文章出處
文章列表
這篇博文分享的是 C#中使用OpenSSL的公鑰加密/私鑰解密 一文中的解決方法在 .net core 中的改進。之前的博文針對的是 .NET Framework ,加解密用的是 RSACryptoServiceProvider 。雖然在 corefx(.NET Core Framework) 中也有 RSACryptoServiceProvider ,但它目前只支持 Windows ,不能跨平臺。
之前的 new RSACryptoServiceProvider(); 代碼在 mac 上運行,會報下面的錯誤:
System.PlatformNotSupportedException: Operation is not supported on this platform. at System.Security.Cryptography.RSACryptoServiceProvider..ctor()
要解決這個問題,需要改用 System.Security.Cryptography.RSA.Create() 工廠方法,使用它之后,在 Windows 上創建的是 System.Security.Cryptography.RSACng 的實例,在 Mac 與 Linux 上創建的是 System.Security.Cryptography.RSAOpenSsl 的實例,它們都繼承自 System.Security.Cryptography.RSA 抽象類。
使用了 RSA.Create() 之后,帶來了一個問題,RSA 中沒有 RSACryptoServiceProvider 中的以下2個簽名的加解密方法。
public byte[] Encrypt(byte[] rgb, bool fOAEP); public byte[] Decrypt(byte[] rgb, bool fOAEP);
只有
public abstract byte[] Encrypt(byte[] data, RSAEncryptionPadding padding); public abstract byte[] Decrypt(byte[] data, RSAEncryptionPadding padding);
調用時它們時需要傳遞 RSAEncryptionPadding 類型的參數值:
但對于 openssl 生成的公鑰私鑰不知道選擇哪種 RSAEncryptionPadding ,只能采取笨方法 —— 一個一個試試,試出來的結果是 RSAEncryptionPadding.Pkcs1 。
openssl 的公鑰與私鑰是在 Mac 上通過下面的2個命令生成的:
openssl genrsa -out rsa_1024_priv.pem 102 openssl rsa -pubout -in rsa_1024_priv.pem -out rsa_1024_pub.peml
(注:一定要用 openssl 命令,用 ssh-keygen -t rsa 命令生成的公鑰私鑰是不行的)
修改這兩個地方(RSA.Create 與 RSAEncryptionPadding.Pkcs1)之后,就可以在 .net core 上使用 openssl 的公鑰私鑰進行加解密了,以下是測試時所用的完整代碼(.net core控制臺程序)。經測試,在 Windows,macOS,Linux Ubuntu 上都能成功進行加解密。
Program.cs
using System; using System.IO; using System.Security.Cryptography; using System.Text; namespace TryRsa { public class Program { //openssl genrsa -out rsa_1024_priv.pem 1024 private static readonly string _privateKey = @"MIICXgIBAAKBgQC0xP5HcfThSQr43bAMoopbzcCyZWE0xfUeTA4Nx4PrXEfDvybJ EIjbU/rgANAty1yp7g20J7+wVMPCusxftl/d0rPQiCLjeZ3HtlRKld+9htAZtHFZ osV29h/hNE9JkxzGXstaSeXIUIWquMZQ8XyscIHhqoOmjXaCv58CSRAlAQIDAQAB AoGBAJtDgCwZYv2FYVk0ABw6F6CWbuZLUVykks69AG0xasti7Xjh3AximUnZLefs iuJqg2KpRzfv1CM+Cw5cp2GmIVvRqq0GlRZGxJ38AqH9oyUa2m3TojxWapY47zye PYEjWwRTGlxUBkdujdcYj6/dojNkm4azsDXl9W5YaXiPfbgJAkEA4rlhSPXlohDk FoyfX0v2OIdaTOcVpinv1jjbSzZ8KZACggjiNUVrSFV3Y4oWom93K5JLXf2mV0Sy 80mPR5jOdwJBAMwciAk8xyQKpMUGNhFX2jKboAYY1SJCfuUnyXHAPWeHp5xCL2UH tjryJp/Vx8TgsFTGyWSyIE9R8hSup+32rkcCQBe+EAkC7yQ0np4Z5cql+sfarMMm 4+Z9t8b4N0a+EuyLTyfs5Dtt5JkzkggTeuFRyOoALPJP0K6M3CyMBHwb7WsCQQCi TM2fCsUO06fRQu8bO1A1janhLz3K0DU24jw8RzCMckHE7pvhKhCtLn+n+MWwtzl/ L9JUT4+BgxeLepXtkolhAkEA2V7er7fnEuL0+kKIjmOm5F3kvMIDh9YC1JwLGSvu 1fnzxK34QwSdxgQRF1dfIKJw73lClQpHZfQxL/2XRG8IoA==".Replace("\n", ""); //openssl rsa -pubout -in rsa_1024_priv.pem -out rsa_1024_pub.pem private static readonly string _publicKey = @"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC0xP5HcfThSQr43bAMoopbzcCy ZWE0xfUeTA4Nx4PrXEfDvybJEIjbU/rgANAty1yp7g20J7+wVMPCusxftl/d0rPQ iCLjeZ3HtlRKld+9htAZtHFZosV29h/hNE9JkxzGXstaSeXIUIWquMZQ8XyscIHh qoOmjXaCv58CSRAlAQIDAQAB".Replace("\n", ""); public static void Main(string[] args) { var plainText = "cnblogs.com"; //Encrypt RSA rsa = CreateRsaFromPublicKey(_publicKey); var plainTextBytes = Encoding.UTF8.GetBytes(plainText); var cipherBytes = rsa.Encrypt(plainTextBytes, RSAEncryptionPadding.Pkcs1); var cipher = Convert.ToBase64String(cipherBytes); Console.WriteLine($"{nameof(cipher)}:{cipher}"); //Decrypt rsa = CreateRsaFromPrivateKey(_privateKey); cipherBytes = System.Convert.FromBase64String(cipher); plainTextBytes = rsa.Decrypt(cipherBytes, RSAEncryptionPadding.Pkcs1); plainText = Encoding.UTF8.GetString(plainTextBytes); Console.WriteLine($"{nameof(plainText)}:{plainText}"); } private static RSA CreateRsaFromPrivateKey(string privateKey) { var privateKeyBits = System.Convert.FromBase64String(privateKey); var rsa = RSA.Create(); var RSAparams = new RSAParameters(); using (var binr = new BinaryReader(new MemoryStream(privateKeyBits))) { byte bt = 0; ushort twobytes = 0; twobytes = binr.ReadUInt16(); if (twobytes == 0x8130) binr.ReadByte(); else if (twobytes == 0x8230) binr.ReadInt16(); else throw new Exception("Unexpected value read binr.ReadUInt16()"); twobytes = binr.ReadUInt16(); if (twobytes != 0x0102) throw new Exception("Unexpected version"); bt = binr.ReadByte(); if (bt != 0x00) throw new Exception("Unexpected value read binr.ReadByte()"); RSAparams.Modulus = binr.ReadBytes(GetIntegerSize(binr)); RSAparams.Exponent = binr.ReadBytes(GetIntegerSize(binr)); RSAparams.D = binr.ReadBytes(GetIntegerSize(binr)); RSAparams.P = binr.ReadBytes(GetIntegerSize(binr)); RSAparams.Q = binr.ReadBytes(GetIntegerSize(binr)); RSAparams.DP = binr.ReadBytes(GetIntegerSize(binr)); RSAparams.DQ = binr.ReadBytes(GetIntegerSize(binr)); RSAparams.InverseQ = binr.ReadBytes(GetIntegerSize(binr)); } rsa.ImportParameters(RSAparams); return rsa; } private static int GetIntegerSize(BinaryReader binr) { byte bt = 0; byte lowbyte = 0x00; byte highbyte = 0x00; int count = 0; bt = binr.ReadByte(); if (bt != 0x02) return 0; bt = binr.ReadByte(); if (bt == 0x81) count = binr.ReadByte(); else if (bt == 0x82) { highbyte = binr.ReadByte(); lowbyte = binr.ReadByte(); byte[] modint = { lowbyte, highbyte, 0x00, 0x00 }; count = BitConverter.ToInt32(modint, 0); } else { count = bt; } while (binr.ReadByte() == 0x00) { count -= 1; } binr.BaseStream.Seek(-1, SeekOrigin.Current); return count; } private static RSA CreateRsaFromPublicKey(string publicKeyString) { byte[] SeqOID = { 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00 }; byte[] x509key; byte[] seq = new byte[15]; int x509size; x509key = Convert.FromBase64String(publicKeyString); x509size = x509key.Length; using (var mem = new MemoryStream(x509key)) { using (var binr = new BinaryReader(mem)) { byte bt = 0; ushort twobytes = 0; twobytes = binr.ReadUInt16(); if (twobytes == 0x8130) binr.ReadByte(); else if (twobytes == 0x8230) binr.ReadInt16(); else return null; seq = binr.ReadBytes(15); if (!CompareBytearrays(seq, SeqOID)) return null; twobytes = binr.ReadUInt16(); if (twobytes == 0x8103) binr.ReadByte(); else if (twobytes == 0x8203) binr.ReadInt16(); else return null; bt = binr.ReadByte(); if (bt != 0x00) return null; twobytes = binr.ReadUInt16(); if (twobytes == 0x8130) binr.ReadByte(); else if (twobytes == 0x8230) binr.ReadInt16(); else return null; twobytes = binr.ReadUInt16(); byte lowbyte = 0x00; byte highbyte = 0x00; if (twobytes == 0x8102) lowbyte = binr.ReadByte(); else if (twobytes == 0x8202) { highbyte = binr.ReadByte(); lowbyte = binr.ReadByte(); } else return null; byte[] modint = { lowbyte, highbyte, 0x00, 0x00 }; int modsize = BitConverter.ToInt32(modint, 0); int firstbyte = binr.PeekChar(); if (firstbyte == 0x00) { binr.ReadByte(); modsize -= 1; } byte[] modulus = binr.ReadBytes(modsize); if (binr.ReadByte() != 0x02) return null; int expbytes = (int)binr.ReadByte(); byte[] exponent = binr.ReadBytes(expbytes); var rsa = RSA.Create(); var rsaKeyInfo = new RSAParameters { Modulus = modulus, Exponent = exponent }; rsa.ImportParameters(rsaKeyInfo); return rsa; } } } private static bool CompareBytearrays(byte[] a, byte[] b) { if (a.Length != b.Length) return false; int i = 0; foreach (byte c in a) { if (c != b[i]) return false; i++; } return true; } } }
project.json
{
"version": "1.0.0-*",
"buildOptions": {
"emitEntryPoint": true
},
"dependencies": {
"Microsoft.NETCore.App": {
"type": "platform",
"version": "1.1.0-preview1-001100-00"
},
"System.Security.Cryptography.Algorithms": "4.3.0-preview1-24530-04"
},
"frameworks": {
"netcoreapp1.1": {
"imports": "dnxcore50"
}
}
}
文章列表
全站熱搜
留言列表
