串</returns> string Encrypt(RsaEncryptParameters rsaEncryptParameters); /// <summary> /// 解密 /// </summary> /// <param name="rsaDecryptParameters">解密参数</param> /// <returns>原数据</returns> string Decrypt(RsaDecryptParameters rsaDecryptParameters); /// <summary> /// 创建密钥对(Pkcs1) /// </summary> /// <param name="keySize">keySize</param> /// <param name="format">format</param> /// <returns>返回公钥 私钥密钥对</returns> (string privateKey, string publicKey) CreatePkcs1Key(int keySize = 2048, bool format = false); /// <summary> /// 创建密钥对(Pkcs8) /// </summary> /// <param name="keySize">keySize</param> /// <param name="format">format</param> /// <returns>返回公钥 私钥密钥对</returns> (string privateKey, string publicKey) CreatePkcs8Key(int keySize = 2048, bool format = false); /// <summary> /// 创建密钥对(XmlKey) /// </summary> /// <param name="keySize">keySize</param> /// <returns>返回公钥 私钥密钥对</returns> (string privateKey, string publicKey) CreateXmlKey(int keySize = 2048); } }
RsaHelperService
using System; using System.IO; using System.Security.Cryptography; using Benchint.Util.Rsa.Models; using XC.RSAUtil; namespace Benchint.Util.Rsa { public class RsaHelperService : IRsaHelperService { /// <summary> /// 使用私钥签名 /// </summary> /// <param name="rsaSignParameters">私钥签名参数</param> /// <returns>签名</returns> public string Sign(RsaSignParameters rsaSignParameters) { var dataBytes = rsaSignParameters.Encoding.GetBytes(rsaSignParameters.Data); var privateKeyRsaProvider = CreateRsaProviderFromPrivateKey(rsaSignParameters.PrivateKey); var signatureBytes = privateKeyRsaProvider.SignData(dataBytes, rsaSignParameters.HashAlgorithmName, rsaSignParameters.RsaSignaturePadding); return Convert.ToBase64String(signatureBytes); } /// <summary> /// 使用公钥验证签名 /// </summary> /// <param name="rsaVerifyParameters">公钥验证签名参数</param> /// <returns>验证结果</returns> public bool Verify(RsaVerifyParameters rsaVerifyParameters) { var dataBytes = rsaVerifyParameters.Encoding.GetBytes(rsaVerifyParameters.Data); var signBytes = Convert.FromBase64String(rsaVerifyParameters.Sign); var publicKeyRsaProvider = CreateRsaProviderFromPublicKey(rsaVerifyParameters.PublicKey); var verify = publicKeyRsaProvider.VerifyData(dataBytes, signBytes, rsaVerifyParameters.HashAlgorithmName, rsaVerifyParameters.RsaSignaturePadding); return verify; } /// <summary> /// 加密 /// </summary> /// <param name="rsaEncryptParameters">加密参数</param> /// <returns>加密字符串</returns> public string Encrypt(RsaEncryptParameters rsaEncryptParameters) { var publicKeyRsaProvider = CreateRsaProviderFromPublicKey(rsaEncryptParameters.PublicKey); return Convert.ToBase64String(publicKeyRsaProvider.Encrypt(rsaEncryptParameters.Encoding.GetBytes(rsaEncryptParameters.Data), rsaEncryptParameters.RsaEncryptionPadding)); } /// <summary> /// 解密 /// </summary> /// <param name="rsaDecryptParameters">解密参数</param> /// <returns>原数据</returns> public string Decrypt(RsaDecryptParameters rsaDecryptParameters) { var privateKeyRsaProvider = CreateRsaProviderFromPrivateKey(rsaDecryptParameters.PrivateKey); return rsaDecryptParameters.Encoding.GetString(privateKeyRsaProvider.Decrypt(Convert.FromBase64String(rsaDecryptParameters.Data), rsaDecryptParameters.RsaEncryptionPadding)); } /// <summary> /// 创建密钥对 /// </summary> /// <param name="keySize">keySize</param> /// <param name="format">format</param> /// <returns>返回公钥 私钥密钥对</returns> public (string privateKey, string publicKey) CreatePkcs1Key(int keySize = 2048, bool format = false) { var keyList = RsaKeyGenerator.Pkcs1Key(keySize, format); var privateKey = keyList[0]; var publicKey = keyList[1]; return (privateKey, publicKey); } /// <summary> /// 创建密钥对(Pkcs8) /// </summary> /// <param name="keySize">keySize</param> /// <param name="format">format</param> /// <returns>返回公钥 私钥密钥对</returns> public (string privateKey, string publicKey) CreatePkcs8Key(int keySize = 2048, bool format = false) { var keyList = RsaKeyGenerator.Pkcs8Key(keySize, format); var privateKey = keyList[0]; var publicKey = keyList[1]; return (privateKey, publicKey); } /// <summary> /// 创建密钥对(XmlKey) /// </summary> /// <param name="keySize">keySize</param> /// <returns>返回公钥 私钥密钥对</returns> public (string privateKey, string publicKey) CreateXmlKey(int keySize = 2048) { var keyList = RsaKeyGenerator.XmlKey(keySize); var privateKey = keyList[0]; var publicKey = keyList[1]; return (privateKey, publicKey); } #region 使用私钥创建RSA实例 private RSA CreateRsaProviderFromPrivateKey(string privateKey) { var privateKeyBits = Convert.FromBase64String(privateKey); var rsa = RSA.Create(); var rsaParameters = new RSAParameters(); using (BinaryReader binr = new BinaryReader(new MemoryStream(privateKeyBits))) { byte bt = 0; ushort twobytes = 0; twobytes = binr.ReadUInt16(); if (twobytes == 0x8130) binr.ReadByte(); else if (twobytes == 0x8230) binr.ReadInt16(); else throw new Exception("Unexpected value read binr.ReadUInt16()"); twobytes = binr.ReadUInt16(); if (twobytes != 0x0102) throw new Exception("Unexpected version"); bt = binr.ReadByte(); if (bt != 0x00) throw new Exception("Unexpected value read binr.ReadByte()"); rsaParameters.Modulus = binr.ReadBytes(GetIntegerSize(binr)); rsaParameters.Exponent = binr.ReadBytes(GetIntegerSize(binr)); rsaParameters.D = binr.ReadBytes(GetIntegerSize(binr)); rsaParameters.P = binr.ReadBytes(GetIntegerSize(binr)); rsaParameters.Q = binr.ReadBytes(GetIntegerSize(binr)); rsaParameters.DP = binr.ReadBytes(GetIntegerSize(binr)); rsaParameters.DQ = binr.ReadBytes(GetIntegerSize(binr)); rsaParameters.InverseQ = binr.ReadBytes(GetIntegerSize(binr)); } rsa.ImportParameters(rsaParameters); return rsa; } #endregion #region 使用公钥创建RSA实例 private RSA CreateRsaProviderFromPublicKey(string publicKeyString) { // encoded OID sequence for PKCS #1 rsaEncryption szOID_RSA_RSA = "1.2.840.113549.1.1.1" byte[] seqOid = { 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00 }; byte[] seq = new byte[15]; var x509Key = Convert.FromBase64String(publicKeyString); // --------- Set up stream to read the asn.1 encoded SubjectPublicKeyInfo blob ------ using (MemoryStream mem = new MemoryStream(x509Key)) { using (BinaryReader binr = new BinaryReader(mem)) //wrap Memory Stream with BinaryReader for easy reading { byte bt = 0; ushort twobytes = 0; twobytes = binr.ReadUInt16(); if (twobytes == 0x8130) //data read as little endian order (actual data order for Sequence is 30 81) binr.ReadByte(); //advance 1 byte else if (twobytes == 0x8230) binr.ReadInt16(); //advance 2 bytes else return null; seq = binr.ReadBytes(15); //read the Sequence OID if (!CompareBytearrays(seq, seqOid)) //make sure Sequence for OID is correct return null; twobytes = binr.ReadUInt16(); if (twobytes == 0x8103) //data read as little endian order (actual data order for Bit String is 03 81) binr.ReadByte(); //advance 1 byte else if (twobytes == 0x8203) binr.ReadInt16(); //advance 2 bytes else return null; bt = binr.ReadByte(); if (bt != 0x00) //expect null byte next return null; twobytes = binr.ReadUInt16(); if (twobytes == 0x8130) //data read as little endian order (actual data order for Sequence is 30 81) binr.ReadByte(); //advance 1 byte else if (twobytes == 0x8230) binr.ReadInt16(); //advance 2 bytes else return null; twobytes = binr.ReadUInt16(); byte lowbyte = 0x00; byte highbyte = 0x00; if (twobytes == 0x8102) //data read as little endian order (actual data order for Integer is 02 81) lowbyte = binr.ReadByte(); // read next bytes which is bytes in modulus else if (twobytes == 0x8202) { highbyte = binr.ReadByte(); //advance 2 bytes lowbyte = binr.ReadByte(); } else return null; byte[] modint = { lowbyte, highbyte, 0x00, 0x00 }; //reverse byte order since asn.1 key uses big endian order int modsize = BitConverter.ToInt32(modint, 0); int firstbyte = binr.PeekChar(); if (firstbyte == 0x00) { //if first byte (highest order) of modulus is zero, don't include it binr.ReadByte(); //skip this null byte modsize -= 1; //reduce modulus buffer size by 1 } byte[] modulus = binr.ReadBytes(modsize); //read the modulus bytes if (binr.ReadByte() != 0x02) //expect an Integer for the exponent data return null; int expbytes = (int)binr.ReadByte(); // should only need one byte for actual exponent data (for all useful values) byte[] exponent = binr.ReadBytes(expbytes); // ------- create RSACryptoServiceProvider instance and initialize with public key ----- var rsa = RSA.Create(); RSAParameters rsaKeyInfo = new RSAParameters { Modulus = modulus, Exponent = exponent }; rsa.ImportParameters(rsaKeyInfo); return rsa; } } } #endregion #region 导入密钥算法 private int GetIntegerSize(BinaryReader binr) { byte bt = 0; int count = 0; bt = binr.ReadByte(); if (bt != 0x02) return 0; bt = binr.ReadByte(); if (bt == 0x81) count = binr.ReadByte(); else if (bt == 0x82) { var highbyte = binr.ReadByte(); var lowbyte = binr.ReadByte(); byte[] modint = { lowbyte, highbyte, 0x00, 0x00 }; count = BitConverter.ToInt32(modint, 0); } else { count = bt; } while (binr.ReadByte() == 0x00) { count -= 1; } binr.BaseStream.Seek(-1, SeekOrigin.Current); return count; } private bool CompareBytearrays(byte[] a, byte[] b) { if (a.Length != b.Length) return false; int i = 0; foreach (byte c in a) { if (c != b[i]) return false; i++; } return true; } #endregion } }