深圳品牌网站制作咨询电话,青岛网站建设报价,如何分析一个网站的用户,电脑优化软件推荐前言 前不久移植了支付宝官方的SDK#xff0c;以适用ASP.NET Core使用支付宝支付#xff0c;但是最近有好几位用户反应在Linux下使用会出错#xff0c;调试发现是RSA加密的错误#xff0c;下面具体讲一讲。 RSA在.NET Core的改动 以前我们使用RSA加密主要是使用RSACryptoSe… 前言 前不久移植了支付宝官方的SDK以适用ASP.NET Core使用支付宝支付但是最近有好几位用户反应在Linux下使用会出错调试发现是RSA加密的错误下面具体讲一讲。 RSA在.NET Core的改动 以前我们使用RSA加密主要是使用RSACryptoServiceProvider这个类在.NET Core中也有这个类但是这个类并不支持跨平台所以如果你是用这个类来进行加/解密在windows上运行是完全没有错误的但是只要你一放到Linux下就会出现异常。 查阅资料得知要解决这个问题需要改用 System.Security.Cryptography.RSA.Create() 工厂方法使用它之后在 Windows 上创建的是 System.Security.Cryptography.RSACng 的实例在 Mac 与 Linux 上创建的是 System.Security.Cryptography.RSAOpenSsl 的实例它们都继承自 System.Security.Cryptography.RSA 抽象类。 RSACng 相关资料https://docs.microsoft.com/zh-cn/dotnet/api/system.security.cryptography.rsacng?viewnetcore-2.0 RSAOpenSsl 相关资料https://docs.microsoft.com/zh-cn/dotnet/api/system.security.cryptography.rsaopenssl?viewnetcore-2.0 在Windows上的调试截图 在Mac上使用Visual studio For Mac 调试截图 RSA公钥/私钥说明 这里的RSA加密/解密主要是针对于由OpenSSL生成的公钥/私钥字符串。ssh-keygen -t rsa 命令生成的公钥私钥是不行的。 公钥示例 -----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC7PyjMEuniN6BPn8oqzIZ6AO1N
jSTO9R3adCCIwKfKIEoWXXMtHDpktdPKSaAsWJPTNAGvEvtxOfzXib/EMXKqD0e
Uy5MatfpRjRdf1hJVimmfrb09Qx2j7CsKLy7nD23m4xubdYBwvkjMwt/L3JxB5D6
qryW1wei/j1c/OCxQIDAQAB
-----END PUBLIC KEY----- 私钥示例 -----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQC7PyjMEuniN6BPn8oqzIZ6AO1NjSTO9R3adCCIwKfKIEoWXXM
tHDpktdPKSaAsWJPTNAGvEvtxOfzXib/EMXKqD0eUy5MatfpRjRdf1hJVimmfrb09Qx2j7CsKLy7nD23m4xubdYBwvkjMwt/L3JxB5D6qryW1wei/j1c/OCxQIDAQAB
AoGAT7vGYJgRNf4f6qgNS4pKHTu10RcwPFyOOM7IZ9M5380HyXuBB6MEjowKwpH1fcyLepwaR5KG7b5uBGY4H2ticMtdysBd9gLwnY4Eh4j7LCWE54HvELpeWXkWp
FQdb/NQhcqMAGwYsTnRPdBqkrUmJBTYqEGkIlqCQ5vUJOCECQQDhe0KGmbq1RWp6
TDvgpA2dUmlt2fdP8oNW8O7MvbDaQRduoZnVRTPYCDKfzFqpNXL1hAYgth1N0vzD
nv3VoLcpAkEA1JcYrLv5js1g5Luv8LaI5/3uOg0CW7fmh/LfGuz8k/OxASNcAO
UjPHrxtc5xn1zat4/bnV5GEdlOp/DhquPQJBAIV2Fsdi4MAueiPjPWHRQO0jvDV
jfwFOFZSn5YSRUa6NmtmPY6tumUJXSWWqKb1GwlVTuc3xBqXYsNLLUWwLhkCQQDJ
UJCiD0LohhdGEqUuSKnj5H9kxddJO4pZXFSI7UEJbJQDwcBkynFTm2BHtZGZdQ
fVnlA89OJr0poOpSgeNAkAKY85SR9KASaTiDBoPpJ8N805XEhd0KqghzSThxL3
fVtKUQLiCh7Yd8oMd/G5S3xWJHUXSioATT8uPRH2bOb/
-----END RSA PRIVATE KEY----- 公钥/私钥生成 WindowsMAC_OSX可以使用有支付宝开发的RSA密钥生成工具 使用此工具生成的时候一定要选择PKCS1 下载地址https://doc.open.alipay.com/docs/doc.htm?treeId291articleId105971docType1 此外还可以使用OpenSSL工具命令来生成https://doc.open.alipay.com/docs/doc.htm?articleId106130docType1 .NET Core 中的使用 这里要讲一下RSA2算法。 什么是RSA2 RSA2 是在原来SHA1WithRSA签名算法的基础上新增了支持SHA256WithRSA的签名算法。该算法比SHA1WithRSA有更强的安全能力。 算法名称 标准签名算法名称 备注RSA2SHA256WithRSA强烈推荐使用强制要求RSA密钥的长度至少为2048RSASHA1WithRSA对RSA密钥的长度不限制推荐使用2048位以上 签名的作用:保证数据完整性,机密性和发送方角色的不可抵赖性 这里来一发干货我已经封装好的RSA/RSA2算法支持加密/解密/签名/验证签名。 /// summary/// RSA加解密 使用OpenSSL的公钥加密/私钥解密/// 作者李志强/// 创建时间2017年10月30日15:50:14/// QQ:501232752/// /summarypublic class RSAHelper{ private readonly RSA _privateKeyRsaProvider; private readonly RSA _publicKeyRsaProvider; private readonly HashAlgorithmName _hashAlgorithmName; private readonly Encoding _encoding; /// summary/// 实例化RSAHelper/// /summary/// param namersaType加密算法类型 RSA SHA1;RSA2 SHA256 密钥长度至少为2048/param/// param nameencoding编码类型/param/// param nameprivateKey私钥/param/// param namepublicKey公钥/parampublic RSAHelper(RSAType rsaType, Encoding encoding, string privateKey, string publicKey null) {_encoding encoding; if (!string.IsNullOrEmpty(privateKey)){_privateKeyRsaProvider CreateRsaProviderFromPrivateKey(privateKey);} if (!string.IsNullOrEmpty(publicKey)){_publicKeyRsaProvider CreateRsaProviderFromPublicKey(publicKey);}_hashAlgorithmName rsaType RSAType.RSA ? HashAlgorithmName.SHA1 : HashAlgorithmName.SHA256;} #region 使用私钥签名/// summary/// 使用私钥签名/// /summary/// param namedata原始数据/param/// returns/returnspublic string Sign(string data) { byte[] dataBytes _encoding.GetBytes(data); var signatureBytes _privateKeyRsaProvider.SignData(dataBytes, _hashAlgorithmName, RSASignaturePadding.Pkcs1); return Convert.ToBase64String(signatureBytes);} #endregion#region 使用公钥验证签名/// summary/// 使用公钥验证签名/// /summary/// param namedata原始数据/param/// param namesign签名/param/// returns/returnspublic bool Verify(string data,string sign) { byte[] dataBytes _encoding.GetBytes(data); byte[] signBytes Convert.FromBase64String(sign); var verify _publicKeyRsaProvider.VerifyData(dataBytes, signBytes, _hashAlgorithmName, RSASignaturePadding.Pkcs1); return verify;} #endregion#region 解密public string Decrypt(string cipherText) { if (_privateKeyRsaProvider null){ throw new Exception(_privateKeyRsaProvider is null);} return Encoding.UTF8.GetString(_privateKeyRsaProvider.Decrypt(Convert.FromBase64String(cipherText), RSAEncryptionPadding.Pkcs1));} #endregion#region 加密public string Encrypt(string text) { if (_publicKeyRsaProvider null){ throw new Exception(_publicKeyRsaProvider is null);} return Convert.ToBase64String(_publicKeyRsaProvider.Encrypt(Encoding.UTF8.GetBytes(text), RSAEncryptionPadding.Pkcs1));} #endregion#region 使用私钥创建RSA实例public RSA CreateRsaProviderFromPrivateKey(string privateKey) { var privateKeyBits Convert.FromBase64String(privateKey); var rsa RSA.Create(); var rsaParameters new RSAParameters(); using (BinaryReader binr new BinaryReader(new MemoryStream(privateKeyBits))){ byte bt 0; ushort twobytes 0;twobytes binr.ReadUInt16(); if (twobytes 0x8130)binr.ReadByte(); else if (twobytes 0x8230)binr.ReadInt16(); elsethrow new Exception(Unexpected value read binr.ReadUInt16());twobytes binr.ReadUInt16(); if (twobytes ! 0x0102) throw new Exception(Unexpected version);bt binr.ReadByte(); if (bt ! 0x00) throw new Exception(Unexpected value read binr.ReadByte());rsaParameters.Modulus binr.ReadBytes(GetIntegerSize(binr));rsaParameters.Exponent binr.ReadBytes(GetIntegerSize(binr));rsaParameters.D binr.ReadBytes(GetIntegerSize(binr));rsaParameters.P binr.ReadBytes(GetIntegerSize(binr));rsaParameters.Q binr.ReadBytes(GetIntegerSize(binr));rsaParameters.DP binr.ReadBytes(GetIntegerSize(binr));rsaParameters.DQ binr.ReadBytes(GetIntegerSize(binr));rsaParameters.InverseQ binr.ReadBytes(GetIntegerSize(binr));}rsa.ImportParameters(rsaParameters); return rsa;} #endregion#region 使用公钥创建RSA实例public RSA CreateRsaProviderFromPublicKey(string publicKeyString) { // encoded OID sequence for PKCS #1 rsaEncryption szOID_RSA_RSA 1.2.840.113549.1.1.1byte[] seqOid { 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00 }; byte[] seq new byte[15]; var x509Key Convert.FromBase64String(publicKeyString); // --------- Set up stream to read the asn.1 encoded SubjectPublicKeyInfo blob ------using (MemoryStream mem new MemoryStream(x509Key)){ using (BinaryReader binr new BinaryReader(mem)) //wrap Memory Stream with BinaryReader for easy reading{ byte bt 0; ushort twobytes 0;twobytes binr.ReadUInt16(); if (twobytes 0x8130) //data read as little endian order (actual data order for Sequence is 30 81)binr.ReadByte(); //advance 1 byteelse if (twobytes 0x8230)binr.ReadInt16(); //advance 2 byteselsereturn null;seq binr.ReadBytes(15); //read the Sequence OIDif (!CompareBytearrays(seq, seqOid)) //make sure Sequence for OID is correctreturn null;twobytes binr.ReadUInt16(); if (twobytes 0x8103) //data read as little endian order (actual data order for Bit String is 03 81)binr.ReadByte(); //advance 1 byteelse if (twobytes 0x8203)binr.ReadInt16(); //advance 2 byteselsereturn null;bt binr.ReadByte(); if (bt ! 0x00) //expect null byte nextreturn null;twobytes binr.ReadUInt16(); if (twobytes 0x8130) //data read as little endian order (actual data order for Sequence is 30 81)binr.ReadByte(); //advance 1 byteelse if (twobytes 0x8230) binr.ReadInt16(); //advance 2 bytes else return null; twobytes binr.ReadUInt16(); byte lowbyte 0x00; byte highbyte 0x00; if (twobytes 0x8102) //data read as little endian order (actual data order for Integer is 02 81) lowbyte binr.ReadByte(); // read next bytes which is bytes in modulus else if (twobytes 0x8202) { highbyte binr.ReadByte(); //advance 2 bytes lowbyte binr.ReadByte(); } else return null; byte[] modint { lowbyte, highbyte, 0x00, 0x00 }; //reverse byte order since asn.1 key uses big endian order int modsize BitConverter.ToInt32(modint, 0); int firstbyte binr.PeekChar(); if (firstbyte 0x00) { //if first byte (highest order) of modulus is zero, dont include it binr.ReadByte(); //skip this null byte modsize - 1; //reduce modulus buffer size by 1 } byte[] modulus binr.ReadBytes(modsize); //read the modulus bytes if (binr.ReadByte() ! 0x02) //expect an Integer for the exponent data return null; int expbytes (int)binr.ReadByte(); // should only need one byte for actual exponent data (for all useful values) byte[] exponent binr.ReadBytes(expbytes); // ------- create RSACryptoServiceProvider instance and initialize with public key ----- var rsa RSA.Create(); RSAParameters rsaKeyInfo new RSAParameters { Modulus modulus, Exponent exponent }; rsa.ImportParameters(rsaKeyInfo); return rsa; } } } #endregion #region 导入密钥算法 private int GetIntegerSize(BinaryReader binr) { byte bt 0; int count 0; bt binr.ReadByte(); if (bt ! 0x02) return 0; bt binr.ReadByte(); if (bt 0x81) count binr.ReadByte(); else if (bt 0x82) { var highbyte binr.ReadByte(); var lowbyte binr.ReadByte(); byte[] modint { lowbyte, highbyte, 0x00, 0x00 }; count BitConverter.ToInt32(modint, 0); } else { count bt; } while (binr.ReadByte() 0x00) { count - 1; } binr.BaseStream.Seek(-1, SeekOrigin.Current); return count; } private bool CompareBytearrays(byte[] a, byte[] b) { if (a.Length ! b.Length) return false; int i 0; foreach (byte c in a) { if (c ! b[i]) return false; i; } return true; } #endregion}/// summary/// RSA算法类型/// /summarypublic enum RSAType { /// summary /// SHA1 /// /summary RSA 0, /// summary /// RSA2 密钥长度至少为2048 /// SHA256 /// /summary RSA2 } 使用 static void Main(string[] args){ //2048 公钥string publicKey MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoQh0wEqx/R2H1v00IU12Oc30fosRC/frhH89L6GfzeaqI19MYQhEPMU13wpeqRONCUta2iC1sgCNQ9qGGf19yGdZUfueaB1Nu9rdueQKXgVurGHJ5N71UFmOP1XcnFUCK4wT5d7ZIifXxuqLehP9Ts6sNjhVfayUVjF5HoIe69OJEPo7OxRZcRTe17khc93IcPfyqswQJJlY/bgpcLJQnMQuHmxNtF7/FpAx9YEQsShsGpVo7JaKgLos6AFoJ4QldQKir2vbN9vcKRbG3piElPilWDpjXQkOJZhUloh/jd7QrKFimZFldJ1r6Q59QYUyGKZARUe0KZpMQIDAQAB; //2048 私钥string privateKey MIIEpAIBAAKCAQEAoQh0wEqx/R2H1v00IU12Oc30fosRC/frhH89L6GfzeaqI19MYQhEPMU13wpeqRONCUta2iC1sgCNQ9qGGf19yGdZUfueaB1Nu9rdueQKXgVurGHJ5N71UFmOP1XcnFUCK4wT5d7ZIifXxuqLehP9Ts6sNjhVfayUVjF5HoIe69OJEPo7OxRZcRTe17khc93IcPfyqswQJJlY/bgpcLJQnMQuHmxNtF7/FpAx9YEQsShsGpVo7JaKgLos6AFoJ4QldQKir2vbN9vcKRbG3piElPilWDpjXQkOJZhUloh/jd7QrKFimZFldJ1r6Q59QYUyGKZARUe0KZpMQIDAQABAoIBAQCRZLUlOUvjIVqYvhznRK1OG6p45s8JY1rUnPIId2Bt46oSLeUkZvZVeCnfq9k0Bzb8AVGwVPhtPEDh73z3dEYcT/lwjLXAkyPB6gG5ZfI/vvC/k7JYV01neFmktw2/FIJWjEMMF2dvLNZ/Pm4bX1Dz9SfD/45Hwr8wqrvRzvFZsj5qqOxv9RPAudOYwCwZskKp/GFL3Ycod1Wu98imzMZUHL5dQuDGg3kvf3ljIAegTPoqYBg0imNPYY/EGoFKnbxlK5S5/5uAFb16dGJqAz3XQCz9Is/IWrOTu0etteqV2Ncs8uqPdjedb0j8CMsr4U1xjwPQ8WwdaJtTkRAoGBANAndgiGZkCVcc9975/AYdgFp35W6DhGQAZlL6DmnucUFdXbWa/x2rTSEXlkvgk9X/PxOptUYsLJkzysTgfDywZwuIXLm9B3oNmv3bVgPXsgDsvDfaHYCgz0nHK6NSrX2AeX3yO/dFuoZsukJUyRigMqYj0wjmxUlqj183hinAoGBAMYMOBgF77OXRII7GAuEut/nBeh2sBrgyzR7FmJMs5kvRh6Ck8wp3ysgMvX4lxh1ep8iCw1R2cguqNATr1klOdsCTOE9RrhuvOp3JrYzuIAK6MpH/uBICy4w1rW2gQySsHcH40rtNaTFQ7dQ1tef//iy/IW8v8i0tcsztE1JnAoGABdtWYt8FOYP688jUmdjWWSvVcq0NjYeMfaGTOX/DsNTL2HyXhW/Uq4nNnBDNmAz2CjMbZwt0y5ICkj2REVQVUinAEinTcAe5LKXNPx4sbX3hcrJUbk0mrSu4G0B/f5cyXBsi9wFCAzDdHgBduCepxSr04Sc9Hde1uQQi7kCgYB0U20HP0VhTG2RLuE2HtjVDD2L/CUeQEiXEHzjxXWnhvTgMIAnggvpLwQwmMxkQ2ACr5sd/3YuCpB0bxV5o594nsqq9FWVYBaecFEjAGlWHSnqMoXWijwu/6X/VOTbP3VjH6G6ECT4GR4DKKpokIQrMgZ9DzaezvdOA9WesFdQKBgQCWfeOQTitRJ0NZACFUn3Fs3Rvgc9eN9YSWj4RtqkmGPMPvguWoSKhlk3IbYjrRBc5WVOdoX8JXb2/nAGhPCuUZckWVmZe5pMSr4EkNQdYeY8kOXGSjoTOUH34ZdKeSe399BkBWIiXUejX/Srln0H4KoHnTWgxwNpTsBCgXu8Q; var rsa new RSAHelper(RSAType.RSA2,Encoding.UTF8, privateKey, publicKey); string str 博客园 http://www.cnblogs.com/;Console.WriteLine(原始字符串str); //加密string enStr rsa.Encrypt(str);Console.WriteLine(加密字符串enStr); //解密string deStr rsa.Decrypt(enStr);Console.WriteLine(解密字符串deStr); //私钥签名string signStr rsa.Sign(str);Console.WriteLine(字符串签名 signStr); //公钥验证签名bool signVerify rsa.Verify(str,signStr);Console.WriteLine(验证签名 signVerify);Console.ReadKey();
} 运行 参考 http://www.cnblogs.com/dudu/p/dotnet-core-rsa-openssl.html 本文Demohttps://github.com/stulzq/DotnetCore.RSA .NET Core 交流群4656606 原文地址http://www.cnblogs.com/stulzq/p/7757915.html .NET社区新闻深度好文微信中搜索dotNET跨平台或扫描二维码关注
