當前位置：首頁 > 编程语言 > C# >内容正文

C#

java/php/c#版rsa签名以及java验签实现--转

發布時間：2025/4/5 C# 34 豆豆

生活随笔收集整理的這篇文章主要介紹了 java/php/c#版rsa签名以及java验签实现--转小編覺得挺不錯的,現在分享給大家,幫大家做個參考.

在開放平臺領域，需要給isv提供sdk，簽名是Sdk中需要提供的功能之一。由于isv使用的開發語言不是單一的，因此sdk需要提供多種語言的版本。譬如java、php、c#。另外，在電子商務尤其是支付領域，對安全性的要求比較高，所以會采用非對稱密鑰RSA

? ? ? ?本文主要介紹如何基于java、php、c#在客戶端使用rsa簽名，然后在服務端使用Java驗簽。

基于openssl生成RSA公私鑰對

a）從網上下載openssl工具:http://www.slproweb.com/products/Win32OpenSSL.html

? b）生成私鑰

進入到openssl的bin目錄下，執行以下命令：

openssl genrsa -out rsa_private_key.pem 1024

會在bin目錄下看到新生成的私鑰文件rsa_private_key.pem，文件內容如下：

??c)生成公鑰

在bin目錄下，執行以下命令：

openssl rsa -in rsa_private_key.pem -pubout -out rsa_public_key.pem

會在bin目錄下看到新生成的公鑰文件rsa_public_key.pem，文件內容如下：

?2.?客戶端簽名

? 2.1?java版簽名實現

/*** rsa簽名* * @param content* 待簽名的字符串* @param privateKey* rsa私鑰字符串* @param charset* 字符編碼* @return 簽名結果* @throws Exception* 簽名失敗則拋出異常*/public String rsaSign(String content, String privateKey, String charset) throws SignatureException {try {PrivateKey priKey = getPrivateKeyFromPKCS8("RSA", new ByteArrayInputStream(privateKey.getBytes()));Signature signature = Signature.getInstance("SHA1WithRSA");signature.initSign(priKey);if (StringUtils.isEmpty(charset)) {signature.update(content.getBytes());} else {signature.update(content.getBytes(charset));}byte[] signed = signature.sign();return new String(Base64.encodeBase64(signed));} catch (Exception e) {throw new SignatureException("RSAcontent = " + content + "; charset = " + charset, e);}}public PrivateKey getPrivateKeyFromPKCS8(String algorithm, InputStream ins) throws Exception {if (ins == null || StringUtils.isEmpty(algorithm)) {return null;}KeyFactory keyFactory = KeyFactory.getInstance(algorithm);byte[] encodedKey = StreamUtil.readText(ins).getBytes();encodedKey = Base64.decodeBase64(encodedKey);return keyFactory.generatePrivate(new PKCS8EncodedKeySpec(encodedKey));}

?注意：參數privateKey是Pem私鑰文件中去除頭（-----BEGIN RSA PRIVATE KEY-----）和尾（-----END RSA PRIVATE KEY-----）以及換行符后的字符串。

如果簽名報以下錯誤：

java.security.spec.InvalidKeySpecException: java.security.InvalidKeyException: IOException : algid parse error, not a sequence

則說明rsa私鑰的格式不是pksc8格式，需要使用以下命令轉換一下：

openssl pkcs8 -topk8 -inform PEM -in rsa_private_key.pem -outform PEM -nocrypt

然后再提取去除頭和尾以及換行符后字符串作為java版用的rsa私鑰。

2.2 php簽名實現

function sign($content, $rsaPrivateKeyPem) {$priKey = file_get_contents($rsaPrivateKeyPem);$res = openssl_get_privatekey($priKey);openssl_sign($content, $sign, $res);openssl_free_key($res);$sign = base64_encode($sign);return $sign;}

注意：$rsaPrivateKeyPem為pem私鑰文件路徑

? 2.3 c#簽名實現(引用了國外某位仁兄的方案)

using System; using System.Text; using System.Security.Cryptography; using System.Web; using System.IO;namespace Aop.Api.Util {/// <summary>/// RSA簽名工具類。/// </summary>public class RSAUtil{public static string RSASign(string data, string privateKeyPem){RSACryptoServiceProvider rsaCsp = LoadCertificateFile(privateKeyPem);byte[] dataBytes = Encoding.UTF8.GetBytes(data);byte[] signatureBytes = rsaCsp.SignData(dataBytes, "SHA1");return Convert.ToBase64String(signatureBytes);}private static byte[] GetPem(string type, byte[] data){string pem = Encoding.UTF8.GetString(data);string header = String.Format("-----BEGIN {0}-----\\n", type);string footer = String.Format("-----END {0}-----", type);int start = pem.IndexOf(header) + header.Length;int end = pem.IndexOf(footer, start);string base64 = pem.Substring(start, (end - start));return Convert.FromBase64String(base64);}private static RSACryptoServiceProvider LoadCertificateFile(string filename){using (System.IO.FileStream fs = System.IO.File.OpenRead(filename)){byte[] data = new byte[fs.Length];byte[] res = null;fs.Read(data, 0, data.Length);if (data[0] != 0x30){res = GetPem("RSA PRIVATE KEY", data);}try{RSACryptoServiceProvider rsa = DecodeRSAPrivateKey(res);return rsa;}catch (Exception ex){}return null;}}private static RSACryptoServiceProvider DecodeRSAPrivateKey(byte[] privkey){byte[] MODULUS, E, D, P, Q, DP, DQ, IQ;// --------- Set up stream to decode the asn.1 encoded RSA private key ------MemoryStream mem = new MemoryStream(privkey);BinaryReader binr = new BinaryReader(mem); //wrap Memory Stream with BinaryReader for easy readingbyte bt = 0;ushort twobytes = 0;int elems = 0;try{twobytes = binr.ReadUInt16();if (twobytes == 0x8130) //data read as little endian order (actual data order for Sequence is 30 81)binr.ReadByte(); //advance 1 byteelse if (twobytes == 0x8230)binr.ReadInt16(); //advance 2 byteselsereturn null;twobytes = binr.ReadUInt16();if (twobytes != 0x0102) //version numberreturn null;bt = binr.ReadByte();if (bt != 0x00)return null;//------ all private key components are Integer sequences ----elems = GetIntegerSize(binr);MODULUS = binr.ReadBytes(elems);elems = GetIntegerSize(binr);E = binr.ReadBytes(elems);elems = GetIntegerSize(binr);D = binr.ReadBytes(elems);elems = GetIntegerSize(binr);P = binr.ReadBytes(elems);elems = GetIntegerSize(binr);Q = binr.ReadBytes(elems);elems = GetIntegerSize(binr);DP = binr.ReadBytes(elems);elems = GetIntegerSize(binr);DQ = binr.ReadBytes(elems);elems = GetIntegerSize(binr);IQ = binr.ReadBytes(elems);// ------- create RSACryptoServiceProvider instance and initialize with public key -----CspParameters CspParameters = new CspParameters();CspParameters.Flags = CspProviderFlags.UseMachineKeyStore;RSACryptoServiceProvider RSA = new RSACryptoServiceProvider(1024, CspParameters);RSAParameters RSAparams = new RSAParameters();RSAparams.Modulus = MODULUS;RSAparams.Exponent = E;RSAparams.D = D;RSAparams.P = P;RSAparams.Q = Q;RSAparams.DP = DP;RSAparams.DQ = DQ;RSAparams.InverseQ = IQ;RSA.ImportParameters(RSAparams);return RSA;}catch (Exception ex){return null;}finally{binr.Close();}}private static int GetIntegerSize(BinaryReader binr){byte bt = 0;byte lowbyte = 0x00;byte highbyte = 0x00;int count = 0;bt = binr.ReadByte();if (bt != 0x02) //expect integerreturn 0;bt = binr.ReadByte();if (bt == 0x81)count = binr.ReadByte(); // data size in next byteelseif (bt == 0x82){highbyte = binr.ReadByte(); // data size in next 2 byteslowbyte = binr.ReadByte();byte[] modint = { lowbyte, highbyte, 0x00, 0x00 };count = BitConverter.ToInt32(modint, 0);}else{count = bt; // we already have the data size }while (binr.ReadByte() == 0x00){ //remove high order zeros in datacount -= 1;}binr.BaseStream.Seek(-1, SeekOrigin.Current); //last ReadByte wasn't a removed zero, so back up a bytereturn count;}} }

注：privateKeyPem為私鑰文件路徑

? 3. 服務端java驗簽

/*** rsa驗簽* * @param content 被簽名的內容* @param sign 簽名后的結果* @param publicKey rsa公鑰* @param charset 字符集* @return 驗簽結果* @throws SignatureException 驗簽失敗，則拋異常*/boolean doCheck(String content, String sign, String publicKey, String charset) throws SignatureException {try {PublicKey pubKey = getPublicKeyFromX509("RSA", new ByteArrayInputStream(publicKey.getBytes()));Signature signature = Signature.getInstance("SHA1WithRSA");signature.initVerify(pubKey);signature.update(getContentBytes(content, charset));return signature.verify(Base64.decodeBase64(sign.getBytes()));} catch (Exception e) {throw new SignatureException("RSA驗證簽名[content = " + content + "; charset = " + charset+ "; signature = " + sign + "]發生異常!", e);}}private PublicKey getPublicKeyFromX509(String algorithm, InputStream ins) throws NoSuchAlgorithmException {try {KeyFactory keyFactory = KeyFactory.getInstance(algorithm);StringWriter writer = new StringWriter();StreamUtil.io(new InputStreamReader(ins), writer);byte[] encodedKey = writer.toString().getBytes();// 先base64解碼encodedKey = Base64.decodeBase64(encodedKey);return keyFactory.generatePublic(new X509EncodedKeySpec(encodedKey));} catch (IOException ex) {// 不可能發生} catch (InvalidKeySpecException ex) {// 不可能發生 }return null;}private byte[] getContentBytes(String content, String charset) throws UnsupportedEncodingException {if (StringUtil.isEmpty(charset)) {return content.getBytes();}return content.getBytes(charset);}

?注意：參數publicKey是Pem公鑰文件中去除頭（-----BEGIN RSA PRIVATE KEY-----）和尾（-----END RSA PRIVATE KEY-----）以及換行符后的字符串。

原文地址：http://xw-z1985.iteye.com/blog/1837376

轉載于:https://www.cnblogs.com/davidwang456/p/3924834.html

總結

以上是生活随笔為你收集整理的java/php/c#版rsa签名以及java验签实现--转的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。

上一篇： JAVA/PHP/C#版RSA验签--转
下一篇： c# char unsigned_dll