Ahm*_*mad 7 .net c# digital-signature signedxml xml-signature
我正在尝试使用System.Security.Cryptography(目标框架.NET 4.5)来创建xml数字签名,到目前为止,我设法使用以下方案创建和验证签名:RSA PKCS#1 v1.5和SHA-256:http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
但是,我无法使用以下方案:'没有使用SHA-256参数的RSASSA-PSS'[RFC6931]:http://www.w3.org/2007/05/xmldsig-more#sha256-rsa- MGF1
显示的错误很明显"无法为提供的签名算法创建SignatureDescription."
对于'RSA PKCS#1 v1.5和SHA-256',我添加了以下公共类作为其签名:
public class RSAPKCS1SHA256SignatureDescription : SignatureDescription
{
public RSAPKCS1SHA256SignatureDescription()
{
base.KeyAlgorithm = "System.Security.Cryptography.RSACryptoServiceProvider";
base.DigestAlgorithm = "System.Security.Cryptography.SHA256Managed";
base.FormatterAlgorithm = "System.Security.Cryptography.RSAPKCS1SignatureFormatter";
base.DeformatterAlgorithm = "System.Security.Cryptography.RSAPKCS1SignatureDeformatter";
}
public override AsymmetricSignatureDeformatter CreateDeformatter(AsymmetricAlgorithm key)
{
AsymmetricSignatureDeformatter asymmetricSignatureDeformatter = (AsymmetricSignatureDeformatter)
CryptoConfig.CreateFromName(base.DeformatterAlgorithm);
asymmetricSignatureDeformatter.SetKey(key);
asymmetricSignatureDeformatter.SetHashAlgorithm("SHA256");
return asymmetricSignatureDeformatter;
}
}
但是,我不知道.Net 4.5是否支持'使用SHA-256没有参数的RSASSA-PSS',如果是的话,如何设置其签名定义.
如果有人有类似的经验并能提供一些帮助,我会非常感激.
我终于想通了。诀窍是注册 XML 签名指定的算法,在我的例子中为“ http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1 ”。将其注册到自定义类,该类使用自定义签名格式化程序和反格式化程序,适用于RSASignaturePadding.Pss.
这是一个实现,您所要做的就是调用RsaSsaPss.RegisterSha256RsaMgf1()一次,例如从客户端中的静态构造函数调用。SignedXml.CheckSignature()然后,SignedXml.ComputeSignature()自动处理指定该算法的任何 XML 签名。
在 Core 2.1 和 Framework 4.7.1 上测试:
/// <summary>
/// Contains classes for using RSA-SSA-PSS, as well as methods for registering them.
/// Registering such types adds support for them to SignedXml.
/// </summary>
public class RsaSsaPss
{
/// <summary>
/// Registers an implementation for "http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1".
/// </summary>
public static void RegisterSha256RsaMgf1()
{
CryptoConfig.AddAlgorithm(typeof(RsaPssSha256SignatureDescription), "http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1");
}
// Can add further registrations here...
public class RsaPssSha256SignatureDescription : SignatureDescription
{
public RsaPssSha256SignatureDescription()
{
using (var rsa = RSA.Create())
{
this.KeyAlgorithm = rsa.GetType().AssemblyQualifiedName; // Does not like a simple algorithm name, but wants a type name (AssembyQualifiedName in Core)
}
this.DigestAlgorithm = "SHA256"; // Somehow wants a simple algorithm name
this.FormatterAlgorithm = typeof(RsaPssSignatureFormatter).FullName;
this.DeformatterAlgorithm = typeof(RsaPssSignatureDeformatter).FullName;
}
public override AsymmetricSignatureFormatter CreateFormatter(AsymmetricAlgorithm key)
{
var signatureFormatter = new RsaPssSignatureFormatter();
signatureFormatter.SetKey(key);
signatureFormatter.SetHashAlgorithm(this.DigestAlgorithm);
return signatureFormatter;
}
public override AsymmetricSignatureDeformatter CreateDeformatter(AsymmetricAlgorithm key)
{
var signatureDeformatter = new RsaPssSignatureDeformatter();
signatureDeformatter.SetKey(key);
signatureDeformatter.SetHashAlgorithm(this.DigestAlgorithm);
return signatureDeformatter;
}
public class RsaPssSignatureFormatter : AsymmetricSignatureFormatter
{
private RSA Key { get; set; }
private string HashAlgorithmName { get; set; }
public override void SetKey(AsymmetricAlgorithm key)
{
this.Key = (RSA)key;
}
public override void SetHashAlgorithm(string strName)
{
// Verify the name
Oid.FromFriendlyName(strName, OidGroup.HashAlgorithm);
this.HashAlgorithmName = strName;
}
public override byte[] CreateSignature(byte[] rgbHash)
{
return this.Key.SignHash(rgbHash, new HashAlgorithmName(this.HashAlgorithmName), RSASignaturePadding.Pss);
}
}
public class RsaPssSignatureDeformatter : AsymmetricSignatureDeformatter
{
private RSA Key { get; set; }
private string HashAlgorithmName { get; set; }
public override void SetKey(AsymmetricAlgorithm key)
{
this.Key = (RSA)key;
}
public override void SetHashAlgorithm(string strName)
{
// Verify the name
Oid.FromFriendlyName(strName, OidGroup.HashAlgorithm);
this.HashAlgorithmName = strName;
}
public override bool VerifySignature(byte[] rgbHash, byte[] rgbSignature)
{
return this.Key.VerifyHash(rgbHash, rgbSignature, new HashAlgorithmName(this.HashAlgorithmName), RSASignaturePadding.Pss);
}
}
}
}
| 归档时间: |
|
| 查看次数: |
1691 次 |
| 最近记录: |