c# RSA相关 加密 签名 PEM - XML互相转换
安装nuget Portable.BouncyCastle
using Org.BouncyCastle.Asn1.Pkcs;
using Org.BouncyCastle.Asn1.X509;
using Org.BouncyCastle.Crypto;
using Org.BouncyCastle.Crypto.Parameters;
using Org.BouncyCastle.Math;
using Org.BouncyCastle.Pkcs;
using Org.BouncyCastle.Security;
using Org.BouncyCastle.X509;
using System;
using System.IO;
using System.Security.Cryptography;
using System.Text;
using System.Xml;
public class RSAHelper
{
/// <summary>
/// 生成公钥与私钥方法
/// </summary>
/// <returns></returns>
public static string[] CreateKey(KeyType keyType, KeySize keySize)
{
try
{
string[] sKeys = new string[2];
RSACryptoServiceProvider rsa = new RSACryptoServiceProvider((int)keySize);
switch (keyType)
{
case KeyType.XML:
{
//私钥
sKeys[0] = rsa.ToXmlString(true);
//公钥
sKeys[1] = rsa.ToXmlString(false);
}
break;
case KeyType.PKS8:
{
sKeys[0] = rsa.ToXmlString(true);
//公钥
sKeys[1] = rsa.ToXmlString(false);
//JAVA私钥
sKeys[0] = RSAPrivateKeyDotNet2Java(sKeys[0]);
//JAVA公钥
sKeys[1] = RSAPublicKeyDotNet2Java(sKeys[1]);
}
break;
default:
break;
}
return sKeys;
}
catch (Exception ex)
{
return null;
}
}
/// <summary>
/// 密钥类型
/// </summary>
public enum KeyType
{
/// <summary>
/// xml类型
/// </summary>
XML,
/// <summary>
/// pks8类型
/// </summary>
PKS8
}
/// <summary>
/// 密钥尺寸(一般都是1024位的)
/// </summary>
public enum KeySize
{
SMALL = 1024,
BIG = 2048
}
/// <summary>
/// RSA私钥格式转换,.net->java
/// </summary>
/// <param name="privateKey">.net生成的私钥</param>
/// <returns></returns>
public static string RSAPrivateKeyDotNet2Java(string privateKey)
{
XmlDocument doc = new XmlDocument();
doc.LoadXml(privateKey);
BigInteger m = new BigInteger(1, Convert.FromBase64String(doc.DocumentElement.GetElementsByTagName("Modulus")[0].InnerText));
BigInteger exp = new BigInteger(1, Convert.FromBase64String(doc.DocumentElement.GetElementsByTagName("Exponent")[0].InnerText));
BigInteger d = new BigInteger(1, Convert.FromBase64String(doc.DocumentElement.GetElementsByTagName("D")[0].InnerText));
BigInteger p = new BigInteger(1, Convert.FromBase64String(doc.DocumentElement.GetElementsByTagName("P")[0].InnerText));
BigInteger q = new BigInteger(1, Convert.FromBase64String(doc.DocumentElement.GetElementsByTagName("Q")[0].InnerText));
BigInteger dp = new BigInteger(1, Convert.FromBase64String(doc.DocumentElement.GetElementsByTagName("DP")[0].InnerText));
BigInteger dq = new BigInteger(1, Convert.FromBase64String(doc.DocumentElement.GetElementsByTagName("DQ")[0].InnerText));
BigInteger qinv = new BigInteger(1, Convert.FromBase64String(doc.DocumentElement.GetElementsByTagName("InverseQ")[0].InnerText));
RsaPrivateCrtKeyParameters privateKeyParam = new RsaPrivateCrtKeyParameters(m, exp, d, p, q, dp, dq, qinv);
PrivateKeyInfo privateKeyInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(privateKeyParam);
byte[] serializedPrivateBytes = privateKeyInfo.ToAsn1Object().GetEncoded();
return Convert.ToBase64String(serializedPrivateBytes);
}
/// <summary>
/// RSA公钥格式转换,.net->java
/// </summary>
/// <param name="publicKey">.net生成的公钥</param>
/// <returns></returns>
public static string RSAPublicKeyDotNet2Java(string publicKey)
{
XmlDocument doc = new XmlDocument();
doc.LoadXml(publicKey);
BigInteger m = new BigInteger(1, Convert.FromBase64String(doc.DocumentElement.GetElementsByTagName("Modulus")[0].InnerText));
BigInteger p = new BigInteger(1, Convert.FromBase64String(doc.DocumentElement.GetElementsByTagName("Exponent")[0].InnerText));
RsaKeyParameters pub = new RsaKeyParameters(false, m, p);
SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(pub);
byte[] serializedPublicBytes = publicKeyInfo.ToAsn1Object().GetDerEncoded();
return Convert.ToBase64String(serializedPublicBytes);
}
/// <summary>
/// RSA私钥格式转换,java->.net
/// </summary>
/// <param name="privateKey">java生成的RSA私钥</param>
/// <returns></returns>
public static string RSAPrivateKeyJavaToDotNet(string privateKey)
{
RsaPrivateCrtKeyParameters privateKeyParam = (RsaPrivateCrtKeyParameters)PrivateKeyFactory.CreateKey(Convert.FromBase64String(privateKey));
return string.Format("<RSAKeyValue><Modulus>{0}</Modulus><Exponent>{1}</Exponent><P>{2}</P><Q>{3}</Q><DP>{4}</DP><DQ>{5}</DQ><InverseQ>{6}</InverseQ><D>{7}</D></RSAKeyValue>",
Convert.ToBase64String(privateKeyParam.Modulus.ToByteArrayUnsigned()),
Convert.ToBase64String(privateKeyParam.PublicExponent.ToByteArrayUnsigned()),
Convert.ToBase64String(privateKeyParam.P.ToByteArrayUnsigned()),
Convert.ToBase64String(privateKeyParam.Q.ToByteArrayUnsigned()),
Convert.ToBase64String(privateKeyParam.DP.ToByteArrayUnsigned()),
Convert.ToBase64String(privateKeyParam.DQ.ToByteArrayUnsigned()),
Convert.ToBase64String(privateKeyParam.QInv.ToByteArrayUnsigned()),
Convert.ToBase64String(privateKeyParam.Exponent.ToByteArrayUnsigned()));
}
/// <summary>
/// RSA公钥格式转换,java->.net
/// </summary>
/// <param name="publicKey">java生成的公钥</param>
/// <returns></returns>
public static string RSAPublicKeyJavaToDotNet(string publicKey)
{
RsaKeyParameters publicKeyParam = (RsaKeyParameters)PublicKeyFactory.CreateKey(Convert.FromBase64String(publicKey));
return string.Format("<RSAKeyValue><Modulus>{0}</Modulus><Exponent>{1}</Exponent></RSAKeyValue>",
Convert.ToBase64String(publicKeyParam.Modulus.ToByteArrayUnsigned()),
Convert.ToBase64String(publicKeyParam.Exponent.ToByteArrayUnsigned()));
}
/// <summary>
/// 最大加密长度
/// </summary>
private const int MAX_ENCRYPT_BLOCK = 245;
/// <summary>
/// 最大解密长度
/// </summary>
private const int MAX_DECRYPT_BLOCK = 256;
/// <summary>
/// 用私钥给数据进行RSA加密
/// </summary>
/// <param name="xmlPrivateKey"></param>
/// <param name="strEncryptString"></param>
/// <returns></returns>
public static string PrivateKeyEncrypt(string xmlPrivateKey, string strEncryptString)
{
//加载私钥
RSACryptoServiceProvider privateRsa = new RSACryptoServiceProvider();
privateRsa.FromXmlString(xmlPrivateKey);
//转换密钥
AsymmetricCipherKeyPair keyPair = DotNetUtilities.GetKeyPair(privateRsa);
IBufferedCipher c = CipherUtilities.GetCipher("RSA/ECB/PKCS1Padding"); //使用RSA/ECB/PKCS1Padding格式
c.Init(true, keyPair.Private);//第一个参数为true表示加密,为false表示解密;第二个参数表示密钥
byte[] dataToEncrypt = Encoding.UTF8.GetBytes(strEncryptString);//获取字节
byte[] cache;
int time = 0;//次数
int inputLen = dataToEncrypt.Length;
int offSet = 0;
MemoryStream outStream = new MemoryStream();
while (inputLen - offSet > 0)
{
if (inputLen - offSet > MAX_ENCRYPT_BLOCK)
{
cache = c.DoFinal(dataToEncrypt, offSet, MAX_ENCRYPT_BLOCK);
}
else
{
cache = c.DoFinal(dataToEncrypt, offSet, inputLen - offSet);
}
//写入
outStream.Write(cache, 0, cache.Length);
time++;
offSet = time * MAX_ENCRYPT_BLOCK;
}
byte[] resData = outStream.ToArray();
string strBase64 = Convert.ToBase64String(resData);
outStream.Close();
return strBase64;
}
/// <summary>
/// 用公钥给数据进行RSA解密
/// </summary>
/// <param name="xmlPublicKey"> 公钥(XML格式字符串) </param>
/// <param name="strDecryptString"> 要解密数据 </param>
/// <returns> 解密后的数据 </returns>
public static string PublicKeyDecrypt(string xmlPublicKey, string strDecryptString)
{
//加载公钥
RSACryptoServiceProvider publicRsa = new RSACryptoServiceProvider();
publicRsa.FromXmlString(xmlPublicKey);
RSAParameters rp = publicRsa.ExportParameters(false);
//转换密钥
AsymmetricKeyParameter pbk = DotNetUtilities.GetRsaPublicKey(rp);
IBufferedCipher c = CipherUtilities.GetCipher("RSA/ECB/PKCS1Padding");
//第一个参数为true表示加密,为false表示解密;第二个参数表示密钥
c.Init(false, pbk);
byte[] DataToDecrypt = Convert.FromBase64String(strDecryptString);
byte[] cache;
int time = 0;//次数
int inputLen = DataToDecrypt.Length;
int offSet = 0;
MemoryStream outStream = new MemoryStream();
while (inputLen - offSet > 0)
{
if (inputLen - offSet > MAX_DECRYPT_BLOCK)
{
cache = c.DoFinal(DataToDecrypt, offSet, MAX_DECRYPT_BLOCK);
}
else
{
cache = c.DoFinal(DataToDecrypt, offSet, inputLen - offSet);
}
//写入
outStream.Write(cache, 0, cache.Length);
time++;
offSet = time * MAX_DECRYPT_BLOCK;
}
byte[] resData = outStream.ToArray();
string strDec = Encoding.UTF8.GetString(resData);
return strDec;
}
/// <summary>
/// 签名
/// </summary>
/// <param name="str">需签名的数据</param>
/// <returns>签名后的值</returns>
public static string Sign(string str, string privateKey, SignAlgType signAlgType)
{
//根据需要加签时的哈希算法转化成对应的hash字符节
byte[] bt = Encoding.GetEncoding("utf-8").GetBytes(str);
byte[] rgbHash = null;
switch (signAlgType)
{
case SignAlgType.SHA256:
{
SHA256CryptoServiceProvider csp = new SHA256CryptoServiceProvider();
rgbHash = csp.ComputeHash(bt);
}
break;
case SignAlgType.MD5:
{
MD5CryptoServiceProvider csp = new MD5CryptoServiceProvider();
rgbHash = csp.ComputeHash(bt);
}
break;
case SignAlgType.SHA1:
{
SHA1 csp = new SHA1CryptoServiceProvider();
rgbHash = csp.ComputeHash(bt);
}
break;
default:
break;
}
RSACryptoServiceProvider key = new RSACryptoServiceProvider();
key.FromXmlString(privateKey);
RSAPKCS1SignatureFormatter formatter = new RSAPKCS1SignatureFormatter(key);
formatter.SetHashAlgorithm(signAlgType.ToString());//此处是你需要加签的hash算法,需要和上边你计算的hash值的算法一致,不然会报错。
byte[] inArray = formatter.CreateSignature(rgbHash);
return Convert.ToBase64String(inArray);
}
/// <summary>
/// 签名验证
/// </summary>
/// <param name="str">待验证的字符串</param>
/// <param name="sign">加签之后的字符串</param>
/// <returns>签名是否符合</returns>
public static bool Verify(string str, string sign, string publicKey, SignAlgType signAlgType)
{
byte[] bt = Encoding.GetEncoding("utf-8").GetBytes(str);
byte[] rgbHash = null;
switch (signAlgType)
{
case SignAlgType.SHA256:
{
SHA256CryptoServiceProvider csp = new SHA256CryptoServiceProvider();
rgbHash = csp.ComputeHash(bt);
}
break;
case SignAlgType.MD5:
{
MD5CryptoServiceProvider csp = new MD5CryptoServiceProvider();
rgbHash = csp.ComputeHash(bt);
}
break;
case SignAlgType.SHA1:
{
SHA1 csp = new SHA1CryptoServiceProvider();
rgbHash = csp.ComputeHash(bt);
}
break;
default:
break;
}
RSACryptoServiceProvider key = new RSACryptoServiceProvider();
key.FromXmlString(publicKey);
RSAPKCS1SignatureDeformatter deformatter = new RSAPKCS1SignatureDeformatter(key);
deformatter.SetHashAlgorithm(signAlgType.ToString());
byte[] rgbSignature = Convert.FromBase64String(sign);
if (deformatter.VerifySignature(rgbHash, rgbSignature))
return true;
return false;
}
/// <summary>
/// 签名算法类型
/// </summary>
public enum SignAlgType
{
/// <summary>
/// sha256
/// </summary>
SHA256,
/// <summary>
/// md5
/// </summary>
MD5,
/// <summary>
/// sha1
/// </summary>
SHA1
}
}
使用方式如下
var pubkeyPEM = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3XwdOA766g5nSgCrbt71kNs569Wk7a10BSwDMD0VzpiUyVvyRHV03Lo7dq7VwNtMZNh3d7kYOI5r/BnoO/zldBkl7hwyffjPWsLtzlZ7aKQdJuPynIL7+5iBhtiA2XSCJxD0MZq2wuMEl8h9V4bK3YjCUG17wX9BbGP6fk+CPkDdISVagQNXuIWzadmVLH+5aamE6E/CaAGSUBEIl2E1j9OXokhdCKP7IuFAIHFpzbNacp0baa5UZPGnuyJyjtJk9aa+yweAc41I37l7S3bmHaoG7nkpNivIWnS7B6zgI044Ptc7kwhTWBiZd3Q4CUnf1ZR1zRj19GhLfxTvLa6vBwIDAQAB";
var privatekeyPEM = "MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDdfB04DvrqDmdKAKtu3vWQ2znr1aTtrXQFLAMwPRXOmJTJW/JEdXTcujt2rtXA20xk2Hd3uRg4jmv8Geg7/OV0GSXuHDJ9+M9awu3OVntopB0m4/Kcgvv7mIGG2IDZdIInEPQxmrbC4wSXyH1XhsrdiMJQbXvBf0FsY/p+T4I+QN0hJVqBA1e4hbNp2ZUsf7lpqYToT8JoAZJQEQiXYTWP05eiSF0Io/si4UAgcWnNs1pynRtprlRk8ae7InKO0mT1pr7LB4BzjUjfuXtLduYdqgbueSk2K8hadLsHrOAjTjg+1zuTCFNYGJl3dDgJSd/VlHXNGPX0aEt/FO8trq8HAgMBAAECggEBAJbfa/v64Fs98ohLinwc7wR9AaivwQiSxlybjZR3l/pCn9/GfXK63B9b0RPYpw0XlaOAfWkVsfUct1xkvXjXneoHE3puxMphCcbW0C1lZe1zFdSfJG4PH91UFq+nnaYDooFAIEgGDwcUo9VNImzUCi78cPleixXVPNi8Bi+ys5L5UY73uLxxeyd8el6k2V2pCQHCHAUzdBVlBiYZfQHwK+lz56OOLqEM3z7x6qqidNOS+SnrIJsadKfiAJMt24PNYBAuDiiQCVGPnfqRVmUUy4OOaQAtbEC7j2f1vpZa9uyuN48vlO8Lh/VXbYnLtR6IIvKkOQfmn7HIfMTRDhazGfECgYEA+tfPX0yUr+8D+FTIyHDlqhKZ4lubGXY1+elyJXOfEZeCirLIM+9SyodSEiht1ci+14pawZl5Vf46IreErXkhB+7NbDVYKLrTKFAyOLncSsE/+qnoruwItqlnNntXd+fFrZ9jvc+ceX5n59q3v1npbgKqpytkWmsjKCPWbhP4DdkCgYEA4gnKpKqTk193+7Dcnecm8bHLp7brZJpfwFzxbt3uBVbNlWTci82wcp3+13fd9rgn28eCKm88/p4BBqfuuVBihas64qtBrdTU5d5CdYoOcB8qbuhEXlbeTq30k2fHjd0U4K0pRrWvTfMKKY0hrZJnuXtjcl1gZ/5F+lemU2kJN98CgYBPsUKTv0u5vVDgk2caryt35eL31CypYTHyzOTT2zDdMOprUDNktJLz/xvm4utKMTXYWn9M5Ip09IjZwL4pMsN4triSuTvh7MDrHNdnyDyhj1XZOCPRdvGpvpYo6/S1BnB6IZpZklzfCHbQZV9dLp6Hsdcvtwxx4XnQ5dnZLQTwuQKBgHqU3s2AJ/oTGwlmt632TltilVRF0dBEG8tBXDlIp61DjsgG48f5a0gtQKfvPHNxGUSKJKAIpWZbn6jRZ5gd7OAapRuJzluMAU0LxLTjgsLxU9zDn1gd+f9nPSy3ajQYAht6LNlI7GH0fL1d6TatIA0pyhuaYg7jiWWjJPM1Eie3AoGBANnRUrlV/ZJ5TYw7bd3rRcpFbyoT9sOrVI7PYF50GFKjNiVtKlUcTLynnuq7wTs/X9rys0rrYE6WUBUXQ1k//cXxbu6BO8NvgYLr0RJsvDHy+mUZfQxDrdG4zdtNB+bNEAH24FzLJlVn+ZYp9A2iXNVMSA9bgukqXJRgaXaqGSjr";
var xmlPrivateKey = RSAHelper.RSAPrivateKeyJavaToDotNet(privatekeyPEM);
var xmlPublicKey = RSAHelper.RSAPublicKeyJavaToDotNet(pubkeyPEM);
var secret = RSAHelper.PrivateKeyEncrypt(xmlPrivateKey, "test");
var raw = RSAHelper.PublicKeyDecrypt(xmlPublicKey, secret);
var auth = RSAHelper.Sign(secret, xmlPrivateKey, RSAHelper.SignAlgType.MD5);
var authRaw = RSAHelper.Verify(secret, auth, xmlPublicKey, RSAHelper.SignAlgType.MD5);
留待后查,同时方便他人
联系我:renhanlinbsl@163.com
联系我:renhanlinbsl@163.com
