Rsa加密 解密 签名 验签

RsaBaseParameters

using System.Security.Cryptography;
using System.Text;

namespace Benchint.Util.Rsa.Models
{
    /// <summary>
    /// RSA基础参数
    /// </summary>
    public abstract class RsaBaseParameters
    {
        /// <summary>
        /// 编码 默认(UTF-8)
        /// </summary>
        public Encoding Encoding { get; set; } = Encoding.UTF8;
    }
}

RsaDecryptParameters

using System.Security.Cryptography;

namespace Benchint.Util.Rsa.Models
{
    /// <summary>
    /// RSA解密参数
    /// </summary>
    public class RsaDecryptParameters : RsaBaseParameters
    {
        /// <summary>
        /// 操作数据
        /// </summary>
        public string Data { get; set; }

        /// <summary>
        /// 私钥
        /// </summary>
        public string PrivateKey { get; set; }

        /// <summary>
        /// 加密填充方式 默认(Pkcs1)
        /// </summary>
        public RSAEncryptionPadding RsaEncryptionPadding { get; set; } = RSAEncryptionPadding.Pkcs1;
    }
}

RsaEncryptParameters

using System.Security.Cryptography;

namespace Benchint.Util.Rsa.Models
{
    /// <summary>
    /// Rsa加密参数
    /// </summary>
    public class RsaEncryptParameters : RsaBaseParameters
    {
        /// <summary>
        /// 操作数据
        /// </summary>
        public string Data { get; set; }

        /// <summary>
        /// 私钥
        /// </summary>
        public string PublicKey { get; set; }

        /// <summary>
        /// 加密填充方式 默认(Pkcs1)
        /// </summary>
        public RSAEncryptionPadding RsaEncryptionPadding { get; set; } = RSAEncryptionPadding.Pkcs1;
    }
}

RsaSignParameters

using System.Security.Cryptography;

namespace Benchint.Util.Rsa.Models
{
    /// <summary>
    /// Rsa签名参数
    /// </summary>
    public class RsaSignParameters : RsaBaseParameters
    {
        /// <summary>
        /// 操作数据
        /// </summary>
        public string Data { get; set; }

        /// <summary>
        /// 私钥
        /// </summary>
        public string PrivateKey { get; set; }

        /// <summary>
        /// 签名填充方式 默认(Pkcs1)
        /// </summary>
        public RSASignaturePadding RsaSignaturePadding { get; set; } = RSASignaturePadding.Pkcs1;

        /// <summary>
        /// 散列算法 默认(SHA256)
        /// </summary>
        public HashAlgorithmName HashAlgorithmName { get; set; } = HashAlgorithmName.SHA256;
    }
}

RsaVerifyParameters

using System.Security.Cryptography;

namespace Benchint.Util.Rsa.Models
{
    /// <summary>
    /// 公钥验证签名参数
    /// </summary>
    public class RsaVerifyParameters : RsaBaseParameters
    {
        /// <summary>
        /// 操作数据
        /// </summary>
        public string Data { get; set; }

        /// <summary>
        /// 签名
        /// </summary>
        public string Sign { get; set; }

        /// <summary>
        /// 公钥
        /// </summary>
        public string PublicKey { get; set; }

        /// <summary>
        /// 签名填充方式 默认(Pkcs1)
        /// </summary>
        public RSASignaturePadding RsaSignaturePadding { get; set; } = RSASignaturePadding.Pkcs1;

        /// <summary>
        /// 散列算法 默认(SHA256)
        /// </summary>
        public HashAlgorithmName HashAlgorithmName { get; set; } = HashAlgorithmName.SHA256;
    }
}

IRsaHelperService

using Benchint.Util.Rsa.Models;

namespace Benchint.Util.Rsa
{
    public interface IRsaHelperService
    {
        /// <summary>
        /// 使用私钥签名
        /// </summary>
        /// <param name="rsaSignParameters">私钥签名参数</param>
        /// <returns>签名</returns>
        string Sign(RsaSignParameters rsaSignParameters);

        /// <summary>
        /// 使用公钥验证签名
        /// </summary>
        /// <param name="rsaVerifyParameters">公钥验证签名参数</param>
        /// <returns>验证结果</returns>
        bool Verify(RsaVerifyParameters rsaVerifyParameters);

        /// <summary>
        /// 加密
        /// </summary>
        /// <param name="rsaEncryptParameters">加密参数</param>
        /// <returns>加密字符串</returns>
        string Encrypt(RsaEncryptParameters rsaEncryptParameters);

        /// <summary>
        /// 解密
        /// </summary>
        /// <param name="rsaDecryptParameters">解密参数</param>
        /// <returns>原数据</returns>
        string Decrypt(RsaDecryptParameters rsaDecryptParameters);

        /// <summary>
        /// 创建密钥对(Pkcs1)
        /// </summary>
        /// <param name="keySize">keySize</param>
        /// <param name="format">format</param>
        /// <returns>返回公钥 私钥密钥对</returns>
        (string privateKey, string publicKey) CreatePkcs1Key(int keySize = 2048, bool format = false);

        /// <summary>
        /// 创建密钥对(Pkcs8)
        /// </summary>
        /// <param name="keySize">keySize</param>
        /// <param name="format">format</param>
        /// <returns>返回公钥 私钥密钥对</returns>
        (string privateKey, string publicKey) CreatePkcs8Key(int keySize = 2048, bool format = false);

        /// <summary>
        /// 创建密钥对(XmlKey)
        /// </summary>
        /// <param name="keySize">keySize</param>
        /// <returns>返回公钥 私钥密钥对</returns>
        (string privateKey, string publicKey) CreateXmlKey(int keySize = 2048);
    }
}

RsaHelperService

using System;
using System.IO;
using System.Security.Cryptography;
using Benchint.Util.Rsa.Models;
using XC.RSAUtil;

namespace Benchint.Util.Rsa
{
    public class RsaHelperService : IRsaHelperService
    {
        /// <summary>
        /// 使用私钥签名
        /// </summary>
        /// <param name="rsaSignParameters">私钥签名参数</param>
        /// <returns>签名</returns>
        public string Sign(RsaSignParameters rsaSignParameters)
        {
            var dataBytes = rsaSignParameters.Encoding.GetBytes(rsaSignParameters.Data);
            var privateKeyRsaProvider = CreateRsaProviderFromPrivateKey(rsaSignParameters.PrivateKey);
            var signatureBytes = privateKeyRsaProvider.SignData(dataBytes, rsaSignParameters.HashAlgorithmName, rsaSignParameters.RsaSignaturePadding);
            return Convert.ToBase64String(signatureBytes);
        }

        /// <summary>
        /// 使用公钥验证签名
        /// </summary>
        /// <param name="rsaVerifyParameters">公钥验证签名参数</param>
        /// <returns>验证结果</returns>
        public bool Verify(RsaVerifyParameters rsaVerifyParameters)
        {
            var dataBytes = rsaVerifyParameters.Encoding.GetBytes(rsaVerifyParameters.Data);
            var signBytes = Convert.FromBase64String(rsaVerifyParameters.Sign);
            var publicKeyRsaProvider = CreateRsaProviderFromPublicKey(rsaVerifyParameters.PublicKey);
            var verify = publicKeyRsaProvider.VerifyData(dataBytes, signBytes, rsaVerifyParameters.HashAlgorithmName, rsaVerifyParameters.RsaSignaturePadding);
            return verify;
        }

        /// <summary>
        /// 加密
        /// </summary>
        /// <param name="rsaEncryptParameters">加密参数</param>
        /// <returns>加密字符串</returns>
        public string Encrypt(RsaEncryptParameters rsaEncryptParameters)
        {
            var publicKeyRsaProvider = CreateRsaProviderFromPublicKey(rsaEncryptParameters.PublicKey);
            return Convert.ToBase64String(publicKeyRsaProvider.Encrypt(rsaEncryptParameters.Encoding.GetBytes(rsaEncryptParameters.Data), rsaEncryptParameters.RsaEncryptionPadding));
        }

        /// <summary>
        /// 解密
        /// </summary>
        /// <param name="rsaDecryptParameters">解密参数</param>
        /// <returns>原数据</returns>
        public string Decrypt(RsaDecryptParameters rsaDecryptParameters)
        {
            var privateKeyRsaProvider = CreateRsaProviderFromPrivateKey(rsaDecryptParameters.PrivateKey);
            return rsaDecryptParameters.Encoding.GetString(privateKeyRsaProvider.Decrypt(Convert.FromBase64String(rsaDecryptParameters.Data), rsaDecryptParameters.RsaEncryptionPadding));
        }

        /// <summary>
        /// 创建密钥对
        /// </summary>
        /// <param name="keySize">keySize</param>
        /// <param name="format">format</param>
        /// <returns>返回公钥 私钥密钥对</returns>
        public (string privateKey, string publicKey) CreatePkcs1Key(int keySize = 2048, bool format = false)
        {
            var keyList = RsaKeyGenerator.Pkcs1Key(keySize, format);
            var privateKey = keyList[0];
            var publicKey = keyList[1];
            return (privateKey, publicKey);
        }

        /// <summary>
        /// 创建密钥对(Pkcs8)
        /// </summary>
        /// <param name="keySize">keySize</param>
        /// <param name="format">format</param>
        /// <returns>返回公钥 私钥密钥对</returns>
        public (string privateKey, string publicKey) CreatePkcs8Key(int keySize = 2048, bool format = false)
        {
            var keyList = RsaKeyGenerator.Pkcs8Key(keySize, format);
            var privateKey = keyList[0];
            var publicKey = keyList[1];
            return (privateKey, publicKey);
        }

        /// <summary>
        /// 创建密钥对(XmlKey)
        /// </summary>
        /// <param name="keySize">keySize</param>
        /// <returns>返回公钥 私钥密钥对</returns>
        public (string privateKey, string publicKey) CreateXmlKey(int keySize = 2048)
        {
            var keyList = RsaKeyGenerator.XmlKey(keySize);
            var privateKey = keyList[0];
            var publicKey = keyList[1];
            return (privateKey, publicKey);
        }

        #region 使用私钥创建RSA实例
        private RSA CreateRsaProviderFromPrivateKey(string privateKey)
        {
            var privateKeyBits = Convert.FromBase64String(privateKey);

            var rsa = RSA.Create();
            var rsaParameters = new RSAParameters();

            using (BinaryReader binr = new BinaryReader(new MemoryStream(privateKeyBits)))
            {
                byte bt = 0;
                ushort twobytes = 0;
                twobytes = binr.ReadUInt16();
                if (twobytes == 0x8130)
                    binr.ReadByte();
                else if (twobytes == 0x8230)
                    binr.ReadInt16();
                else
                    throw new Exception("Unexpected value read binr.ReadUInt16()");

                twobytes = binr.ReadUInt16();
                if (twobytes != 0x0102)
                    throw new Exception("Unexpected version");

                bt = binr.ReadByte();
                if (bt != 0x00)
                    throw new Exception("Unexpected value read binr.ReadByte()");

                rsaParameters.Modulus = binr.ReadBytes(GetIntegerSize(binr));
                rsaParameters.Exponent = binr.ReadBytes(GetIntegerSize(binr));
                rsaParameters.D = binr.ReadBytes(GetIntegerSize(binr));
                rsaParameters.P = binr.ReadBytes(GetIntegerSize(binr));
                rsaParameters.Q = binr.ReadBytes(GetIntegerSize(binr));
                rsaParameters.DP = binr.ReadBytes(GetIntegerSize(binr));
                rsaParameters.DQ = binr.ReadBytes(GetIntegerSize(binr));
                rsaParameters.InverseQ = binr.ReadBytes(GetIntegerSize(binr));
            }

            rsa.ImportParameters(rsaParameters);
            return rsa;
        }
        #endregion

        #region 使用公钥创建RSA实例
        private RSA CreateRsaProviderFromPublicKey(string publicKeyString)
        {
            // encoded OID sequence for  PKCS #1 rsaEncryption szOID_RSA_RSA = "1.2.840.113549.1.1.1"
            byte[] seqOid = { 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00 };
            byte[] seq = new byte[15];

            var x509Key = Convert.FromBase64String(publicKeyString);

            // ---------  Set up stream to read the asn.1 encoded SubjectPublicKeyInfo blob  ------
            using (MemoryStream mem = new MemoryStream(x509Key))
            {
                using (BinaryReader binr = new BinaryReader(mem))  //wrap Memory Stream with BinaryReader for easy reading
                {
                    byte bt = 0;
                    ushort twobytes = 0;

                    twobytes = binr.ReadUInt16();
                    if (twobytes == 0x8130) //data read as little endian order (actual data order for Sequence is 30 81)
                        binr.ReadByte();    //advance 1 byte
                    else if (twobytes == 0x8230)
                        binr.ReadInt16();   //advance 2 bytes
                    else
                        return null;

                    seq = binr.ReadBytes(15);       //read the Sequence OID
                    if (!CompareBytearrays(seq, seqOid))    //make sure Sequence for OID is correct
                        return null;

                    twobytes = binr.ReadUInt16();
                    if (twobytes == 0x8103) //data read as little endian order (actual data order for Bit String is 03 81)
                        binr.ReadByte();    //advance 1 byte
                    else if (twobytes == 0x8203)
                        binr.ReadInt16();   //advance 2 bytes
                    else
                        return null;

                    bt = binr.ReadByte();
                    if (bt != 0x00)     //expect null byte next
                        return null;

                    twobytes = binr.ReadUInt16();
                    if (twobytes == 0x8130) //data read as little endian order (actual data order for Sequence is 30 81)
                        binr.ReadByte();    //advance 1 byte
                    else if (twobytes == 0x8230)
                        binr.ReadInt16();   //advance 2 bytes
                    else
                        return null;

                    twobytes = binr.ReadUInt16();
                    byte lowbyte = 0x00;
                    byte highbyte = 0x00;

                    if (twobytes == 0x8102) //data read as little endian order (actual data order for Integer is 02 81)
                        lowbyte = binr.ReadByte();  // read next bytes which is bytes in modulus
                    else if (twobytes == 0x8202)
                    {
                        highbyte = binr.ReadByte(); //advance 2 bytes
                        lowbyte = binr.ReadByte();
                    }
                    else
                        return null;
                    byte[] modint = { lowbyte, highbyte, 0x00, 0x00 };   //reverse byte order since asn.1 key uses big endian order
                    int modsize = BitConverter.ToInt32(modint, 0);

                    int firstbyte = binr.PeekChar();
                    if (firstbyte == 0x00)
                    {   //if first byte (highest order) of modulus is zero, don't include it
                        binr.ReadByte();    //skip this null byte
                        modsize -= 1;   //reduce modulus buffer size by 1
                    }

                    byte[] modulus = binr.ReadBytes(modsize);   //read the modulus bytes

                    if (binr.ReadByte() != 0x02)            //expect an Integer for the exponent data
                        return null;
                    int expbytes = (int)binr.ReadByte();        // should only need one byte for actual exponent data (for all useful values)
                    byte[] exponent = binr.ReadBytes(expbytes);

                    // ------- create RSACryptoServiceProvider instance and initialize with public key -----
                    var rsa = RSA.Create();
                    RSAParameters rsaKeyInfo = new RSAParameters
                    {
                        Modulus = modulus,
                        Exponent = exponent
                    };
                    rsa.ImportParameters(rsaKeyInfo);

                    return rsa;
                }
            }
        }
        #endregion

        #region 导入密钥算法
        private int GetIntegerSize(BinaryReader binr)
        {
            byte bt = 0;
            int count = 0;
            bt = binr.ReadByte();
            if (bt != 0x02)
                return 0;
            bt = binr.ReadByte();

            if (bt == 0x81)
                count = binr.ReadByte();
            else
            if (bt == 0x82)
            {
                var highbyte = binr.ReadByte();
                var lowbyte = binr.ReadByte();
                byte[] modint = { lowbyte, highbyte, 0x00, 0x00 };
                count = BitConverter.ToInt32(modint, 0);
            }
            else
            {
                count = bt;
            }

            while (binr.ReadByte() == 0x00)
            {
                count -= 1;
            }
            binr.BaseStream.Seek(-1, SeekOrigin.Current);
            return count;
        }

        private bool CompareBytearrays(byte[] a, byte[] b)
        {
            if (a.Length != b.Length)
                return false;
            int i = 0;
            foreach (byte c in a)
            {
                if (c != b[i])
                    return false;
                i++;
            }
            return true;
        }
        #endregion

    }
}

 

posted @ 2021-01-07 17:21  刘小吉  阅读(275)  评论(0编辑  收藏  举报