本文是上一篇文章的兄弟篇,上篇文章介绍了客户端的sdk中如何基于JAVA/PHP/C#使用RSA私钥签名,然后服务端基于JAVA使用RSA公钥验签,客户端签名/服务端验签的模式只能帮助服务端检查客户端来的请求数据是否被篡改,同样的,客户端也需要对服务端的返回结果检查是否被篡改,因此就引出了本片文章。

Java版的验签和加签均已在上一篇文章中分析过,客户端和服务端的逻辑是一样的,此处不再赘述。下面重点分析如何基于RSA的PEM文件,使用php和c#进行验签。

1、php验签

    function verify($data, $sign, $rsaPublicKeyFilePath)  {//读取公钥文件$pubKey = file_get_contents($rsaPublicKeyFilePath);//转换为openssl格式密钥$res = openssl_get_publickey($pubKey);//调用openssl内置方法验签,返回bool值$result = (bool)openssl_verify($data, base64_decode($sign), $res);//释放资源
openssl_free_key($res);//返回资源是否成功return $result;
}

注意:$ rsaPublicKeyFilePath为pem公钥文件路径

2、 c#验签

public static bool VerifySignedHash(string str_DataToVerify, string str_SignedData, string str_publicKeyFilePath){byte[] SignedData = Convert.FromBase64String(str_SignedData);ASCIIEncoding ByteConverter = new ASCIIEncoding();byte[] DataToVerify = ByteConverter.GetBytes(str_DataToVerify);try{string sPublicKeyPEM = File.ReadAllText(str_publicKeyFilePath);RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();rsa.PersistKeyInCsp = false;rsa.LoadPublicKeyPEM(sPublicKeyPEM);return rsa.VerifyData(DataToVerify, new SHA1CryptoServiceProvider(), SignedData);}catch (CryptographicException e){Console.WriteLine(e.Message);return false;}}

注:str_publicKeyFilePath为RSA公钥文件路径

此处用到了c#的Extension methods,需要对RSACryptoServiceProvider进行扩展,扩展类为RSACryptoServiceProviderExtension

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.ComponentModel;
using System.Runtime.InteropServices;
using System.Security.Cryptography;namespace sdk
{/// <summary>Extension method for initializing a RSACryptoServiceProvider from PEM data string.</summary>public static class RSACryptoServiceProviderExtension{#region Methods/// <summary>Extension method which initializes an RSACryptoServiceProvider from a DER public key blob.</summary>public static void LoadPublicKeyDER(this RSACryptoServiceProvider provider, byte[] DERData){byte[] RSAData = RSACryptoServiceProviderExtension.GetRSAFromDER(DERData);byte[] publicKeyBlob = RSACryptoServiceProviderExtension.GetPublicKeyBlobFromRSA(RSAData);provider.ImportCspBlob(publicKeyBlob);}/// <summary>Extension method which initializes an RSACryptoServiceProvider from a DER private key blob.</summary>public static void LoadPrivateKeyDER(this RSACryptoServiceProvider provider, byte[] DERData){byte[] privateKeyBlob = RSACryptoServiceProviderExtension.GetPrivateKeyDER(DERData);provider.ImportCspBlob(privateKeyBlob);}/// <summary>Extension method which initializes an RSACryptoServiceProvider from a PEM public key string.</summary>public static void LoadPublicKeyPEM(this RSACryptoServiceProvider provider, string sPEM){byte[] DERData = RSACryptoServiceProviderExtension.GetDERFromPEM(sPEM);RSACryptoServiceProviderExtension.LoadPublicKeyDER(provider, DERData);}/// <summary>Extension method which initializes an RSACryptoServiceProvider from a PEM private key string.</summary>public static void LoadPrivateKeyPEM(this RSACryptoServiceProvider provider, string sPEM){byte[] DERData = RSACryptoServiceProviderExtension.GetDERFromPEM(sPEM);RSACryptoServiceProviderExtension.LoadPrivateKeyDER(provider, DERData);}/// <summary>Returns a public key blob from an RSA public key.</summary>internal static byte[] GetPublicKeyBlobFromRSA(byte[] RSAData){byte[] data = null;UInt32 dwCertPublicKeyBlobSize = 0;if (RSACryptoServiceProviderExtension.CryptDecodeObject(CRYPT_ENCODING_FLAGS.X509_ASN_ENCODING | CRYPT_ENCODING_FLAGS.PKCS_7_ASN_ENCODING,new IntPtr((int)CRYPT_OUTPUT_TYPES.RSA_CSP_PUBLICKEYBLOB), RSAData, (UInt32)RSAData.Length, CRYPT_DECODE_FLAGS.NONE,data, ref dwCertPublicKeyBlobSize)){data = new byte[dwCertPublicKeyBlobSize];if (!RSACryptoServiceProviderExtension.CryptDecodeObject(CRYPT_ENCODING_FLAGS.X509_ASN_ENCODING | CRYPT_ENCODING_FLAGS.PKCS_7_ASN_ENCODING,new IntPtr((int)CRYPT_OUTPUT_TYPES.RSA_CSP_PUBLICKEYBLOB), RSAData, (UInt32)RSAData.Length, CRYPT_DECODE_FLAGS.NONE,data, ref dwCertPublicKeyBlobSize))throw new Win32Exception(Marshal.GetLastWin32Error());}elsethrow new Win32Exception(Marshal.GetLastWin32Error());return data;}/// <summary>Converts DER binary format to a CAPI CRYPT_PRIVATE_KEY_INFO structure.</summary>internal static byte[] GetPrivateKeyDER(byte[] DERData){byte[] data = null;UInt32 dwRSAPrivateKeyBlobSize = 0;IntPtr pRSAPrivateKeyBlob = IntPtr.Zero;if (RSACryptoServiceProviderExtension.CryptDecodeObject(CRYPT_ENCODING_FLAGS.X509_ASN_ENCODING | CRYPT_ENCODING_FLAGS.PKCS_7_ASN_ENCODING, new IntPtr((int)CRYPT_OUTPUT_TYPES.PKCS_RSA_PRIVATE_KEY),DERData, (UInt32)DERData.Length, CRYPT_DECODE_FLAGS.NONE, data, ref dwRSAPrivateKeyBlobSize)){data = new byte[dwRSAPrivateKeyBlobSize];if (!RSACryptoServiceProviderExtension.CryptDecodeObject(CRYPT_ENCODING_FLAGS.X509_ASN_ENCODING | CRYPT_ENCODING_FLAGS.PKCS_7_ASN_ENCODING, new IntPtr((int)CRYPT_OUTPUT_TYPES.PKCS_RSA_PRIVATE_KEY),DERData, (UInt32)DERData.Length, CRYPT_DECODE_FLAGS.NONE, data, ref dwRSAPrivateKeyBlobSize))throw new Win32Exception(Marshal.GetLastWin32Error());}elsethrow new Win32Exception(Marshal.GetLastWin32Error());return data;}/// <summary>Converts DER binary format to a CAPI CERT_PUBLIC_KEY_INFO structure containing an RSA key.</summary>internal static byte[] GetRSAFromDER(byte[] DERData){byte[] data = null;byte[] publicKey = null;CERT_PUBLIC_KEY_INFO info;UInt32 dwCertPublicKeyInfoSize = 0;IntPtr pCertPublicKeyInfo = IntPtr.Zero;if (RSACryptoServiceProviderExtension.CryptDecodeObject(CRYPT_ENCODING_FLAGS.X509_ASN_ENCODING | CRYPT_ENCODING_FLAGS.PKCS_7_ASN_ENCODING, new IntPtr((int)CRYPT_OUTPUT_TYPES.X509_PUBLIC_KEY_INFO),DERData, (UInt32)DERData.Length, CRYPT_DECODE_FLAGS.NONE, data, ref dwCertPublicKeyInfoSize)){data = new byte[dwCertPublicKeyInfoSize];if (RSACryptoServiceProviderExtension.CryptDecodeObject(CRYPT_ENCODING_FLAGS.X509_ASN_ENCODING | CRYPT_ENCODING_FLAGS.PKCS_7_ASN_ENCODING, new IntPtr((int)CRYPT_OUTPUT_TYPES.X509_PUBLIC_KEY_INFO),DERData, (UInt32)DERData.Length, CRYPT_DECODE_FLAGS.NONE, data, ref dwCertPublicKeyInfoSize)){GCHandle handle = GCHandle.Alloc(data, GCHandleType.Pinned);try{info = (CERT_PUBLIC_KEY_INFO)Marshal.PtrToStructure(handle.AddrOfPinnedObject(), typeof(CERT_PUBLIC_KEY_INFO));publicKey = new byte[info.PublicKey.cbData];Marshal.Copy(info.PublicKey.pbData, publicKey, 0, publicKey.Length);}finally{handle.Free();}}elsethrow new Win32Exception(Marshal.GetLastWin32Error());}elsethrow new Win32Exception(Marshal.GetLastWin32Error());return publicKey;}/// <summary>Extracts the binary data from a PEM file.</summary>internal static byte[] GetDERFromPEM(string sPEM){UInt32 dwSkip, dwFlags;UInt32 dwBinarySize = 0;if (!RSACryptoServiceProviderExtension.CryptStringToBinary(sPEM, (UInt32)sPEM.Length, CRYPT_STRING_FLAGS.CRYPT_STRING_BASE64HEADER, null, ref dwBinarySize, out dwSkip, out dwFlags))throw new Win32Exception(Marshal.GetLastWin32Error());byte[] decodedData = new byte[dwBinarySize];if (!RSACryptoServiceProviderExtension.CryptStringToBinary(sPEM, (UInt32)sPEM.Length, CRYPT_STRING_FLAGS.CRYPT_STRING_BASE64HEADER, decodedData, ref dwBinarySize, out dwSkip, out dwFlags))throw new Win32Exception(Marshal.GetLastWin32Error());return decodedData;}#endregion Methods#region P/Invoke Constants/// <summary>Enumeration derived from Crypto API.</summary>internal enum CRYPT_ACQUIRE_CONTEXT_FLAGS : uint{CRYPT_NEWKEYSET = 0x8,CRYPT_DELETEKEYSET = 0x10,CRYPT_MACHINE_KEYSET = 0x20,CRYPT_SILENT = 0x40,CRYPT_DEFAULT_CONTAINER_OPTIONAL = 0x80,CRYPT_VERIFYCONTEXT = 0xF0000000}/// <summary>Enumeration derived from Crypto API.</summary>internal enum CRYPT_PROVIDER_TYPE : uint{PROV_RSA_FULL = 1}/// <summary>Enumeration derived from Crypto API.</summary>internal enum CRYPT_DECODE_FLAGS : uint{NONE = 0,CRYPT_DECODE_ALLOC_FLAG = 0x8000}/// <summary>Enumeration derived from Crypto API.</summary>internal enum CRYPT_ENCODING_FLAGS : uint{PKCS_7_ASN_ENCODING = 0x00010000,X509_ASN_ENCODING = 0x00000001,}/// <summary>Enumeration derived from Crypto API.</summary>internal enum CRYPT_OUTPUT_TYPES : int{X509_PUBLIC_KEY_INFO = 8,RSA_CSP_PUBLICKEYBLOB = 19,PKCS_RSA_PRIVATE_KEY = 43,PKCS_PRIVATE_KEY_INFO = 44}/// <summary>Enumeration derived from Crypto API.</summary>internal enum CRYPT_STRING_FLAGS : uint{CRYPT_STRING_BASE64HEADER = 0,CRYPT_STRING_BASE64 = 1,CRYPT_STRING_BINARY = 2,CRYPT_STRING_BASE64REQUESTHEADER = 3,CRYPT_STRING_HEX = 4,CRYPT_STRING_HEXASCII = 5,CRYPT_STRING_BASE64_ANY = 6,CRYPT_STRING_ANY = 7,CRYPT_STRING_HEX_ANY = 8,CRYPT_STRING_BASE64X509CRLHEADER = 9,CRYPT_STRING_HEXADDR = 10,CRYPT_STRING_HEXASCIIADDR = 11,CRYPT_STRING_HEXRAW = 12,CRYPT_STRING_NOCRLF = 0x40000000,CRYPT_STRING_NOCR = 0x80000000}#endregion P/Invoke Constants#region P/Invoke Structures/// <summary>Structure from Crypto API.</summary>
        [StructLayout(LayoutKind.Sequential)]internal struct CRYPT_OBJID_BLOB{internal UInt32 cbData;internal IntPtr pbData;}/// <summary>Structure from Crypto API.</summary>
        [StructLayout(LayoutKind.Sequential)]internal struct CRYPT_ALGORITHM_IDENTIFIER{internal IntPtr pszObjId;internal CRYPT_OBJID_BLOB Parameters;}/// <summary>Structure from Crypto API.</summary>
        [StructLayout(LayoutKind.Sequential)]struct CRYPT_BIT_BLOB{internal UInt32 cbData;internal IntPtr pbData;internal UInt32 cUnusedBits;}/// <summary>Structure from Crypto API.</summary>
        [StructLayout(LayoutKind.Sequential)]struct CERT_PUBLIC_KEY_INFO{internal CRYPT_ALGORITHM_IDENTIFIER Algorithm;internal CRYPT_BIT_BLOB PublicKey;}#endregion P/Invoke Structures#region P/Invoke Functions/// <summary>Function for Crypto API.</summary>[DllImport("advapi32.dll", SetLastError = true)][return: MarshalAs(UnmanagedType.Bool)]internal static extern bool CryptDestroyKey(IntPtr hKey);/// <summary>Function for Crypto API.</summary>[DllImport("advapi32.dll", SetLastError = true)][return: MarshalAs(UnmanagedType.Bool)]internal static extern bool CryptImportKey(IntPtr hProv, byte[] pbKeyData, UInt32 dwDataLen, IntPtr hPubKey, UInt32 dwFlags, ref IntPtr hKey);/// <summary>Function for Crypto API.</summary>[DllImport("advapi32.dll", SetLastError = true)][return: MarshalAs(UnmanagedType.Bool)]internal static extern bool CryptReleaseContext(IntPtr hProv, Int32 dwFlags);/// <summary>Function for Crypto API.</summary>[DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)][return: MarshalAs(UnmanagedType.Bool)]internal static extern bool CryptAcquireContext(ref IntPtr hProv, string pszContainer, string pszProvider, CRYPT_PROVIDER_TYPE dwProvType, CRYPT_ACQUIRE_CONTEXT_FLAGS dwFlags);/// <summary>Function from Crypto API.</summary>[DllImport("crypt32.dll", SetLastError = true, CharSet = CharSet.Auto)][return: MarshalAs(UnmanagedType.Bool)]internal static extern bool CryptStringToBinary(string sPEM, UInt32 sPEMLength, CRYPT_STRING_FLAGS dwFlags, [Out] byte[] pbBinary, ref UInt32 pcbBinary, out UInt32 pdwSkip, out UInt32 pdwFlags);/// <summary>Function from Crypto API.</summary>[DllImport("crypt32.dll", SetLastError = true)][return: MarshalAs(UnmanagedType.Bool)]internal static extern bool CryptDecodeObjectEx(CRYPT_ENCODING_FLAGS dwCertEncodingType, IntPtr lpszStructType, byte[] pbEncoded, UInt32 cbEncoded, CRYPT_DECODE_FLAGS dwFlags, IntPtr pDecodePara, ref byte[] pvStructInfo, ref UInt32 pcbStructInfo);/// <summary>Function from Crypto API.</summary>[DllImport("crypt32.dll", SetLastError = true)][return: MarshalAs(UnmanagedType.Bool)]internal static extern bool CryptDecodeObject(CRYPT_ENCODING_FLAGS dwCertEncodingType, IntPtr lpszStructType, byte[] pbEncoded, UInt32 cbEncoded, CRYPT_DECODE_FLAGS flags, [In, Out] byte[] pvStructInfo, ref UInt32 cbStructInfo);#endregion P/Invoke Functions}
}

原文地址:http://xw-z1985.iteye.com/blog/1929931

转载于:https://www.cnblogs.com/davidwang456/p/3924807.html

JAVA/PHP/C#版RSA验签--转相关推荐

  1. java/php/c#版rsa签名以及java验签实现--转

    在开放平台领域,需要给isv提供sdk,签名是Sdk中需要提供的功能之一.由于isv使用的开发语言不是单一的,因此sdk需要提供多种语言的版本.譬如java.php.c#.另外,在电子商务尤其是支付领 ...

  2. js rsa验签_js rsa sign使用笔记(加密,解密,签名,验签)

    你将会收获: js如何加密, 解密 js如何签名, 验签 js和Java交互如何相互解密, 验签(重点) 通过谷歌, 发现jsrsasign库使用者较多. 查看api发现这个库功能很健全. 本文使用方 ...

  3. springboot整合RSA验签功能-提供API接口

    一.RSA工具类 RSAUtil 里面包含了加密解密,加签验签方法,参数用treemap排序 package com.zhouzy.boot.zhouzyBoot.config;import java ...

  4. java 国密p7验签_go/Java 国密sm2签名验签

    近期go项目对接第三方Java服务,第三方要求使用国密sm3/sm2算法进行数据签名验签,特记录go端开发注意事项 1 关于密钥对 密钥生成可以使用openssl库,openssl版本至少是1.1.1 ...

  5. Java简单的对外接口验签

    对外接口,需要校验一下是否有相应权限,简单的一个小代码. res加密util: /*** @description: AES加密解密工具* @author:mic* @create: **/ publ ...

  6. java实现DSA签名、验签

    DSA 私钥签名,公钥验签 public static final String ALGORITHM = "DSA";/*** 默认密钥字节数* <pre>* DSA* ...

  7. Java实现JWS生成与验签

    前言 接了大组织的对接需求,需要对面要求采用jws方式生成签名和签名验证. ps: JWT(json web token)是设计一种简洁,安全,无状态的token的实现,通常用于网络请求方和网络接收方 ...

  8. java基础-RSA签名验签

    一.介绍 RSA加密是一种非对称加密.可以在不直接传递密钥的情况下,完成解密.这能够确保信息的安全性,避免了直接传递密钥所造成的被破解的风险.是由一对密钥来进行加解密的过程,分别称为公钥和私钥.两者之 ...

  9. 前后端RSA互相加解密、加签验签、密钥对生成(Java)

    目录 一.序言 二.关于PKCS#1和PKCS#8格式密钥 1.简介 2.区别 二.关于JSEncrypt 三.关于jsrsasign 四.前端RSA加解密.加验签示例 1.相关依赖 2.crypto ...

最新文章

  1. 2018-3-18 中国计算机之母-- 夏培肃
  2. 企业运维监控平台架构设计与实现
  3. 论海明威的存在主义宗教意识——存在主义虚无主义。注:部分观点个人不赞同...
  4. 去邵程程博客,得到很有喜感图片一张
  5. win10无法装载重装系统iso文件_windows10系统如何安装iso镜像文件
  6. angularjs移除不必要的$watch
  7. 42:换汽水瓶ExchangeBottle
  8. nx600打印机打印设置_win7打印机共享怎么设置
  9. java自动转换_java类型转换详解(自动转换和强制转换)
  10. ButtonRenderer
  11. JAVA遍历map元素
  12. ios FMDB 更新二进制图片数据
  13. qt调用import sys库_【开源库】使用Qt.py进行开发
  14. 配置grafana的数据源、添加监控
  15. 【应用统计学】简单随机抽样的区间估计和样本容量的确定
  16. python qq群聊机器人_群聊太多?三步教你用 Python 自动监听转发群消息
  17. 【推荐】无线通信技术推荐学习图书目录
  18. 【航线运输驾驶员理论考试】飞行性能、计划和装载
  19. 人生不该困于五环之外(3):3到5年离开五环之外
  20. PowerShell获取货币符号

热门文章

  1. html5 java交互_html5+jquery与ssm进行json交互集成项目
  2. 任务切换的基础:模拟任务切换时寄存器的保存与恢复
  3. java 转发上传文件_Java 发送http请求上传文件功能实例
  4. Linux:网络编程
  5. android 之ListView分页效果以及从网络上加载数据一系列的综合运用
  6. C++20四大之一:module特性详解
  7. sql case 语句
  8. Ubuntu 里的Spyder不能切换中文输入
  9. python 条形图图注怎么集中注意力_如何用每个条形图的总和(Matplotlib)注释堆积条形图?...
  10. qq分享 设备未授权报错解决方案_金融行业思科设备典型网络故障案例:76系列典型案例(四)...