wil*_*lvv 17 c# xml digital-certificate digital-signature x509certificate2
我正在尝试使用x.509证书签署XML文件,我可以使用私钥对文档进行签名,然后使用CheckSignature方法(它具有接收证书作为参数的重载)来验证签名.
问题是验证签名的用户必须拥有证书,我担心的是,如果用户拥有证书,那么他可以访问私钥,据我所知,这是私有的,应该只对用户可用谁签字.
我错过了什么?
谢谢你的帮助.
Che*_*eso 19
在.NET中,如果从.pfx文件获得X509证书,如下所示:
X509Certificate2 certificate = new X509Certificate2(certFile, pfxPassword);
RSACryptoServiceProvider rsaCsp = (RSACryptoServiceProvider) certificate.PrivateKey;
然后你可以像这样导出公钥部分:
rsaCsp.ToXmlString(false);
"虚假"部分说,只出口公共件,不出口私人件.(doc for RSA.ToXmlString)
然后在验证应用程序中,使用
RSACryptoServiceProvider csp = new RSACryptoServiceProvider();
csp.FromXmlString(PublicKeyXml);
bool isValid = VerifyXml(xmlDoc, rsa2);
并且VerifyXml调用CheckSignature().它看起来像这样:
private Boolean VerifyXml(XmlDocument Doc, RSA Key)
{
// Create a new SignedXml object and pass it
// the XML document class.
var signedXml = new System.Security.Cryptography.Xml.SignedXml(Doc);
// Find the "Signature" node and create a new XmlNodeList object.
XmlNodeList nodeList = Doc.GetElementsByTagName("Signature");
// Throw an exception if no signature was found.
if (nodeList.Count <= 0)
{
throw new CryptographicException("Verification failed: No Signature was found in the document.");
}
// Though it is possible to have multiple signatures on
// an XML document, this app only supports one signature for
// the entire XML document. Throw an exception
// if more than one signature was found.
if (nodeList.Count >= 2)
{
throw new CryptographicException("Verification failed: More that one signature was found for the document.");
}
// Load the first <signature> node.
signedXml.LoadXml((XmlElement)nodeList[0]);
// Check the signature and return the result.
return signedXml.CheckSignature(Key);
}
| 归档时间: |
|
| 查看次数: |
27451 次 |
| 最近记录: |