RSA加密解密及RSA簽名和驗證及證書
- 公鑰是給別人的
- 發送密文使用公鑰加密
- 驗證簽名使用公鑰驗證
- 私鑰是自己保留的
- 接受密文使用私鑰解密
- 發送簽名使用私鑰簽名
- 上述過程逆轉是不行的,比如使用私鑰加密,使用公鑰解密是不行的
- 證書的制作參考自使用X.509數字證書加密解密實務(一)-- 證書的獲得和管理
- 打開VS開發命令,輸入下面的命令:
-
makecert -sr CurrentUser -ss My -n CN=MyTestCert -sky exchange -pe
- 從證書中讀取私鑰和公鑰:
/// <summary> /// 根據私鑰證書得到證書實體,得到實體后可以根據其公鑰和私鑰進行加解密 /// 加解密函數使用DEncrypt的RSACryption類 /// </summary> /// <param name="pfxFileName"></param> /// <param name="password"></param> /// <returns></returns> public static X509Certificate2 GetCertificateFromPfxFile(string pfxFileName, string password) { try { return new X509Certificate2(pfxFileName, password, X509KeyStorageFlags.Exportable); } catch (Exception e) { return null; } }
var cer= RSACryption.GetCertificateFromPfxFile(@"D:\my.pfx", "123456"); tbPrivateKey.Text = cer.PrivateKey.ToXmlString(true); tbPublicKey.Text = cer.PublicKey.Key.ToXmlString(false);
完整測試代碼:
WPF前端:
<Window x:Class="Security.MainWindow" xmlns="http://schemas.microsoft.com/winfx/2006/xaml/presentation" xmlns:x="http://schemas.microsoft.com/winfx/2006/xaml" xmlns:d="http://schemas.microsoft.com/expression/blend/2008" xmlns:mc="http://schemas.openxmlformats.org/markup-compatibility/2006" xmlns:local="clr-namespace:Security" mc:Ignorable="d" Title="MainWindow" Height="700" Width="1200"> <Grid> <Grid.RowDefinitions> <RowDefinition Height="auto"></RowDefinition> <RowDefinition Height="auto"></RowDefinition> <RowDefinition Height="auto"></RowDefinition> <RowDefinition Height="auto"></RowDefinition> <RowDefinition Height="auto"></RowDefinition> <RowDefinition Height="auto"></RowDefinition> <RowDefinition Height="auto"></RowDefinition> <RowDefinition Height="auto"></RowDefinition> <RowDefinition Height="auto"></RowDefinition> </Grid.RowDefinitions> <StackPanel Margin="3" Orientation="Horizontal" HorizontalAlignment="Left"> <Button Margin="3" Name="GenerateKeys" Click="GenerateKeys_Click">生成Key</Button> <Button Margin="3" Name="Encrypt" Click="Encrypt_Click">公鑰加密</Button> <Button Margin="3" Name="Decrypt" Click="Decrypt_Click">私鑰解密</Button> <Button Margin="3" Name="GetHash" Click="GetHash_Click">獲取Hash</Button> <Button Margin="3" Name="Sign" Click="Sign_Click">私鑰簽名</Button> <Button Margin="3" Name="ValidateSign" Click="ValidateSign_Click">簽名驗證</Button> <Button Margin="3" Name="InputPfx" Click="InputPfx_Click">導入證書</Button> <Button Margin="3" Name="EcryptByPrivateKey" Click="EcryptByPrivateKey_Click">私鑰加密</Button> <Button Margin="3" Name="DcryptByPrivateKey" Click="DcryptByPrivateKey_Click">公鑰解密</Button> </StackPanel> <StackPanel Grid.Row="1" Margin="3"> <TextBlock Margin="3">公鑰:</TextBlock> <TextBox Name="tbPublicKey" TextWrapping="Wrap" MinLines="2" Margin="3"></TextBox> </StackPanel> <StackPanel Grid.Row="2" Margin="3"> <TextBlock Margin="3">私鑰:</TextBlock> <TextBox Name="tbPrivateKey" TextWrapping="Wrap" MinLines="5" Margin="3"></TextBox> </StackPanel> <StackPanel Grid.Row="3" Margin="3"> <TextBlock Margin="3">待加密內容:</TextBlock> <TextBox Name="tbContent" TextWrapping="Wrap" MinLines="3" Margin="3">i am cypher</TextBox> </StackPanel> <StackPanel Grid.Row="4" Margin="3"> <TextBlock Margin="3">公鑰加密后內容:</TextBlock> <TextBox Name="tbEncryptContent" TextWrapping="Wrap" MinLines="2" Margin="3"></TextBox> </StackPanel> <StackPanel Grid.Row="5" Margin="3"> <TextBlock Margin="3">私鑰解密后內容:</TextBlock> <TextBox Name="tbDecryptContent" TextWrapping="Wrap" Margin="3"></TextBox> </StackPanel> <StackPanel Grid.Row="6" Margin="3"> <TextBlock Margin="3">Hash:</TextBlock> <TextBox Name="tbHash" Margin="3"></TextBox> </StackPanel> <StackPanel Grid.Row="7" Margin="3"> <TextBlock Margin="3">私鑰簽名后內容:</TextBlock> <TextBox Name="tbSign" TextWrapping="Wrap" MinLines="2" Margin="3"></TextBox> </StackPanel> <StackPanel Grid.Row="8" Margin="3"> <TextBlock Margin="3">公鑰簽名驗證:</TextBlock> <TextBox Name="tbValidateSign" TextWrapping="Wrap" Margin="3"></TextBox> </StackPanel> </Grid> </Window>
后端:
public partial class MainWindow : Window { public MainWindow() { InitializeComponent(); } private void GenerateKeys_Click(object sender, RoutedEventArgs e) { string privateKey = ""; string publicKey = ""; RSACryption.GenerateKey(out privateKey, out publicKey); tbPrivateKey.Text = privateKey; tbPublicKey.Text = publicKey; } private void Encrypt_Click(object sender, RoutedEventArgs e) { tbEncryptContent.Text = RSACryption.RSAEncrypt(tbPublicKey.Text, tbContent.Text); } private void Decrypt_Click(object sender, RoutedEventArgs e) { tbDecryptContent.Text = RSACryption.RSADecrypt(tbPrivateKey.Text, tbEncryptContent.Text); } private void Sign_Click(object sender, RoutedEventArgs e) { tbSign.Text = RSACryption.GetSignature(tbPrivateKey.Text, tbHash.Text); } private void GetHash_Click(object sender, RoutedEventArgs e) { tbHash.Text = RSACryption.GetHash(tbContent.Text); } private void ValidateSign_Click(object sender, RoutedEventArgs e) { tbValidateSign.Text = RSACryption.ValidateSignature(tbPublicKey.Text, tbHash.Text, tbSign.Text).ToString(); } private void InputPfx_Click(object sender, RoutedEventArgs e) { var cer= RSACryption.GetCertificateFromPfxFile(@"D:\my.pfx", "123456"); tbPrivateKey.Text = cer.PrivateKey.ToXmlString(true); tbPublicKey.Text = cer.PublicKey.Key.ToXmlString(false); } private void EcryptByPrivateKey_Click(object sender, RoutedEventArgs e) { tbEncryptContent.Text = RSACryption.RSAEncrypt(tbPrivateKey.Text, tbContent.Text); } private void DcryptByPrivateKey_Click(object sender, RoutedEventArgs e) { tbDecryptContent.Text = RSACryption.RSADecrypt(tbPublicKey.Text, tbEncryptContent.Text); } }
附上轉自飛雲若雪的代碼:
class RSACryption { #region RSA 加密解密 #region RSA 的密鑰產生 /// <summary> /// RSA產生密鑰 /// </summary> /// <param name="xmlKeys">私鑰</param> /// <param name="xmlPublicKey">公鑰</param> public void RSAKey(out string xmlKeys, out string xmlPublicKey) { try { System.Security.Cryptography.RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(); xmlKeys = rsa.ToXmlString(true); xmlPublicKey = rsa.ToXmlString(false); } catch (Exception ex) { throw ex; } } #endregion #region RSA加密函數 //############################################################################## //RSA 方式加密 //KEY必須是XML的形式,返回的是字符串 //該加密方式有長度限制的! //############################################################################## /// <summary> /// RSA的加密函數 /// </summary> /// <param name="xmlPublicKey">公鑰</param> /// <param name="encryptString">待加密的字符串</param> /// <returns></returns> public string RSAEncrypt(string xmlPublicKey, string encryptString) { try { byte[] PlainTextBArray; byte[] CypherTextBArray; string Result; System.Security.Cryptography.RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(); rsa.FromXmlString(xmlPublicKey); PlainTextBArray = (new UnicodeEncoding()).GetBytes(encryptString); CypherTextBArray = rsa.Encrypt(PlainTextBArray, false); Result = Convert.ToBase64String(CypherTextBArray); return Result; } catch (Exception ex) { throw ex; } } /// <summary> /// RSA的加密函數 /// </summary> /// <param name="xmlPublicKey">公鑰</param> /// <param name="EncryptString">待加密的字節數組</param> /// <returns></returns> public string RSAEncrypt(string xmlPublicKey, byte[] EncryptString) { try { byte[] CypherTextBArray; string Result; System.Security.Cryptography.RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(); rsa.FromXmlString(xmlPublicKey); CypherTextBArray = rsa.Encrypt(EncryptString, false); Result = Convert.ToBase64String(CypherTextBArray); return Result; } catch (Exception ex) { throw ex; } } #endregion #region RSA的解密函數 /// <summary> /// RSA的解密函數 /// </summary> /// <param name="xmlPrivateKey">私鑰</param> /// <param name="decryptString">待解密的字符串</param> /// <returns></returns> public string RSADecrypt(string xmlPrivateKey, string decryptString) { try { byte[] PlainTextBArray; byte[] DypherTextBArray; string Result; System.Security.Cryptography.RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(); rsa.FromXmlString(xmlPrivateKey); PlainTextBArray = Convert.FromBase64String(decryptString); DypherTextBArray = rsa.Decrypt(PlainTextBArray, false); Result = (new UnicodeEncoding()).GetString(DypherTextBArray); return Result; } catch (Exception ex) { throw ex; } } /// <summary> /// RSA的解密函數 /// </summary> /// <param name="xmlPrivateKey">私鑰</param> /// <param name="DecryptString">待解密的字節數組</param> /// <returns></returns> public string RSADecrypt(string xmlPrivateKey, byte[] DecryptString) { try { byte[] DypherTextBArray; string Result; System.Security.Cryptography.RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(); rsa.FromXmlString(xmlPrivateKey); DypherTextBArray = rsa.Decrypt(DecryptString, false); Result = (new UnicodeEncoding()).GetString(DypherTextBArray); return Result; } catch (Exception ex) { throw ex; } } #endregion #endregion #region RSA數字簽名 #region 獲取Hash描述表 /// <summary> /// 獲取Hash描述表 /// </summary> /// <param name="strSource">待簽名的字符串</param> /// <param name="HashData">Hash描述</param> /// <returns></returns> public bool GetHash(string strSource, ref byte[] HashData) { try { byte[] Buffer; System.Security.Cryptography.HashAlgorithm MD5 = System.Security.Cryptography.HashAlgorithm.Create("MD5"); Buffer = System.Text.Encoding.GetEncoding("GB2312").GetBytes(strSource); HashData = MD5.ComputeHash(Buffer); return true; } catch (Exception ex) { throw ex; } } /// <summary> /// 獲取Hash描述表 /// </summary> /// <param name="strSource">待簽名的字符串</param> /// <param name="strHashData">Hash描述</param> /// <returns></returns> public bool GetHash(string strSource, ref string strHashData) { try { //從字符串中取得Hash描述 byte[] Buffer; byte[] HashData; System.Security.Cryptography.HashAlgorithm MD5 = System.Security.Cryptography.HashAlgorithm.Create("MD5"); Buffer = System.Text.Encoding.GetEncoding("GB2312").GetBytes(strSource); HashData = MD5.ComputeHash(Buffer); strHashData = Convert.ToBase64String(HashData); return true; } catch (Exception ex) { throw ex; } } /// <summary> /// 獲取Hash描述表 /// </summary> /// <param name="objFile">待簽名的文件</param> /// <param name="HashData">Hash描述</param> /// <returns></returns> public bool GetHash(System.IO.FileStream objFile, ref byte[] HashData) { try { //從文件中取得Hash描述 System.Security.Cryptography.HashAlgorithm MD5 = System.Security.Cryptography.HashAlgorithm.Create("MD5"); HashData = MD5.ComputeHash(objFile); objFile.Close(); return true; } catch (Exception ex) { throw ex; } } /// <summary> /// 獲取Hash描述表 /// </summary> /// <param name="objFile">待簽名的文件</param> /// <param name="strHashData">Hash描述</param> /// <returns></returns> public bool GetHash(System.IO.FileStream objFile, ref string strHashData) { try { //從文件中取得Hash描述 byte[] HashData; System.Security.Cryptography.HashAlgorithm MD5 = System.Security.Cryptography.HashAlgorithm.Create("MD5"); HashData = MD5.ComputeHash(objFile); objFile.Close(); strHashData = Convert.ToBase64String(HashData); return true; } catch (Exception ex) { throw ex; } } #endregion #region RSA簽名 /// <summary> /// RSA簽名 /// </summary> /// <param name="strKeyPrivate">私鑰</param> /// <param name="HashbyteSignature">待簽名Hash描述</param> /// <param name="EncryptedSignatureData">簽名后的結果</param> /// <returns></returns> public bool SignatureFormatter(string strKeyPrivate, byte[] HashbyteSignature, ref byte[] EncryptedSignatureData) { try { System.Security.Cryptography.RSACryptoServiceProvider RSA = new System.Security.Cryptography.RSACryptoServiceProvider(); RSA.FromXmlString(strKeyPrivate); System.Security.Cryptography.RSAPKCS1SignatureFormatter RSAFormatter = new System.Security.Cryptography.RSAPKCS1SignatureFormatter(RSA); //設置簽名的算法為MD5 RSAFormatter.SetHashAlgorithm("MD5"); //執行簽名 EncryptedSignatureData = RSAFormatter.CreateSignature(HashbyteSignature); return true; } catch (Exception ex) { throw ex; } } /// <summary> /// RSA簽名 /// </summary> /// <param name="strKeyPrivate">私鑰</param> /// <param name="HashbyteSignature">待簽名Hash描述</param> /// <param name="m_strEncryptedSignatureData">簽名后的結果</param> /// <returns></returns> public bool SignatureFormatter(string strKeyPrivate, byte[] HashbyteSignature, ref string strEncryptedSignatureData) { try { byte[] EncryptedSignatureData; System.Security.Cryptography.RSACryptoServiceProvider RSA = new System.Security.Cryptography.RSACryptoServiceProvider(); RSA.FromXmlString(strKeyPrivate); System.Security.Cryptography.RSAPKCS1SignatureFormatter RSAFormatter = new System.Security.Cryptography.RSAPKCS1SignatureFormatter(RSA); //設置簽名的算法為MD5 RSAFormatter.SetHashAlgorithm("MD5"); //執行簽名 EncryptedSignatureData = RSAFormatter.CreateSignature(HashbyteSignature); strEncryptedSignatureData = Convert.ToBase64String(EncryptedSignatureData); return true; } catch (Exception ex) { throw ex; } } /// <summary> /// RSA簽名 /// </summary> /// <param name="strKeyPrivate">私鑰</param> /// <param name="strHashbyteSignature">待簽名Hash描述</param> /// <param name="EncryptedSignatureData">簽名后的結果</param> /// <returns></returns> public bool SignatureFormatter(string strKeyPrivate, string strHashbyteSignature, ref byte[] EncryptedSignatureData) { try { byte[] HashbyteSignature; HashbyteSignature = Convert.FromBase64String(strHashbyteSignature); System.Security.Cryptography.RSACryptoServiceProvider RSA = new System.Security.Cryptography.RSACryptoServiceProvider(); RSA.FromXmlString(strKeyPrivate); System.Security.Cryptography.RSAPKCS1SignatureFormatter RSAFormatter = new System.Security.Cryptography.RSAPKCS1SignatureFormatter(RSA); //設置簽名的算法為MD5 RSAFormatter.SetHashAlgorithm("MD5"); //執行簽名 EncryptedSignatureData = RSAFormatter.CreateSignature(HashbyteSignature); return true; } catch (Exception ex) { throw ex; } } /// <summary> /// RSA簽名 /// </summary> /// <param name="strKeyPrivate">私鑰</param> /// <param name="strHashbyteSignature">待簽名Hash描述</param> /// <param name="strEncryptedSignatureData">簽名后的結果</param> /// <returns></returns> public bool SignatureFormatter(string strKeyPrivate, string strHashbyteSignature, ref string strEncryptedSignatureData) { try { byte[] HashbyteSignature; byte[] EncryptedSignatureData; HashbyteSignature = Convert.FromBase64String(strHashbyteSignature); System.Security.Cryptography.RSACryptoServiceProvider RSA = new System.Security.Cryptography.RSACryptoServiceProvider(); RSA.FromXmlString(strKeyPrivate); System.Security.Cryptography.RSAPKCS1SignatureFormatter RSAFormatter = new System.Security.Cryptography.RSAPKCS1SignatureFormatter(RSA); //設置簽名的算法為MD5 RSAFormatter.SetHashAlgorithm("MD5"); //執行簽名 EncryptedSignatureData = RSAFormatter.CreateSignature(HashbyteSignature); strEncryptedSignatureData = Convert.ToBase64String(EncryptedSignatureData); return true; } catch (Exception ex) { throw ex; } } #endregion #region RSA 簽名驗證 /// <summary> /// RSA簽名驗證 /// </summary> /// <param name="strKeyPublic">公鑰</param> /// <param name="HashbyteDeformatter">Hash描述</param> /// <param name="DeformatterData">簽名后的結果</param> /// <returns></returns> public bool SignatureDeformatter(string strKeyPublic, byte[] HashbyteDeformatter, byte[] DeformatterData) { try { System.Security.Cryptography.RSACryptoServiceProvider RSA = new System.Security.Cryptography.RSACryptoServiceProvider(); RSA.FromXmlString(strKeyPublic); System.Security.Cryptography.RSAPKCS1SignatureDeformatter RSADeformatter = new System.Security.Cryptography.RSAPKCS1SignatureDeformatter(RSA); //指定解密的時候HASH算法為MD5 RSADeformatter.SetHashAlgorithm("MD5"); if (RSADeformatter.VerifySignature(HashbyteDeformatter, DeformatterData)) { return true; } else { return false; } } catch (Exception ex) { throw ex; } } /// <summary> /// RSA簽名驗證 /// </summary> /// <param name="strKeyPublic">公鑰</param> /// <param name="strHashbyteDeformatter">Hash描述</param> /// <param name="DeformatterData">簽名后的結果</param> /// <returns></returns> public bool SignatureDeformatter(string strKeyPublic, string strHashbyteDeformatter, byte[] DeformatterData) { try { byte[] HashbyteDeformatter; HashbyteDeformatter = Convert.FromBase64String(strHashbyteDeformatter); System.Security.Cryptography.RSACryptoServiceProvider RSA = new System.Security.Cryptography.RSACryptoServiceProvider(); RSA.FromXmlString(strKeyPublic); System.Security.Cryptography.RSAPKCS1SignatureDeformatter RSADeformatter = new System.Security.Cryptography.RSAPKCS1SignatureDeformatter(RSA); //指定解密的時候HASH算法為MD5 RSADeformatter.SetHashAlgorithm("MD5"); if (RSADeformatter.VerifySignature(HashbyteDeformatter, DeformatterData)) { return true; } else { return false; } } catch (Exception ex) { throw ex; } } /// <summary> /// RSA簽名驗證 /// </summary> /// <param name="strKeyPublic">公鑰</param> /// <param name="HashbyteDeformatter">Hash描述</param> /// <param name="strDeformatterData">簽名后的結果</param> /// <returns></returns> public bool SignatureDeformatter(string strKeyPublic, byte[] HashbyteDeformatter, string strDeformatterData) { try { byte[] DeformatterData; System.Security.Cryptography.RSACryptoServiceProvider RSA = new System.Security.Cryptography.RSACryptoServiceProvider(); RSA.FromXmlString(strKeyPublic); System.Security.Cryptography.RSAPKCS1SignatureDeformatter RSADeformatter = new System.Security.Cryptography.RSAPKCS1SignatureDeformatter(RSA); //指定解密的時候HASH算法為MD5 RSADeformatter.SetHashAlgorithm("MD5"); DeformatterData = Convert.FromBase64String(strDeformatterData); if (RSADeformatter.VerifySignature(HashbyteDeformatter, DeformatterData)) { return true; } else { return false; } } catch (Exception ex) { throw ex; } } /// <summary> /// RSA簽名驗證 /// </summary> /// <param name="strKeyPublic">公鑰</param> /// <param name="strHashbyteDeformatter">Hash描述</param> /// <param name="strDeformatterData">簽名后的結果</param> /// <returns></returns> public bool SignatureDeformatter(string strKeyPublic, string strHashbyteDeformatter, string strDeformatterData) { try { byte[] DeformatterData; byte[] HashbyteDeformatter; HashbyteDeformatter = Convert.FromBase64String(strHashbyteDeformatter); System.Security.Cryptography.RSACryptoServiceProvider RSA = new System.Security.Cryptography.RSACryptoServiceProvider(); RSA.FromXmlString(strKeyPublic); System.Security.Cryptography.RSAPKCS1SignatureDeformatter RSADeformatter = new System.Security.Cryptography.RSAPKCS1SignatureDeformatter(RSA); //指定解密的時候HASH算法為MD5 RSADeformatter.SetHashAlgorithm("MD5"); DeformatterData = Convert.FromBase64String(strDeformatterData); if (RSADeformatter.VerifySignature(HashbyteDeformatter, DeformatterData)) { return true; } else { return false; } } catch (Exception ex) { throw ex; } } #endregion #endregion }
