core中使用openssl的公钥私钥进行加解密
这篇博文分享的是C#中使用OpenSSL的公钥加密/私钥解密一文中的解决方法在 core 中的改进。之前的博文针对的是.NET Framework ,加解密用的是RSACryptoServiceProvider 。虽然在corefx(.NET Core Framework) 中也有RSACryptoServiceProvider ,但它目前只支持Windows ,不能跨平台。
之前的new RSACryptoServiceProvider(); 代码在mac 上运行,会报下面的错误:
System.PlatformNotSupportedException: Operation is not supported on this platform.
at System.Security.()
要解决这个问题,需要改用System.Security.Cryptography.RSA.Create() 工厂方法,使用它之后,在Windows 上创建的是System.Security.Cryptography.RSACng 的实例,在Mac 与Linux 上创建的是System.Security.Cryptography.RSAOpenSsl 的实例,它们都继承自System.Security.Cryptography.RSA 抽象类。
抽象类的使用使用了RSA.Create() 之后,带来了一个问题,RSA 中没有RSACryptoServiceProvider 中的以下2个签名的加解密方法。
public byte[] Encrypt(byte[] rgb, bool fOAEP);
public byte[] Decrypt(byte[] rgb, bool fOAEP);
只有
public abstract byte[] Encrypt(byte[] data, RSAEncryptionPadding padding);
public abstract byte[] Decrypt(byte[] data, RSAEncryptionPadding padding);
调用时它们时需要传递RSAEncryptionPadding 类型的参数值:
但对于openssl 生成的公钥私钥不知道选择哪种RSAEncryptionPadding ,只能采取笨方法——一个一个试试,试出来的结果是RSAEncryptionPadding.Pkcs1 。
openssl 的公钥与私钥是在Mac 上通过下面的2个命令生成的:
openssl genrsa -out rsa_1024_priv.pem 102
openssl rsa -pubout -in rsa_1024_priv.pem -out rsa_1024_pub.peml
(注:一定要用openssl 命令,用ssh-keygen -t rsa 命令生成的公钥私钥是不行的)
修改这两个地方(RSA.Create 与RSAEncryptionPadding.Pkcs1)之后,就可以在 core 上使用openssl 的公钥私钥进行加解密了,以下是测试时所用的完整代码( core控制台程序)。经测试,在Windows,macOS,Linux Ubuntu 上都能成功进行加解密。
Program.cs
复制代码
using System;
using System.IO;
using System.Security.Cryptography;
using System.Text;
namespace TryRsa
{
public class Program
{
//openssl genrsa -out rsa_1024_priv.pem 1024
private static readonly string _privateKey = @"MIICXgIBAAKBgQC0xP5HcfThSQr43bAMoopbzcCyZWE0xfUeTA4Nx4PrXEfDvybJ EIjbU/rgANAty1yp7g20J7+wVMPCusxftl/d0rPQiCLjeZ3HtlRKld+9htAZtHFZ
osV29h/hNE9JkxzGXstaSeXIUIWquMZQ8XyscIHhqoOmjXaCv58CSRAlAQIDAQAB
AoGBAJtDgCwZYv2FYVk0ABw6F6CWbuZLUVykks69AG0xasti7Xjh3AximUnZLefs
iuJqg2KpRzfv1CM+Cw5cp2GmIVvRqq0GlRZGxJ38AqH9oyUa2m3TojxWapY47zye
PYEjWwRTGlxUBkdujdcYj6/dojNkm4azsDXl9W5YaXiPfbgJAkEA4rlhSPXlohDk
FoyfX0v2OIdaTOcVpinv1jjbSzZ8KZACggjiNUVrSFV3Y4oWom93K5JLXf2mV0Sy
80mPR5jOdwJBAMwciAk8xyQKpMUGNhFX2jKboAYY1SJCfuUnyXHAPWeHp5xCL2UH
tjryJp/Vx8TgsFTGyWSyIE9R8hSup+32rkcCQBe+EAkC7yQ0np4Z5cql+sfarMMm
4+Z9t8b4N0a+EuyLTyfs5Dtt5JkzkggTeuFRyOoALPJP0K6M3CyMBHwb7WsCQQCi
TM2fCsUO06fRQu8bO1A1janhLz3K0DU24jw8RzCMckHE7pvhKhCtLn+n+MWwtzl/
L9JUT4+BgxeLepXtkolhAkEA2V7er7fnwww.baiyuewangEuL0+kKIjmOm5F3kvMIDh9YC1JwLGSvu
1fnzxK34QwSdxgQRF1dfIKJw73lClQpHZfQxL/2XRG8IoA==".Replace("\n", "");
//openssl rsa -pubout -in rsa_1024_priv.pem -out rsa_1024_pub.pem
private static readonly string _publicKey = @"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC0xP5HcfThSQr43bAMoopbzcCy
ZWE0xfUeTA4Nx4PrXEfDvybJEIjbU/rgANAty1yp7g20J7+wVMPCusxftl/d0rPQ
iCLjeZ3HtlRKld+9htAZtHFZosV29h/hNE9JkxzGXstaSeXIUIWquMZQ8XyscIHh
qoOmjXaCv58CSRAlAQIDAQAB".Replace("\n", "");
public static void Main(string[] args)
{
var plainText = "cnblogs";
//Encrypt
RSA rsa = CreateRsaFromPublicKey(_publicKey);
var plainTextBytes = Encoding.UTF8.GetBytes(plainText);
var cipherBytes = rsa.Encrypt(plainTextBytes, RSAEncryptionPadding.Pkcs1);
var cipher = Convert.ToBasewww.wang02764String(cipherBytes);
Console.WriteLine($"{nameof(cipher)}:{cipher}");
//Decrypt
rsa = CreateRsaFromPrivateKey(_privateKey);
cipherBytes = System.Convert.FromBase64String(cipher);
plainTextBytes = rsa.Decrypt(cipherBytes, RSAEncryptionPadding.Pkcs1);
plainText = Encoding.UTF8.GetString(plainTextBytes);
Console.WriteLine($"{nameof(plainText)}:{plainText}");
} private static RSA CreateRsaFromPrivateKey(string privateKey)
{
var privateKeyBits = System.Convert.FromBase64String(privateKey);
var rsa = RSA.Create();
var RSAparams = new RSAParameters();
using (var binr = new BinaryReader(new MemoryStream(privateKeyBits))) {
byte bt = 0;
ushort twobytes = 0;
twobytes = binr.ReadUInt16();
if (twobytes == 0x8130)
binr.ReadByte();
else if (twobytes == 0x8230)
binr.ReadInt16();
else
throw new Exception("Unexpected value read binr.ReadUInt16()");
twobytes = binr.ReadUInt16();
if (twobytes != 0x0102)
throw new Exception("Unexpected version");
bt = binr.ReadByte();
if (bt != 0x00)
throw new Exception("Unexpected value read binr.ReadByte()");
RSAparams.Modulus = binr.ReadBytes(GetIntegerSize(binr));
RSAparams.Exponent = binr.ReadBytes(GetIntegerSize(binr));
RSAparams.D = binr.ReadBytes(GetIntegerSize(binr));
RSAparams.P = binr.ReadBytes(GetIntegerSize(binr));
RSAparams.Q = binr.ReadBytes(GetIntegerSize(binr));
RSAparams.DP = binr.ReadBytes(GetIntegerSize(binr));
RSAparams.DQ = binr.ReadBytes(GetIntegerSize(binr));
RSAparams.InverseQ = binr.ReadBytes(GetIntegerSize(binr));
}
rsa.ImportParameters(RSAparams);
return rsa;
}
private static int GetIntegerSize(BinaryReader binr)
{
byte bt = 0;
byte lowbyte = 0x00;
byte highbyte = 0x00;
int count = 0;
bt = binr.ReadByte();
if (bt != 0x02)
return 0;
bt = binr.ReadByte();
if (bt == 0x81)
count = binr.ReadByte();
else
if (bt == 0x82)
{
highbyte = binr.ReadByte();
lowbyte = binr.ReadByte();
byte[] modint = { lowbyte, highbyte, 0x00, 0x00 };
count = BitConverter.ToInt32(modint, 0);
}
else
{
count = bt;
}
while (binr.ReadByte() == 0x00)
{
count -= 1;
}
binr.BaseStream.Seek(-1, SeekOrigin.Current);
return count;
}
private static RSA CreateRsaFromPublicKey(string publicKeyString)
{
byte[] SeqOID = { 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00 };
byte[] x509key;
byte[] seq = new byte[15];
int x509size;
x509key = Convert.FromBase64String(publicKeyString);
x509size = x509key.Length;
using (var mem = new MemoryStream(x509key))
{
using (var binr = new BinaryReader(mem)) {
byte bt = 0;
ushort twobytes = 0;
twobytes = binr.ReadUInt16();
if (twobytes == 0x8130)
binr.ReadByte();
else if (twobytes == 0x8230)
binr.ReadInt16();
else
return null;
seq = binr.ReadBytes(15);
if (!CompareBytearrays(seq, SeqOID)) return null;
twobytes = binr.ReadUInt16();
if (twobytes == 0x8103)
binr.ReadByte();
else if (twobytes == 0x8203)
binr.ReadInt16();
else
return null;
bt = binr.ReadByte();
if (bt != 0x00)
return null;
twobytes = binr.ReadUInt16();
if (twobytes == 0x8130)
binr.ReadByte();
else if (twobytes == 0x8230)
binr.ReadInt16();
else
return null;
twobytes = binr.ReadUInt16();
byte lowbyte = 0x00;
byte highbyte = 0x00;
if (twobytes == 0x8102)
lowbyte = binr.ReadByte();
else if (twobytes == 0x8202)

版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系QQ:729038198,我们将在24小时内删除。