在 C# 中使用私钥对数据进行签名

本文介绍了在 C# 中使用私钥对数据进行签名的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我需要使用算法 SHA1RSA 用一个私钥对一些数据进行签名，Rsa 密钥长度为 2048，基本编码为 64.我的代码是这样的

I need to sign some data with one private key using Algorithm SHA1RSA ,Rsa Key length 2048 with 64 base encoding.My code is like this

string sPayload = "";
HttpWebRequest httpWebRequest = (HttpWebRequest)WebRequest.Create("URI");
httpWebRequest.ContentType = "application/json; charset=utf-8";
httpWebRequest.Method = WebRequestMethods.Http.Post;

using (StreamWriter streamWriter = new StreamWriter(httpWebRequest.GetRequestStream()))
{
    sPayload = "{"id":"14123213213"," +
                ""uid":"teller"," +
                ""pwd":"abc123"," +
                ""apiKey":"2343243"," +
                ""agentRefNo":"234324324"}";

    httpWebRequest.Headers.Add("SIGNATURE", Convert.ToBase64String(new System.Security.Cryptography.SHA1CryptoServiceProvider().ComputeHash(Encoding.ASCII.GetBytes(sPayload))));

    streamWriter.Write(sPayload);
    streamWriter.Flush();
    streamWriter.Close();
}

System.Net.ServicePointManager.Expect100Continue = false;

HttpWebResponse httpResponse = (HttpWebResponse)httpWebRequest.GetResponse();

using (StreamReader streamReader = new StreamReader(httpResponse.GetResponseStream()))
{
    string result = streamReader.ReadToEnd();
}

在标头名称签名中，我需要使用私钥传递签名数据(sPayload).但是使用上面的代码会出现无效签名"错误.来自第三方，我不确定加密部分是否正确.

In the Header name Signature i need to pass the signed data(sPayload) using the private key.But using above code an error is getting as "invalid signature" from third party and i'am not sure whether the Encryption part is correct or not.

httpWebRequest.Headers.Add("SIGNATURE", Convert.ToBase64String(new System.Security.Cryptography.SHA1CryptoServiceProvider().ComputeHash(Encoding.ASCII.GetBytes(sPayload))));

第三方提供了一个证书(cert，sha1)和密钥.我应该参考代码吗?

Third party had provide one certificate(cert,sha1) and key.should i refer that to the code?

推荐答案

您计算了 sPayload 的 SHA-1 哈希，而不是 RSA-SHA1 签名.

You have computed the SHA-1 hash of sPayload, not the RSA-SHA1 signature.

如果您有 X509Certificate2:

If you have an X509Certificate2:

using (RSA rsa = cert.GetRSAPrivateKey())
{
    return rsa.SignData(sPayload, HashAlgorithmName.SHA1, RSASignaturePadding.Pkcs1);
}

如果您已经拥有原始 RSA 密钥，那么请不要使用 using 语句.

If you already have a raw RSA key then just leave off the using statement.

如果你必须计算 sPayload 的哈希值，你可以这样做

If you have to compute the hash of sPayload for some other reason you can do it like

byte[] hash;
byte[] signature;

using (HashAlgorithm hasher = SHA1.Create())
using (RSA rsa = cert.GetRSAPrivateKey())
{
    hash = hasher.ComputeHash(sPayload);
    signature = rsa.SignHash(hash, HashAlgorithmName.SHA1, RSASignaturePadding.Pkcs1);
}

SignHash 仍然需要 HashAlgorithmName 值，因为算法标识符嵌入在签名中.

SignHash still requires the HashAlgorithmName value because the algorithm identifier is embedded within the signature.

这篇关于在 C# 中使用私钥对数据进行签名的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！