開源API鏈接地址:The Legion of the Bouncy Castle
Bouncy Castle,簡稱為BC,原本是java的一個開源JCE提供者,后來也提供了C#版本的API,我下載其編譯好的DLL,在C#項目中直接引用,用其幾個API,產生我指定位數的公鑰和私鑰(目前是1024位,但產生CA的密鑰時,要2048位才能滿足安全需求)。雖然開源很好很強大,但這個API就是文檔很缺陷,C#的文檔更是少得可憐,沒辦法,下載源代碼慢慢看吧。。。
在接下來的幾篇關於CA文章中,大體按下面鏈接網址的思路去整理,不過整理出來的是C#版本的實現,基本目標架設一個CA,產生用戶使用的數字證書。網頁鏈接:bouncycastle 產生證書
產生密鑰,主要是用RsaKeyPairGenerator,根據參數RsaKeyGenerationParameters,產生一個密鑰對,再分離出公鑰和私鑰,再用公鑰和私鑰進行加解密。
RsaKeyPairGenerator的類,類中的其他類自行加載“BouncyCastle.Crypto.dll”到VS中自行查看
- namespace Org.BouncyCastle.Crypto.Generators
- {
- public class RsaKeyPairGenerator : IAsymmetricCipherKeyPairGenerator
- {
- public RsaKeyPairGenerator();
- public AsymmetricCipherKeyPair GenerateKeyPair();
- public void Init(KeyGenerationParameters parameters);
- }
- }
接口IAsymmetricBlockCipher,RSA加解密算法實現的類,就是繼承了該接口
- namespace Org.BouncyCastle.Crypto
- {
- public interface IAsymmetricBlockCipher
- {
- string AlgorithmName { get; }
- int GetInputBlockSize();
- int GetOutputBlockSize();
- void Init(bool forEncryption, ICipherParameters parameters);
- byte[] ProcessBlock(byte[] inBuf, int inOff, int inLen);
- }
- }
測試代碼:
- using System;
- using System.Collections.Generic;
- using System.Text;
- using Org.BouncyCastle.Crypto.Generators;
- using Org.BouncyCastle.Crypto.Parameters;
- using Org.BouncyCastle.Crypto;
- using Org.BouncyCastle.Security;
- using Org.BouncyCastle.Crypto.Engines; //IAsymmetricBlockCipher engine = new RsaEngine();
- namespace ConsoleApplication1
- {
- class Program
- {
- static void Main(string[] args)
- {
- //RSA密鑰對的構造器
- RsaKeyPairGenerator keyGenerator = new RsaKeyPairGenerator();
- //RSA密鑰構造器的參數
- RsaKeyGenerationParameters param = new RsaKeyGenerationParameters(
- Org.BouncyCastle.Math.BigInteger.ValueOf(3),
- new Org.BouncyCastle.Security.SecureRandom(),
- 1024, //密鑰長度
- 25);
- //用參數初始化密鑰構造器
- keyGenerator.Init(param);
- //產生密鑰對
- AsymmetricCipherKeyPair keyPair = keyGenerator.GenerateKeyPair();
- //獲取公鑰和密鑰
- AsymmetricKeyParameter publicKey = keyPair.Public;
- AsymmetricKeyParameter privateKey = keyPair.Private;
- if( ((RsaKeyParameters)publicKey).Modulus.BitLength<1024 )
- {
- Console.WriteLine("failed key generation (1024) length test");
- }
- //一個測試……………………
- //輸入,十六進制的字符串,解碼為byte[]
- //string input = "4e6f77206973207468652074696d6520666f7220616c6c20676f6f64206d656e";
- //byte[] testData = Org.BouncyCastle.Utilities.Encoders.Hex.Decode(input);
- string input = "popozh RSA test";
- byte[] testData = Encoding.UTF8.GetBytes(input);
- Console.WriteLine("明文:" + input + Environment.NewLine);
- //非對稱加密算法,加解密用
- IAsymmetricBlockCipher engine = new RsaEngine();
- //公鑰加密
- engine.Init(true, publicKey);
- try
- {
- testData = engine.ProcessBlock(testData, 0, testData.Length);
- Console.WriteLine("密文(base64編碼):" + Convert.ToBase64String(testData) + Environment.NewLine);
- }
- catch (Exception ex)
- {
- Console.WriteLine("failed - exception " + Environment.NewLine + ex.ToString());
- }
- //私鑰解密
- engine.Init(false, privateKey);
- try
- {
- testData = engine.ProcessBlock(testData, 0, testData.Length);
- }
- catch (Exception e)
- {
- Console.WriteLine("failed - exception " + e.ToString());
- }
- if (input.Equals(Encoding.UTF8.GetString(testData)))
- {
- Console.WriteLine("解密成功");
- }
- Console.Read();
- }
- }
- }
BC的API源代碼中,以上的代碼測試思路來自:csharp/crypto/test/src/crypto/test/RsaTest.cs,可以定位到該CS文件參考官方提供的測試和代碼