zoukankan      html  css  js  c++  java
  • .net core 中使用 openssl 公钥私钥进行加解密

    这篇博文分享的是 C#中使用OpenSSL的公钥加密/私钥解密 一文中的解决方法在 .net core 中的改进。之前的博文针对的是 .NET Framework ,加解密用的是 RSACryptoServiceProvider 。虽然在 corefx(.NET Core Framework) 中也有 RSACryptoServiceProvider ,但它目前只支持 Windows ,不能跨平台。

    之前的 new RSACryptoServiceProvider(); 代码在 mac 上运行,会报下面的错误:

    System.PlatformNotSupportedException: Operation is not supported on this platform.
    at System.Security.Cryptography.RSACryptoServiceProvider..ctor()

    要解决这个问题,需要改用  System.Security.Cryptography.RSA.Create() 工厂方法,使用它之后,在 Windows 上创建的是 System.Security.Cryptography.RSACng 的实例,在 Mac 与 Linux 上创建的是 System.Security.Cryptography.RSAOpenSsl 的实例,它们都继承自 System.Security.Cryptography.RSA 抽象类。

    使用了 RSA.Create() 之后,带来了一个问题,RSA 中没有 RSACryptoServiceProvider 中的以下2个签名的加解密方法。

    public byte[] Encrypt(byte[] rgb, bool fOAEP);
    public byte[] Decrypt(byte[] rgb, bool fOAEP);

    只有

    public abstract byte[] Encrypt(byte[] data, RSAEncryptionPadding padding);
    public abstract byte[] Decrypt(byte[] data, RSAEncryptionPadding padding);

    调用时它们时需要传递 RSAEncryptionPadding 类型的参数值:

    但对于 openssl 生成的公钥私钥不知道选择哪种 RSAEncryptionPadding ,只能采取笨方法 —— 一个一个试试,试出来的结果是 RSAEncryptionPadding.Pkcs1 

    openssl 的公钥与私钥是在 Mac 上通过下面的2个命令生成的:

    openssl genrsa -out rsa_1024_priv.pem 102
    openssl rsa -pubout -in rsa_1024_priv.pem -out rsa_1024_pub.pem

    (注:一定要用 openssl 命令,用 ssh-keygen -t rsa 命令生成的公钥私钥是不行的)

    修改这两个地方(RSA.Create 与 RSAEncryptionPadding.Pkcs1)之后,就可以在 .net core 上使用 openssl 的公钥私钥进行加解密了,以下是测试时所用的完整代码(.net core控制台程序)。经测试,在 Windows,macOS,Linux Ubuntu 上都能成功进行加解密。

    Program.cs

    using System;
    using System.IO;
    using System.Security.Cryptography;
    using System.Text;
    
    namespace TryRsa
    {
        public class Program
        {
            //openssl genrsa -out rsa_1024_priv.pem 1024
            private static readonly string _privateKey = @"MIICXgIBAAKBgQC0xP5HcfThSQr43bAMoopbzcCyZWE0xfUeTA4Nx4PrXEfDvybJ
    EIjbU/rgANAty1yp7g20J7+wVMPCusxftl/d0rPQiCLjeZ3HtlRKld+9htAZtHFZ
    osV29h/hNE9JkxzGXstaSeXIUIWquMZQ8XyscIHhqoOmjXaCv58CSRAlAQIDAQAB
    AoGBAJtDgCwZYv2FYVk0ABw6F6CWbuZLUVykks69AG0xasti7Xjh3AximUnZLefs
    iuJqg2KpRzfv1CM+Cw5cp2GmIVvRqq0GlRZGxJ38AqH9oyUa2m3TojxWapY47zye
    PYEjWwRTGlxUBkdujdcYj6/dojNkm4azsDXl9W5YaXiPfbgJAkEA4rlhSPXlohDk
    FoyfX0v2OIdaTOcVpinv1jjbSzZ8KZACggjiNUVrSFV3Y4oWom93K5JLXf2mV0Sy
    80mPR5jOdwJBAMwciAk8xyQKpMUGNhFX2jKboAYY1SJCfuUnyXHAPWeHp5xCL2UH
    tjryJp/Vx8TgsFTGyWSyIE9R8hSup+32rkcCQBe+EAkC7yQ0np4Z5cql+sfarMMm
    4+Z9t8b4N0a+EuyLTyfs5Dtt5JkzkggTeuFRyOoALPJP0K6M3CyMBHwb7WsCQQCi
    TM2fCsUO06fRQu8bO1A1janhLz3K0DU24jw8RzCMckHE7pvhKhCtLn+n+MWwtzl/
    L9JUT4+BgxeLepXtkolhAkEA2V7er7fnEuL0+kKIjmOm5F3kvMIDh9YC1JwLGSvu
    1fnzxK34QwSdxgQRF1dfIKJw73lClQpHZfQxL/2XRG8IoA==".Replace("
    ", "");
    
            //openssl rsa -pubout -in rsa_1024_priv.pem -out rsa_1024_pub.pem
            private static readonly string _publicKey = @"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC0xP5HcfThSQr43bAMoopbzcCy
    ZWE0xfUeTA4Nx4PrXEfDvybJEIjbU/rgANAty1yp7g20J7+wVMPCusxftl/d0rPQ
    iCLjeZ3HtlRKld+9htAZtHFZosV29h/hNE9JkxzGXstaSeXIUIWquMZQ8XyscIHh
    qoOmjXaCv58CSRAlAQIDAQAB".Replace("
    ", "");
    
            public static void Main(string[] args)
            {
                var plainText = "cnblogs.com";
    
                //Encrypt
                RSA rsa = CreateRsaFromPublicKey(_publicKey);                       
                var plainTextBytes = Encoding.UTF8.GetBytes(plainText);
                var cipherBytes = rsa.Encrypt(plainTextBytes, RSAEncryptionPadding.Pkcs1);
                var cipher = Convert.ToBase64String(cipherBytes);
                Console.WriteLine($"{nameof(cipher)}:{cipher}");
    
                //Decrypt
                rsa = CreateRsaFromPrivateKey(_privateKey);            
                cipherBytes = System.Convert.FromBase64String(cipher);
                plainTextBytes = rsa.Decrypt(cipherBytes, RSAEncryptionPadding.Pkcs1);
                plainText = Encoding.UTF8.GetString(plainTextBytes);
                Console.WriteLine($"{nameof(plainText)}:{plainText}");
            }        private static RSA CreateRsaFromPrivateKey(string privateKey)
            {
                var privateKeyBits = System.Convert.FromBase64String(privateKey);
                var rsa = RSA.Create();
                var RSAparams = new RSAParameters();
    
                using (var binr = new BinaryReader(new MemoryStream(privateKeyBits)))
                {
                    byte bt = 0;
                    ushort twobytes = 0;
                    twobytes = binr.ReadUInt16();
                    if (twobytes == 0x8130)
                        binr.ReadByte();
                    else if (twobytes == 0x8230)
                        binr.ReadInt16();
                    else
                        throw new Exception("Unexpected value read binr.ReadUInt16()");
    
                    twobytes = binr.ReadUInt16();
                    if (twobytes != 0x0102)
                        throw new Exception("Unexpected version");
    
                    bt = binr.ReadByte();
                    if (bt != 0x00)
                        throw new Exception("Unexpected value read binr.ReadByte()");
    
                    RSAparams.Modulus = binr.ReadBytes(GetIntegerSize(binr));
                    RSAparams.Exponent = binr.ReadBytes(GetIntegerSize(binr));
                    RSAparams.D = binr.ReadBytes(GetIntegerSize(binr));
                    RSAparams.P = binr.ReadBytes(GetIntegerSize(binr));
                    RSAparams.Q = binr.ReadBytes(GetIntegerSize(binr));
                    RSAparams.DP = binr.ReadBytes(GetIntegerSize(binr));
                    RSAparams.DQ = binr.ReadBytes(GetIntegerSize(binr));
                    RSAparams.InverseQ = binr.ReadBytes(GetIntegerSize(binr));
                }
    
                rsa.ImportParameters(RSAparams);
                return rsa;
            }
    
            private static int GetIntegerSize(BinaryReader binr)
            {
                byte bt = 0;
                byte lowbyte = 0x00;
                byte highbyte = 0x00;
                int count = 0;
                bt = binr.ReadByte();
                if (bt != 0x02)
                    return 0;
                bt = binr.ReadByte();
    
                if (bt == 0x81)
                    count = binr.ReadByte();
                else
                    if (bt == 0x82)
                {
                    highbyte = binr.ReadByte();
                    lowbyte = binr.ReadByte();
                    byte[] modint = { lowbyte, highbyte, 0x00, 0x00 };
                    count = BitConverter.ToInt32(modint, 0);
                }
                else
                {
                    count = bt;
                }
    
                while (binr.ReadByte() == 0x00)
                {
                    count -= 1;
                }
                binr.BaseStream.Seek(-1, SeekOrigin.Current);
                return count;
            }
    
            private static RSA CreateRsaFromPublicKey(string publicKeyString)
            {
                byte[] SeqOID = { 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00 };
                byte[] x509key;
                byte[] seq = new byte[15];
                int x509size;
    
                x509key = Convert.FromBase64String(publicKeyString);
                x509size = x509key.Length;
    
                using (var mem = new MemoryStream(x509key))
                {
                    using (var binr = new BinaryReader(mem))
                    {
                        byte bt = 0;
                        ushort twobytes = 0;
    
                        twobytes = binr.ReadUInt16();
                        if (twobytes == 0x8130)
                            binr.ReadByte();
                        else if (twobytes == 0x8230)
                            binr.ReadInt16();
                        else
                            return null;
    
                        seq = binr.ReadBytes(15);
                        if (!CompareBytearrays(seq, SeqOID))
                            return null;
    
                        twobytes = binr.ReadUInt16();
                        if (twobytes == 0x8103)
                            binr.ReadByte();
                        else if (twobytes == 0x8203)
                            binr.ReadInt16();
                        else
                            return null;
    
                        bt = binr.ReadByte();
                        if (bt != 0x00)
                            return null;
    
                        twobytes = binr.ReadUInt16();
                        if (twobytes == 0x8130)
                            binr.ReadByte();
                        else if (twobytes == 0x8230)
                            binr.ReadInt16();
                        else
                            return null;
    
                        twobytes = binr.ReadUInt16();
                        byte lowbyte = 0x00;
                        byte highbyte = 0x00;
    
                        if (twobytes == 0x8102)
                            lowbyte = binr.ReadByte();
                        else if (twobytes == 0x8202)
                        {
                            highbyte = binr.ReadByte();
                            lowbyte = binr.ReadByte();
                        }
                        else
                            return null;
                        byte[] modint = { lowbyte, highbyte, 0x00, 0x00 };
                        int modsize = BitConverter.ToInt32(modint, 0);
    
                        int firstbyte = binr.PeekChar();
                        if (firstbyte == 0x00)
                        {
                            binr.ReadByte();
                            modsize -= 1;
                        }
    
                        byte[] modulus = binr.ReadBytes(modsize);
    
                        if (binr.ReadByte() != 0x02)
                            return null;
                        int expbytes = (int)binr.ReadByte();
                        byte[] exponent = binr.ReadBytes(expbytes);
    
                        var rsa = RSA.Create();
                        var rsaKeyInfo = new RSAParameters
                        {
                            Modulus = modulus,
                            Exponent = exponent
                        };
                        rsa.ImportParameters(rsaKeyInfo);
                        return rsa;
                    }
    
                }
            }
    
            private static bool CompareBytearrays(byte[] a, byte[] b)
            {
                if (a.Length != b.Length)
                    return false;
                int i = 0;
                foreach (byte c in a)
                {
                    if (c != b[i])
                        return false;
                    i++;
                }
                return true;
            }
        }
    }

    project.json

    {
      "version": "1.0.0-*",
      "buildOptions": {
        "emitEntryPoint": true
      },
    
      "dependencies": {
        "Microsoft.NETCore.App": {
            "type": "platform",
            "version": "1.1.0-preview1-001100-00"
        },
        "System.Security.Cryptography.Algorithms": "4.3.0-preview1-24530-04"
      },
    
      "frameworks": {
        "netcoreapp1.1": {
          "imports": "dnxcore50"
        }
      }
    }

    相关链接

    【更新】

    如果遇到解密时遇到"Bad Data"的问题:

    System.Security.Cryptography.CryptographicException: Bad Data.

    可以使用下面的方法(同事实现的代码):

    public string Decrypt(string cipher)
    {
        return Encoding.UTF8.GetString(_rsa.Decrypt(Convert.FromBase64String(cipher), RSAEncryptionPadding.Pkcs1));
        var cipherLength = _rsa.KeySize / 8;
        var cipherBytes = Convert.FromBase64String(cipher);
        if (cipherBytes.Length < cipherLength)
        {
            var delta = cipherLength - cipherBytes.Length;
            var newBytes = new byte[cipherLength];
            Array.Copy(cipherBytes, 0, newBytes, delta, cipherBytes.Length);
            cipherBytes = newBytes;
        }
    
        return Encoding.UTF8.GetString(_rsa.Decrypt(cipherBytes, RSAEncryptionPadding.Pkcs1));
    }
  • 相关阅读:
    Thinkphp5 对接百度云对象存储 BOS (上传、删除)
    php 删除富文本编辑器保存内容中的其他代码(保留中文)
    ffmreg thinkphp 控制器 获取音频视频详细信息(获取时长)
    selenium+testng+java+poi进行excel的数据参数化
    linux中磁盘配额管理
    linux中挂载和卸载文件系统
    linux中vi编辑器的练习
    Linux基础命令
    Nginx流量复制
    Python脚本
  • 原文地址:https://www.cnblogs.com/dudu/p/dotnet-core-rsa-openssl.html
Copyright © 2011-2022 走看看