RSA加密解密及RSA签名和验证及证书
RSA加密解密及RSA签名和验证及证书
- 公钥是给别人的
- 发送密文使用公钥加密
- 验证签名使用公钥验证
- 私钥是自己保留的
- 接受密文使用私钥解密
- 发送签名使用私钥签名
- 上述过程逆转是不行的,比如使用私钥加密,使用公钥解密是不行的
- 证书的制作参考自使用X.509数字证书加密解密实务(一)-- 证书的获得和管理
- 打开VS开发命令,输入下面的命令:
-
makecert -sr CurrentUser -ss My -n CN=MyTestCert -sky exchange -pe
- 从证书中读取私钥和公钥:
/// <summary> /// 根据私钥证书得到证书实体,得到实体后可以根据其公钥和私钥进行加解密 /// 加解密函数使用DEncrypt的RSACryption类 /// </summary> /// <param name="pfxFileName"></param> /// <param name="password"></param> /// <returns></returns> public static X509Certificate2 GetCertificateFromPfxFile(string pfxFileName, string password) { try { return new X509Certificate2(pfxFileName, password, X509KeyStorageFlags.Exportable); } catch (Exception e) { return null; } }
var cer= RSACryption.GetCertificateFromPfxFile(@"D:\my.pfx", "123456"); tbPrivateKey.Text = cer.PrivateKey.ToXmlString(true); tbPublicKey.Text = cer.PublicKey.Key.ToXmlString(false);
完整测试代码:
WPF前端:
<Window x:Class="Security.MainWindow" xmlns="http://schemas.microsoft.com/winfx/2006/xaml/presentation" xmlns:x="http://schemas.microsoft.com/winfx/2006/xaml" xmlns:d="http://schemas.microsoft.com/expression/blend/2008" xmlns:mc="http://schemas.openxmlformats.org/markup-compatibility/2006" xmlns:local="clr-namespace:Security" mc:Ignorable="d" Title="MainWindow" Height="700" Width="1200"> <Grid> <Grid.RowDefinitions> <RowDefinition Height="auto"></RowDefinition> <RowDefinition Height="auto"></RowDefinition> <RowDefinition Height="auto"></RowDefinition> <RowDefinition Height="auto"></RowDefinition> <RowDefinition Height="auto"></RowDefinition> <RowDefinition Height="auto"></RowDefinition> <RowDefinition Height="auto"></RowDefinition> <RowDefinition Height="auto"></RowDefinition> <RowDefinition Height="auto"></RowDefinition> </Grid.RowDefinitions> <StackPanel Margin="3" Orientation="Horizontal" HorizontalAlignment="Left"> <Button Margin="3" Name="GenerateKeys" Click="GenerateKeys_Click">生成Key</Button> <Button Margin="3" Name="Encrypt" Click="Encrypt_Click">公钥加密</Button> <Button Margin="3" Name="Decrypt" Click="Decrypt_Click">私钥解密</Button> <Button Margin="3" Name="GetHash" Click="GetHash_Click">获取Hash</Button> <Button Margin="3" Name="Sign" Click="Sign_Click">私钥签名</Button> <Button Margin="3" Name="ValidateSign" Click="ValidateSign_Click">签名验证</Button> <Button Margin="3" Name="InputPfx" Click="InputPfx_Click">导入证书</Button> <Button Margin="3" Name="EcryptByPrivateKey" Click="EcryptByPrivateKey_Click">私钥加密</Button> <Button Margin="3" Name="DcryptByPrivateKey" Click="DcryptByPrivateKey_Click">公钥解密</Button> </StackPanel> <StackPanel Grid.Row="1" Margin="3"> <TextBlock Margin="3">公钥:</TextBlock> <TextBox Name="tbPublicKey" TextWrapping="Wrap" MinLines="2" Margin="3"></TextBox> </StackPanel> <StackPanel Grid.Row="2" Margin="3"> <TextBlock Margin="3">私钥:</TextBlock> <TextBox Name="tbPrivateKey" TextWrapping="Wrap" MinLines="5" Margin="3"></TextBox> </StackPanel> <StackPanel Grid.Row="3" Margin="3"> <TextBlock Margin="3">待加密内容:</TextBlock> <TextBox Name="tbContent" TextWrapping="Wrap" MinLines="3" Margin="3">i am cypher</TextBox> </StackPanel> <StackPanel Grid.Row="4" Margin="3"> <TextBlock Margin="3">公钥加密后内容:</TextBlock> <TextBox Name="tbEncryptContent" TextWrapping="Wrap" MinLines="2" Margin="3"></TextBox> </StackPanel> <StackPanel Grid.Row="5" Margin="3"> <TextBlock Margin="3">私钥解密后内容:</TextBlock> <TextBox Name="tbDecryptContent" TextWrapping="Wrap" Margin="3"></TextBox> </StackPanel> <StackPanel Grid.Row="6" Margin="3"> <TextBlock Margin="3">Hash:</TextBlock> <TextBox Name="tbHash" Margin="3"></TextBox> </StackPanel> <StackPanel Grid.Row="7" Margin="3"> <TextBlock Margin="3">私钥签名后内容:</TextBlock> <TextBox Name="tbSign" TextWrapping="Wrap" MinLines="2" Margin="3"></TextBox> </StackPanel> <StackPanel Grid.Row="8" Margin="3"> <TextBlock Margin="3">公钥签名验证:</TextBlock> <TextBox Name="tbValidateSign" TextWrapping="Wrap" Margin="3"></TextBox> </StackPanel> </Grid> </Window>
后端:
public partial class MainWindow : Window { public MainWindow() { InitializeComponent(); } private void GenerateKeys_Click(object sender, RoutedEventArgs e) { string privateKey = ""; string publicKey = ""; RSACryption.GenerateKey(out privateKey, out publicKey); tbPrivateKey.Text = privateKey; tbPublicKey.Text = publicKey; } private void Encrypt_Click(object sender, RoutedEventArgs e) { tbEncryptContent.Text = RSACryption.RSAEncrypt(tbPublicKey.Text, tbContent.Text); } private void Decrypt_Click(object sender, RoutedEventArgs e) { tbDecryptContent.Text = RSACryption.RSADecrypt(tbPrivateKey.Text, tbEncryptContent.Text); } private void Sign_Click(object sender, RoutedEventArgs e) { tbSign.Text = RSACryption.GetSignature(tbPrivateKey.Text, tbHash.Text); } private void GetHash_Click(object sender, RoutedEventArgs e) { tbHash.Text = RSACryption.GetHash(tbContent.Text); } private void ValidateSign_Click(object sender, RoutedEventArgs e) { tbValidateSign.Text = RSACryption.ValidateSignature(tbPublicKey.Text, tbHash.Text, tbSign.Text).ToString(); } private void InputPfx_Click(object sender, RoutedEventArgs e) { var cer= RSACryption.GetCertificateFromPfxFile(@"D:\my.pfx", "123456"); tbPrivateKey.Text = cer.PrivateKey.ToXmlString(true); tbPublicKey.Text = cer.PublicKey.Key.ToXmlString(false); } private void EcryptByPrivateKey_Click(object sender, RoutedEventArgs e) { tbEncryptContent.Text = RSACryption.RSAEncrypt(tbPrivateKey.Text, tbContent.Text); } private void DcryptByPrivateKey_Click(object sender, RoutedEventArgs e) { tbDecryptContent.Text = RSACryption.RSADecrypt(tbPublicKey.Text, tbEncryptContent.Text); } }
附上转自飛雲若雪的代码:
class RSACryption { #region RSA 加密解密 #region RSA 的密钥产生 /// <summary> /// RSA产生密钥 /// </summary> /// <param name="xmlKeys">私钥</param> /// <param name="xmlPublicKey">公钥</param> public void RSAKey(out string xmlKeys, out string xmlPublicKey) { try { System.Security.Cryptography.RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(); xmlKeys = rsa.ToXmlString(true); xmlPublicKey = rsa.ToXmlString(false); } catch (Exception ex) { throw ex; } } #endregion #region RSA加密函数 //############################################################################## //RSA 方式加密 //KEY必须是XML的形式,返回的是字符串 //该加密方式有长度限制的! //############################################################################## /// <summary> /// RSA的加密函数 /// </summary> /// <param name="xmlPublicKey">公钥</param> /// <param name="encryptString">待加密的字符串</param> /// <returns></returns> public string RSAEncrypt(string xmlPublicKey, string encryptString) { try { byte[] PlainTextBArray; byte[] CypherTextBArray; string Result; System.Security.Cryptography.RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(); rsa.FromXmlString(xmlPublicKey); PlainTextBArray = (new UnicodeEncoding()).GetBytes(encryptString); CypherTextBArray = rsa.Encrypt(PlainTextBArray, false); Result = Convert.ToBase64String(CypherTextBArray); return Result; } catch (Exception ex) { throw ex; } } /// <summary> /// RSA的加密函数 /// </summary> /// <param name="xmlPublicKey">公钥</param> /// <param name="EncryptString">待加密的字节数组</param> /// <returns></returns> public string RSAEncrypt(string xmlPublicKey, byte[] EncryptString) { try { byte[] CypherTextBArray; string Result; System.Security.Cryptography.RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(); rsa.FromXmlString(xmlPublicKey); CypherTextBArray = rsa.Encrypt(EncryptString, false); Result = Convert.ToBase64String(CypherTextBArray); return Result; } catch (Exception ex) { throw ex; } } #endregion #region RSA的解密函数 /// <summary> /// RSA的解密函数 /// </summary> /// <param name="xmlPrivateKey">私钥</param> /// <param name="decryptString">待解密的字符串</param> /// <returns></returns> public string RSADecrypt(string xmlPrivateKey, string decryptString) { try { byte[] PlainTextBArray; byte[] DypherTextBArray; string Result; System.Security.Cryptography.RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(); rsa.FromXmlString(xmlPrivateKey); PlainTextBArray = Convert.FromBase64String(decryptString); DypherTextBArray = rsa.Decrypt(PlainTextBArray, false); Result = (new UnicodeEncoding()).GetString(DypherTextBArray); return Result; } catch (Exception ex) { throw ex; } } /// <summary> /// RSA的解密函数 /// </summary> /// <param name="xmlPrivateKey">私钥</param> /// <param name="DecryptString">待解密的字节数组</param> /// <returns></returns> public string RSADecrypt(string xmlPrivateKey, byte[] DecryptString) { try { byte[] DypherTextBArray; string Result; System.Security.Cryptography.RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(); rsa.FromXmlString(xmlPrivateKey); DypherTextBArray = rsa.Decrypt(DecryptString, false); Result = (new UnicodeEncoding()).GetString(DypherTextBArray); return Result; } catch (Exception ex) { throw ex; } } #endregion #endregion #region RSA数字签名 #region 获取Hash描述表 /// <summary> /// 获取Hash描述表 /// </summary> /// <param name="strSource">待签名的字符串</param> /// <param name="HashData">Hash描述</param> /// <returns></returns> public bool GetHash(string strSource, ref byte[] HashData) { try { byte[] Buffer; System.Security.Cryptography.HashAlgorithm MD5 = System.Security.Cryptography.HashAlgorithm.Create("MD5"); Buffer = System.Text.Encoding.GetEncoding("GB2312").GetBytes(strSource); HashData = MD5.ComputeHash(Buffer); return true; } catch (Exception ex) { throw ex; } } /// <summary> /// 获取Hash描述表 /// </summary> /// <param name="strSource">待签名的字符串</param> /// <param name="strHashData">Hash描述</param> /// <returns></returns> public bool GetHash(string strSource, ref string strHashData) { try { //从字符串中取得Hash描述 byte[] Buffer; byte[] HashData; System.Security.Cryptography.HashAlgorithm MD5 = System.Security.Cryptography.HashAlgorithm.Create("MD5"); Buffer = System.Text.Encoding.GetEncoding("GB2312").GetBytes(strSource); HashData = MD5.ComputeHash(Buffer); strHashData = Convert.ToBase64String(HashData); return true; } catch (Exception ex) { throw ex; } } /// <summary> /// 获取Hash描述表 /// </summary> /// <param name="objFile">待签名的文件</param> /// <param name="HashData">Hash描述</param> /// <returns></returns> public bool GetHash(System.IO.FileStream objFile, ref byte[] HashData) { try { //从文件中取得Hash描述 System.Security.Cryptography.HashAlgorithm MD5 = System.Security.Cryptography.HashAlgorithm.Create("MD5"); HashData = MD5.ComputeHash(objFile); objFile.Close(); return true; } catch (Exception ex) { throw ex; } } /// <summary> /// 获取Hash描述表 /// </summary> /// <param name="objFile">待签名的文件</param> /// <param name="strHashData">Hash描述</param> /// <returns></returns> public bool GetHash(System.IO.FileStream objFile, ref string strHashData) { try { //从文件中取得Hash描述 byte[] HashData; System.Security.Cryptography.HashAlgorithm MD5 = System.Security.Cryptography.HashAlgorithm.Create("MD5"); HashData = MD5.ComputeHash(objFile); objFile.Close(); strHashData = Convert.ToBase64String(HashData); return true; } catch (Exception ex) { throw ex; } } #endregion #region RSA签名 /// <summary> /// RSA签名 /// </summary> /// <param name="strKeyPrivate">私钥</param> /// <param name="HashbyteSignature">待签名Hash描述</param> /// <param name="EncryptedSignatureData">签名后的结果</param> /// <returns></returns> public bool SignatureFormatter(string strKeyPrivate, byte[] HashbyteSignature, ref byte[] EncryptedSignatureData) { try { System.Security.Cryptography.RSACryptoServiceProvider RSA = new System.Security.Cryptography.RSACryptoServiceProvider(); RSA.FromXmlString(strKeyPrivate); System.Security.Cryptography.RSAPKCS1SignatureFormatter RSAFormatter = new System.Security.Cryptography.RSAPKCS1SignatureFormatter(RSA); //设置签名的算法为MD5 RSAFormatter.SetHashAlgorithm("MD5"); //执行签名 EncryptedSignatureData = RSAFormatter.CreateSignature(HashbyteSignature); return true; } catch (Exception ex) { throw ex; } } /// <summary> /// RSA签名 /// </summary> /// <param name="strKeyPrivate">私钥</param> /// <param name="HashbyteSignature">待签名Hash描述</param> /// <param name="m_strEncryptedSignatureData">签名后的结果</param> /// <returns></returns> public bool SignatureFormatter(string strKeyPrivate, byte[] HashbyteSignature, ref string strEncryptedSignatureData) { try { byte[] EncryptedSignatureData; System.Security.Cryptography.RSACryptoServiceProvider RSA = new System.Security.Cryptography.RSACryptoServiceProvider(); RSA.FromXmlString(strKeyPrivate); System.Security.Cryptography.RSAPKCS1SignatureFormatter RSAFormatter = new System.Security.Cryptography.RSAPKCS1SignatureFormatter(RSA); //设置签名的算法为MD5 RSAFormatter.SetHashAlgorithm("MD5"); //执行签名 EncryptedSignatureData = RSAFormatter.CreateSignature(HashbyteSignature); strEncryptedSignatureData = Convert.ToBase64String(EncryptedSignatureData); return true; } catch (Exception ex) { throw ex; } } /// <summary> /// RSA签名 /// </summary> /// <param name="strKeyPrivate">私钥</param> /// <param name="strHashbyteSignature">待签名Hash描述</param> /// <param name="EncryptedSignatureData">签名后的结果</param> /// <returns></returns> public bool SignatureFormatter(string strKeyPrivate, string strHashbyteSignature, ref byte[] EncryptedSignatureData) { try { byte[] HashbyteSignature; HashbyteSignature = Convert.FromBase64String(strHashbyteSignature); System.Security.Cryptography.RSACryptoServiceProvider RSA = new System.Security.Cryptography.RSACryptoServiceProvider(); RSA.FromXmlString(strKeyPrivate); System.Security.Cryptography.RSAPKCS1SignatureFormatter RSAFormatter = new System.Security.Cryptography.RSAPKCS1SignatureFormatter(RSA); //设置签名的算法为MD5 RSAFormatter.SetHashAlgorithm("MD5"); //执行签名 EncryptedSignatureData = RSAFormatter.CreateSignature(HashbyteSignature); return true; } catch (Exception ex) { throw ex; } } /// <summary> /// RSA签名 /// </summary> /// <param name="strKeyPrivate">私钥</param> /// <param name="strHashbyteSignature">待签名Hash描述</param> /// <param name="strEncryptedSignatureData">签名后的结果</param> /// <returns></returns> public bool SignatureFormatter(string strKeyPrivate, string strHashbyteSignature, ref string strEncryptedSignatureData) { try { byte[] HashbyteSignature; byte[] EncryptedSignatureData; HashbyteSignature = Convert.FromBase64String(strHashbyteSignature); System.Security.Cryptography.RSACryptoServiceProvider RSA = new System.Security.Cryptography.RSACryptoServiceProvider(); RSA.FromXmlString(strKeyPrivate); System.Security.Cryptography.RSAPKCS1SignatureFormatter RSAFormatter = new System.Security.Cryptography.RSAPKCS1SignatureFormatter(RSA); //设置签名的算法为MD5 RSAFormatter.SetHashAlgorithm("MD5"); //执行签名 EncryptedSignatureData = RSAFormatter.CreateSignature(HashbyteSignature); strEncryptedSignatureData = Convert.ToBase64String(EncryptedSignatureData); return true; } catch (Exception ex) { throw ex; } } #endregion #region RSA 签名验证 /// <summary> /// RSA签名验证 /// </summary> /// <param name="strKeyPublic">公钥</param> /// <param name="HashbyteDeformatter">Hash描述</param> /// <param name="DeformatterData">签名后的结果</param> /// <returns></returns> public bool SignatureDeformatter(string strKeyPublic, byte[] HashbyteDeformatter, byte[] DeformatterData) { try { System.Security.Cryptography.RSACryptoServiceProvider RSA = new System.Security.Cryptography.RSACryptoServiceProvider(); RSA.FromXmlString(strKeyPublic); System.Security.Cryptography.RSAPKCS1SignatureDeformatter RSADeformatter = new System.Security.Cryptography.RSAPKCS1SignatureDeformatter(RSA); //指定解密的时候HASH算法为MD5 RSADeformatter.SetHashAlgorithm("MD5"); if (RSADeformatter.VerifySignature(HashbyteDeformatter, DeformatterData)) { return true; } else { return false; } } catch (Exception ex) { throw ex; } } /// <summary> /// RSA签名验证 /// </summary> /// <param name="strKeyPublic">公钥</param> /// <param name="strHashbyteDeformatter">Hash描述</param> /// <param name="DeformatterData">签名后的结果</param> /// <returns></returns> public bool SignatureDeformatter(string strKeyPublic, string strHashbyteDeformatter, byte[] DeformatterData) { try { byte[] HashbyteDeformatter; HashbyteDeformatter = Convert.FromBase64String(strHashbyteDeformatter); System.Security.Cryptography.RSACryptoServiceProvider RSA = new System.Security.Cryptography.RSACryptoServiceProvider(); RSA.FromXmlString(strKeyPublic); System.Security.Cryptography.RSAPKCS1SignatureDeformatter RSADeformatter = new System.Security.Cryptography.RSAPKCS1SignatureDeformatter(RSA); //指定解密的时候HASH算法为MD5 RSADeformatter.SetHashAlgorithm("MD5"); if (RSADeformatter.VerifySignature(HashbyteDeformatter, DeformatterData)) { return true; } else { return false; } } catch (Exception ex) { throw ex; } } /// <summary> /// RSA签名验证 /// </summary> /// <param name="strKeyPublic">公钥</param> /// <param name="HashbyteDeformatter">Hash描述</param> /// <param name="strDeformatterData">签名后的结果</param> /// <returns></returns> public bool SignatureDeformatter(string strKeyPublic, byte[] HashbyteDeformatter, string strDeformatterData) { try { byte[] DeformatterData; System.Security.Cryptography.RSACryptoServiceProvider RSA = new System.Security.Cryptography.RSACryptoServiceProvider(); RSA.FromXmlString(strKeyPublic); System.Security.Cryptography.RSAPKCS1SignatureDeformatter RSADeformatter = new System.Security.Cryptography.RSAPKCS1SignatureDeformatter(RSA); //指定解密的时候HASH算法为MD5 RSADeformatter.SetHashAlgorithm("MD5"); DeformatterData = Convert.FromBase64String(strDeformatterData); if (RSADeformatter.VerifySignature(HashbyteDeformatter, DeformatterData)) { return true; } else { return false; } } catch (Exception ex) { throw ex; } } /// <summary> /// RSA签名验证 /// </summary> /// <param name="strKeyPublic">公钥</param> /// <param name="strHashbyteDeformatter">Hash描述</param> /// <param name="strDeformatterData">签名后的结果</param> /// <returns></returns> public bool SignatureDeformatter(string strKeyPublic, string strHashbyteDeformatter, string strDeformatterData) { try { byte[] DeformatterData; byte[] HashbyteDeformatter; HashbyteDeformatter = Convert.FromBase64String(strHashbyteDeformatter); System.Security.Cryptography.RSACryptoServiceProvider RSA = new System.Security.Cryptography.RSACryptoServiceProvider(); RSA.FromXmlString(strKeyPublic); System.Security.Cryptography.RSAPKCS1SignatureDeformatter RSADeformatter = new System.Security.Cryptography.RSAPKCS1SignatureDeformatter(RSA); //指定解密的时候HASH算法为MD5 RSADeformatter.SetHashAlgorithm("MD5"); DeformatterData = Convert.FromBase64String(strDeformatterData); if (RSADeformatter.VerifySignature(HashbyteDeformatter, DeformatterData)) { return true; } else { return false; } } catch (Exception ex) { throw ex; } } #endregion #endregion }