.NET Core RSA 指南與增強擴充套件 RSAExtensions
一. 前言
RSA 作為最常用的非對稱加密演算法,在我們的實際使用中還是比較常見的,特別是對接支付十有八九都會遇到,或者是其他需要資料安全的業務場景。在 .NET Framework 以及 .NET Core <3.0 時,.NET 自帶的 RSA 物件僅支援XML標準形式表示的Key,這和其他語言對接其他無疑出現了許多難度,比如 Java 常用的 key 格式是 PKCS#8,JavaScript 一般使用 PKCS#1,萬變不離其宗,這些 Key 雖然格式不一樣,只要我們將它們匯入到 .NET RSA 物件,就都能支援。以前我們主要依賴於一個第三方庫 BouncyCastle 來實現這些支援。
前面我基於 BouncyCastle 封裝了一個元件來支援 PKCS#1 和 PKCS#8,對於專案低於 .NET Core 3.0 的可以使用下面的解決方案:
.NET Core RSA金鑰的xml、pkcs1、pkcs8格式轉換和JavaScript、Java等語言進行對接
開源工具 DotnetRSA 快速生成和轉換RSA祕鑰
現在 .NET Core 3.0 官方增加了對 PKCS#1和 PKCS#8(密碼) Key 匯入和匯出支援,這真的是非常 Nice,詳情請看後文分解。
二. RSA Key 認知
這裡主要介紹三種常用格式的 Key ,XML、PKCS#1、PKCS#8
XML 私鑰:
<RSAKeyValue> <Modulus>09Hvw+dbHzi8x+9A1b2S0/128nA61ZyiaazJcDCUety4yHg0cdp5NOnyH35njYR4u2XO5l4GptwzJQfkEzCNoAniofBkb/WMQjvUhJ30eVpa7p/aq+4cgnMYuwYRCOLAB3jpldzIvii1+BOr3oLeT+1blK9f8u3T5liIxV3DBFxEWbnhQWHMgYXpDBIV9cjVhLYZLznefoWZ8N9bVdg1aucgYSWiPbURdfZusyS2fUJgiDLu63KQw8Bhc9cIMnUh6fq2UIBMk1mg/zuKyuMzCM8FX/VvleXJwS11LAgkEhtkOKQXo2xB65+zxPAUl0mKWGKSP9gY8p0+cav4nFCSLQ==</Modulus> <Exponent>AQAB</Exponent> <P>6ZEU55sugjc/qcPW0u0fSxy5tJYI+8tFsKfw/5AAm4pq2SVfDQHkRODlv5Zr8DnFQz7WN2L7FL6f11qdIjO4/dF9oo5YlD+jlmTOdaZovNLT0w0KGnN3ChFnnyxyNSG33sxlwgUrBppY2W4Sh0rzNQ4VIBhGes6dHxuMg0hWCKM=</P> <Q>6ComYZkP5fJrT5tWNSTkb+UGyUwxquXWAgZB8GCkAzrc5t3QgPe+1W0bUSJOVddPX6mxx6yaM+ZMFc5pwdcyxYJ90+T/m2NNviMOC2fHB457OWr4HO0DloYHlWbniXfkOLGrWHshcbIEwbsYWnVYF3mOF2b/xDuDUB57B71Flu8=</Q> <DP>k9guL1zfV7W5KrC4btOCF32bX2AJV7kX5/amal6ww8QeVk19mTI1WBQz2c5RjMJEx4gi+PRCkqMHcr388QVkd+X/bMJF97FAz5YHyhkH+15IjzOVzaCBHXJe8TalJFSvmuwvDV1QGuHgk+FFATbENDUx0hsLofjfJC3AB+nl65k=</DP> <DQ>v80qvlDUuJUpILBlbSxYaTTeAWmoUtbkkfGXgj5k4aI8o6K3QgTrLKmh+sqLyxFBKvgnvp2TG7N0QkOwTYs7D795spgqr7Y/oQiW7sdCv7RviwUbi9Int7BtDXnhaUmaS1hFBalb/PEkSuUF/p2ZNHOg9yaJwRWlq4gy/jbZChM=</DQ> <InverseQ>EydINmQ+aX8+2W7ZxU66P+0XSYsA2M/m7eF0cn5B+N3E2TOYgwunWqjPksyprEtNlP/puf7li/g8G5j3fQ0Xy/KrVwR2emcvCZMqpjzkYhSn9KcVHUVJg/LHb7BDVx/uSZwj9Ok2qDX73PSa91DEsIPiKPQjkVw1QJJ19wlJMiQ=</InverseQ> <D>MzwYbp5LYCXtI78vQ4PzO+uXFdUnpfuZHU55+vUFNSKmX3cT2GYr4yyjMBL3ITflrA5YGUis+zdP96kM9cdMumUpuFnZMWuHXY3zPZCnTaMZU5a+4c9afgMw/CvfevK92BDbDzC0LarTOQopDE1DULns6O3ym2QDWTgY/QRM44StLMEaLjNdVhLS3lMZJPrMCtk1k044RStUkL/7yiLMUYtXV+Lpy/08dyHWdXfBcakusKw8EEZZ53skFeR6mkWT51wyKmBFf7D6rfUC+e282i8OGayu79zXvA0UutmUGa1Q9eAP8qsBrc/i++qa/X3JnfBrFyEwQBfQV3kiOM3T0Q==</D> </RSAKeyValue>
XML 公鑰:
<RSAKeyValue>
<Modulus>o9AYbnx0a9YHjhnaE8E8w1plNsmyqg2tW41sakkoELxRz5PlDAsmc31caXUveSzBY8obp5Jt0hF9EIqY5wzLZQ==</Modulus>
<Exponent>AQAB</Exponent>
</RSAKeyValue>
PKCS#1 私鑰:
MIIEpAIBAAKCAQEAv4pVuabfkk1NxEpIz4GYMpG69hyJDXAFJAIuUP3qCIhq081KRwrWW+0qQZp6MMTHHA/O+rHHTR6vfGBOo6yxcs9c4QCbnt/RhQ+bOmLizTJURiFrbgFU9q8dlpJ8OaoSBE3M2dY6wMhck+vEGSr1w7Fm+wH+IPPyKfNynPDYs3rKzNyHJfre62Vf23tB/Zd+7UC0PAEing7uERZdrRfloy95v8o2kVBIk4v2YUjEpLaMDbytBo++wMbyTHqsHtJKlCfxAZ+sb7VKQx8JlNEMals4k8gwjCTtoum34jgscb7CQ1aleAskTrQO2zkQINssrN/sr3WlEZ4ZdNXXVb/JhQIDAQABAoIBAF5o4i47CXIEdnNtJgxZ1Vn/qMbMc+VStMX16Tx0m1mPXBB/3L+9oMD42l4xtU66f2XeiOfanuDtYhQNKFXWtjRf72jcMtiRe6V5dsrFmQMJbq6OpHQ5ZdadpBjmpSKLKIxEiNdKl/UUDUW/7Q12tmK524eXiNpXQ6LX40NmF3oHDwMb7ZGnynFBKdA4ZDZWcVpL1eGY9xTJnpAmLRsI4UXBVeSIKZYZAo4I4FhvWr/mkESiWhBGCGrFMQB75t1x6wTqHPBoWjo9HJrSW66tbEeIdwNbpxzlaYqcOMd+Uk6P38lCE5J6rxRCMXjvehEqZmAYswfMNS5a5o2a/xEHElUCgYEA4NTyPS+aQDP9Vu8fpsbCyfxiPLSam9JUJm2ON3/0C6uomYVHnL72AgM7srmmQB4cA6bbvscjB5oB504bQ73ppi56SFnvjhQckCAtU0VPTtOVSUYBOQGvhCY0Lr+AJHCKYCVEZEWdGFObVTApA+QXwHlpheSe+fuMZkIjEiuZX2cCgYEA2hfoopk1b6RNbBvp9X1TfiZYW/x6Jrs9ebr3z08lawtLeSJAXPS37XqYgVUTMXxs7mcIP7AHmGuFlu9nOA6sVF1E2C1I3f6YMH8OaZCiH0/e3swqyTkYyiHBmCnh2lWGVyf8jK+OF0Y9KI+omGiyFiPTco6VS6Q16Ozd/NJK+DMCgYEAtjB5V9GiSpKWoYLGgEwifrFRHeYwP0LSRA2VKC48odRpnHYfUMqB6aGbF7pPGTgM9XyaJ1+RaFCJaFmnyF413x9cohKXB+gOOVCJyiepG7RjDex3gy11gD3BHXy7J0w3JbAtWp/6rELb5c1P/0IvaR45v3FCzknkPN0tNEU2VNMCgYEAtlOIm+6jurrMMxY/CImGtI7QDc7MO/cLFOqW44xSRuRBa3qT/mJkJbf5KR57lkJkOwaN4diC8QzquN1aGIZD0Z/Lv0JUiaqfhuOho+VTdAPs2awsFN+T9uAzncdd1o7raY+3VdIqYxDIblFzbD8Squm2iy3iaENXAmyLxSH1pPsCgYAXZincMY50iTmF9qYaS9xs44d3riKRQpty97W+igW5MqFMmmajfy8QShVliG1cU10Hsvz0hAZ6SK5gl+Zp6CHrveuEr69+aee6Xjp3hiJKCEiId9ahCpr8EBPWYTi22azBzgGiXseqMEI2UR9SS6K7OZ2TRNwWOERuBsabERZQhQ==
PKCS#8 私鑰:
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDLGWghUU/jAMivM53r6M01dtHIQwtDlDhfNLot5keKXRA0PD/yZ3ZZoi7W1ffvyfcuw2Db8nTGGIThFfESi7eyQdrLWqC7x8MppRtL6pYyercyApC4UhFBLTF4oUX/vecK9bHw/SuQGJtDfilZIxIfNZWpVrYpzEyAWpI6ix+pUlCA5LM9q3C6JbLsiMEvX3ypafoYUeOwx4ydEn3NwoR8EpeLzi3OHfcvo+m4yOUrLZXlMhDnMgPwyew4TOW/NsqaBvJJ+9r5hF/dcEQmpA8uvO6HJU7pClbwm0QjjjKdC/r//MHuiOFdv5b5bU0MJQGJ09tEWkEfUr/TqI2wZm/hAgMBAAECggEBAMVXX32YI3ZfqZ/LGLRD1TkQxc+/jS9R0uB3PDwjF/pSaM9Ih54Cd9WqJ7bp2upspLgUcYXldR+SbXLDviUWCxyyrmSPH8S12mUZn4dJXj2YTW7TXUkrvMZGol4i3gAbxmY4y3hslqqBrkOLT6Pj1tTqXQxYS9IbR24kExe9XLtIm/+3VcXRlW7AT2TZk1TRSjYB5OPmlYoPdQEZYk4ZL0NUNj1+HvQoeHX+b1iXJ08bP+KuTnJ+zxe6WG0x8x1cCpwOwGvEqMQ2SSyJihxw0969hPwwyeDDEWxkjaZdQt4I+aYE4KvLR75ixfkk6u5cknidmZjY0OCR2iLHbR40D/0CgYEA46+zjaa2cJEo1+7c8JSZHf+8/NAWAbo388caBIHlQ3tWDGVKbD0V+PsJPU3ZCZfIM0K1vBY0G/Ss/Pdn2CLVQwHHaVRMSAlpOdwzQdiao8dkT1B3zcVlzbInKbsc06C/3NCQZ+NKi1P2rlJ8u7tBq2Phbltwzu/KEfNe4vD2n7cCgYEA5Fr8WylpAF4o0LoOX1nZy4swvyOpG9a9yM9qilHeUVveIC7hEgNNe6kuasvmunPdF/8jOlcit2pBdg85Xu76h3g+AWK5cwnWwojeI3msAXpnej/VI5NkNGeTbJB64sX6PpmPvhMwApS6RRqpGttQ+qcO6lx6Vn5FF+jP8NxmvScCgYBC0nQd5Imyq8eS6BWLvfDaLw4mHGP5CdAWCZ8HJ6BDl9T/OlMHRT5HnlVt2oUSHaux76gqlVGhysNiUrH1avOwALunnAfvNGPfiVK5xnpMCt7TsEgY6hAguGJqCvJA4fKtOcDH3JsqHPBO5QKajjCNvniQzOFkuldRwV1duV6ILQKBgHrngZVrJ0l8ZElbKmslh/RmWPk3L0h9fq36/OOvhpGReW8m7BpuzqA1AXeXgPpva9sDhilbRqMjPFJXhVBUHWEWVYEXaqrA6+bOFYlQbkRpZhJFEulP5gnSiWVQKeOuHK7epZ/u4dMxy0NwQv3idqZBjeSTm4C7+2IP+wMvDNjXAoGBANM9wm6iiZOqZTCdMh/bnRDkChFTr8uLmbu5dtG8iXkGDhq0gX73GRrg4YL3R9oGSG/95zp5KThD94eAxZR1jrIChze77V6Y1urOMruUiluFIokoI94xUb7oh988yG2RSHzWQ3YzOGV1KqIf05j9JJvXZYcjUmB5yFWzPZVmDiwi
PKCS#1 公鑰:
MEgCQQDQViO4nQdwtCq9sOQb99evu/Pjkhk4TpEnn+6uXMz2LaS9xmUtX8lOVCMMlzoSNdu6vPskfUgMGud2hOpcgnLdAgMBAAE=
PKCS#1 和 PKCS#8 的 Key 都是通過 Base64 編碼的,其中公鑰僅有 PKCS#1的表現形式,即 PKCS#8 格式的私鑰對應的公鑰也是 PKCS#1形式,沒有PKCS#8公鑰這種說法。
從肉眼很難區分 PKCS#1 和 PKCS#8 私鑰,公鑰可以根據長度來區分。
XML Key 標準表現形式,展示了 RSA 演算法的幾個部分,主要是 :Modulus、Exponent、P、Q、DP、DQ、InverseQ、D。私鑰包含所有部分,公鑰只包含 Modulus、Exponent 兩個部分,所以有了私鑰是可以推匯出公鑰的。
三. Key PEM
PEM 是對 Key 的一種格式化,使之更容易識別。基於上面的普通字串 Key,它對字串進行了分割,主要是加了字首字尾以及每行分割為64個字元。
PKCS#1 公鑰
-----BEGIN RSA PUBLIC KEY-----
BASE64 ENCODED DATA
-----END RSA PUBLIC KEY-----
PKCS#8 公鑰
-----BEGIN PUBLIC KEY-----
BASE64 ENCODED DATA
-----END PUBLIC KEY-----
PKCS#1 私鑰
-----BEGIN RSA PRIVATE KEY-----
BASE64 ENCODED DATA
-----END RSA PRIVATE KEY-----
PKCS#8 私鑰
-----BEGIN PRIVATE KEY-----
BASE64 ENCODED DATA
-----END PRIVATE KEY-----
這裡所說的PKCS#8公鑰,並不是真正PKCS#8格式的公鑰,而是PKCS#8 Key 對應的PEM的表現形式,即前後綴不一樣,其內容主體都是一樣的。
PKCS#1 和 PKCS#8 前後綴主要是 “RSA” 字元的不同。
例:PKCS#8 PEM 私鑰
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDXuqAQz+MyeKuC
335rPshsHUFxLpZcBj97EiHq9qhvxMhLsMoa3YFvKlwktBoQWzZzgETls1N0H5E/
yhV+pljN4TIubfsOQ68TUfJkr9b+S1/25KwOwUmMndqaFb/vcYj1QtWTl65OXOWL
l3oKl7j2kwjmwtW8Smm97cEw15ijmRALP3qGvYyzL/YRIOHv+PmDpoMG0dedZRNz
u7hdhkU/UrlaRLvDLHyUJPkM+4SJHVUa2epYFMB7OX/b4ZQR0unxIBea2HAo8byG
qctOB41cXa6+t8dvRj2DhCXhMHGXKNU8DL9aALLmCbl2UTsJQyvNQ3FaT7TzQYsw
gOevjFttAgMBAAECggEBALltxOAukM91QZdAm917HbMwgmvS65M2G6Kht13LnoRT
1Qaac14cP4FaG9HArRaaEHe/LXlzZqxN5f+6qDcwrOxqQUP/bOiZ7QbiTUOWkWoL
R/VkITCdm6aumJQRVeVu5ZZLWGGA42agGv6duV0ZhPcM833GwwkRvUpv7rsY1i7n
ccUObhkv3ql8XjnCcz1rSSkf6W40+dp0pW2mCH6NPeT8kdtBH7mA/ZSK7ZMQbMGg
LNdCx069o91POKP/nZ9V9Ex2Bviic2TqpilC6Z/9EryxA0HszknUMX7Lnuhr7Fsb
n8wkvYLplebolTOrCy/athEZkGdwCrgdGFk7by/XsdECgYEA9BX0vnhr1d1A9rxz
YYt/Xt3DqqtnQ8ETe4CldI3/XIJ3CcMI4f52dAk+Jl9V4vHu4HRKODWjJ67FDExQ
Bu+FWUjk01rFSMmbsVJRenRyuGL4X5XTRwMCtcIcxfvYgttLVVpqCsDK2CredAxc
u+RZ5eI0/Y4gc+BKzDIbSy1LQ2sCgYEA4kJUQ4BlIQHD2CEj49ORL/WzWk01Wi9A
2ilQcVf/xbLeBJd04SemftHLF4ulKM6VZ4KyrTzewwM6rEw31fWo7dgxShwTdnMI
Hn3esTdZYK6O6zQ8PuEi/q4hTx4QYXDq63pKoDRTrkQAVZdTe0ujyczPXjdAKwYF
obd3sk606ocCgYA7tpdedZVkB7HZ6vaLOZZafgRdX3tu3vBGOY3AuvBrEFvQ3o7w
wtD1yEEVICOh1rAq5yg1IiIdFiuMu6qkV7qWwjeA4Wb8TJ4zPkFCpPRf2Y6Ly9qZ
N8pU7v0dDmTEdqOyaOEialH1ml87or6ZFN9NVw7BrSCRWKDT3bpBpP4RqwKBgQC/
i5u+kaILsWzVOikiJOgTDBTMa/Sw5rQmfTdm3TLhca3XgUknm+OuFXmz8zrdMxb0
zIbrdk64FbHET7otXo2m3ZHMxbwMWRIUjkbLDKqT2PORV2VxbjOsHEqCqlb/xxJ6
S8uFmQcGzvbhfvzjsoN0wfkEMA4Y3j5CTAn/X/Z1XQKBgGG4qDagG1unSkpNfHfu
qwjEjAkSR/pla4vJIaEaA94/gJ21upZfwjUUdRXJbk6W03OfSOlmy2zIeCguV+H/
UkMOcmBqVX/tbCQy7weCQwwHU4Dluy7xJIzrgYRXIuV+3zk2D63+LAK84+ksbL61
zCnaG86YfYxcClOZ/revxrnd
-----END PRIVATE KEY-----
四. .NET Core 3.0 RSA 新增功能
.NET Core 3.0 官方增加了對 PKCS#1和 PKCS#8(密碼) Key 匯入和匯出支援,PKCS# 1為預設格式。
方法名 | 說明 |
---|---|
ExportRSAPrivateKey | 匯出 PKCS# 1 私鑰 |
ExportRSAPublicKey | 匯出 PKCS# 1 公鑰 |
ExportPkcs8PrivateKey | 匯出 PKCS# 8 私鑰 |
ExportEncryptedPkcs8PrivateKey | 匯出 PKCS# 8 加密私鑰 |
ImportRSAPrivateKey | 匯入 PKCS# 1 私鑰 |
ImportRSAPublicKey | 匯入 PKCS# 1 公鑰 |
ImportPkcs8PrivateKey | 匯入 PKCS# 8 私鑰 |
ImportEncryptedPkcs8PrivateKey | 匯入 PKCS# 8 加密私鑰 |
以 PKCS#1 格式為例,用法如下:
var rsa = RSA.Create();
//匯出
Console.WriteLine("RSA PKCS#1 私鑰:");
Console.WriteLine(Convert.ToBase64String(rsa.ExportRSAPrivateKey()));
Console.WriteLine("RSA PKCS#1 公鑰:");
Console.WriteLine(Convert.ToBase64String(rsa.ExportRSAPublicKey()));
//匯入
rsa.ImportRSAPrivateKey(Convert.FromBase64String("MIIEogIBAAKCAQEArTLJkbnYqeNXjy1iznnEi8bZjVbP4NabvftKFMdYeCCHfeHXZEvaJFbWcybmWwfj4ZjHH+/hh1RRQVMNgQUD8uXYmdjn7bUAfeyT9ujSulEFzwM2Udm6XtnI5/K2WH9ZHEPqUqNgv0EEthV6Yz+SQYFSYO2xd+TzLMvnW/iCmgb9gQfl85L+cKVvQy2NOod3i+gbTwPM8im1fP43vqVUUE5OD+Hz1Hiwai/RJDC67ZhoSdv1Vor8t9uyg+03fa8gfPj52gFRyHh3y8d/bb1LrJwbXV3cBCLD9aw9bnW3rFRwpP+JuH9VKSpoRA3gwD3vhoz7Y8BBOsC6PSrusAm/lQIDAQABAoIBAH+yBTli+2JuUn0mqkWvM4EW0AlMKyILOHJ+1mSxgQG4gg0GuKai4ieOurfVw1r0W0hWOuHKG86KFQqDsF4ik4G/gs4TRRRWMhGlnoYZrFxgJlc1eBQq4iTSjzSsF1LyOYIEdLwO5uK7jjytYznPgga30UPTm9fYvo2VnHOLqsbiD98ljQmUa53b13wqsGBRaqLgY8cAt5maI/IUytQNKORw/OwLVkYYOuLCI6NCnUgLhvn/aQpvdcIU06xsZw+sEsSsax3idILv+4VrmlSg/8Bhi7m+2JW/ati3QeQ2TUTRhAs7XxHeTSNWnlQE/pCnlBYSWZZCOSferPh8cJwZobUCgYEAzJZaIBVRAcOhUwOd5zE57aLuT8Qxc9zWSw8iAtITc/R6QE1x8qqSHmUudhz6/yCk07x1AatwtVisWixBFmbeKqMBsEVMWgSNu/+J8G2Hndr/588ApHwNibLPkbyqS9AGg//JP69k2N3L8ykpveYupD/riE6ppTQaO7UFCzFjlvMCgYEA2LkaHln4yCS64hc7G93WkyzH77B0+H3VK05emWzOP7H7U6msN02LNFEns4f8F6qi9WjsKumnqdm3ghXGH+QvygQfRKbrN/B7bEKgWUV1rv+NzO9q25sijJk99lJGE1wuV8/T9bGHYLg3A8JInKhR+OhoEpsKsRn2geJ6lCGbgVcCgYBHO/angySQi7BJOlIppI85+egmZ/acFAGdYuiBuOnDDxXd+9k4GEIGSU6zG4YdfR1HCDBpY2s8CWMBhrUm+qxShi1ZVdeu5DUBh4lc6JY21YETEpVzsCn6jwMNCHb3LLiID3DgNs7TX+7afLOnBlWpJQR6koEpH4oezfmymwDFFwKBgGNdevwvhEE/le/TduZv79HK1mCvJvJHv1T7uaPenzHVCMZzJOK2SvzRuMI3tv2i3tRmJuIF/zmA+QJLuWsl1ENrYGq5nV8og24/ngVQM4To5rrviq7lkhGksSQe1MJLoXPhde1QWCGgVJkEmwY4plzZMd5V97D7lmo2zLzeK85BAoGAIeo1WXPc3JFb/wOAB8BvdOzyQHDZFTSawTnws3sWCNZvicWJozNfq8m4kFoG3aITUeimlb6CPqZaJabjLF/99gReDJDixAIJoU1dXY07aSrzMS6hK1lvl6eY5B5zW+wCkIpfyCQSTcVB6zQAU9MOCaokKu2zleBMVQqKWfWfz54="), out _);
rsa.ImportRSAPublicKey(Convert.FromBase64String("MIIBCgKCAQEArTLJkbnYqeNXjy1iznnEi8bZjVbP4NabvftKFMdYeCCHfeHXZEvaJFbWcybmWwfj4ZjHH+/hh1RRQVMNgQUD8uXYmdjn7bUAfeyT9ujSulEFzwM2Udm6XtnI5/K2WH9ZHEPqUqNgv0EEthV6Yz+SQYFSYO2xd+TzLMvnW/iCmgb9gQfl85L+cKVvQy2NOod3i+gbTwPM8im1fP43vqVUUE5OD+Hz1Hiwai/RJDC67ZhoSdv1Vor8t9uyg+03fa8gfPj52gFRyHh3y8d/bb1LrJwbXV3cBCLD9aw9bnW3rFRwpP+JuH9VKSpoRA3gwD3vhoz7Y8BBOsC6PSrusAm/lQIDAQAB"), out _);
輸出:
使用是非常簡單的,如果使用PKCS#8,更改一下上面示例程式碼的方法名就行了。
使用這些API需要的專案使用的目標框架滿足:
平臺名稱 | 支援版本號 |
---|---|
.NET Core | >=3.0 |
.NET Standard | >=2.1 |
五. RSAExtensions 介紹
從上面可以看出,.NET Core 已經原生支援了PKCS#1和PKCS#8 ,這對於和其他語言對接是十分方便的,但是美中不足的是沒有對 PEM 支援,以及對 XML 格式的支援。
RSAExtensions 專案就是為了彌補上面這個缺點且支援RSA大資料加密,基於 RSA 物件來新增的擴充套件方法,使用同樣也是非常方便的。
開源地址: https://github.com/stulzq/RSAExtensions (希望來個Star支援一下)
Nuget: https://www.nuget.org/packages/RSAExtensions
RSAExtensions 功能如下:
- 提供以前Framework有的XML格式的金鑰匯入和匯出
- 提供對PKCS#1、PKCS#8 PEM格式匯入和匯出支援
- 提供對PKCS#1、PKCS#8、XML格式的統一匯入和匯出
- 提供對大資料分段加密的支援
增加的API:
方法名 | 說明 |
---|---|
ExportPrivateKey | 統一匯出私鑰,支援 PKCS#1、PKCS#8、XML以及PEM格式化 |
ExportPublicKey | 統一匯出公鑰,支援 PKCS#1、PKCS#8、XML以及PEM格式化 |
ImportPrivateKey | 統一匯入私鑰,支援 PKCS#1、PKCS#8、XML以及PEM |
ImportPublicKey | 統一匯入公鑰,支援 PKCS#1、PKCS#8、XML以及PEM |
ImportXmlPrivateKey | 匯入XML私鑰 |
ImportXmlPublicKey | 匯入XML公鑰 |
ExportXmlPrivateKey | 匯出XML私鑰 |
ExportXmlPublicKey | 匯出XML公鑰 |
EncryptBigData | 大資料分段加密 |
DecryptBigData | 大資料分段解密 |
六. RSAExtensions 使用
using System.Security.Cryptography;
var rsa=RSA.Create();
匯出
PKCS#1 匯出
rsa.ExportPrivateKey(RSAKeyType.Pkcs1); //私鑰
rsa.ExportPublicKey(RSAKeyType.Pkcs1); // 公鑰
私鑰輸出:
MIIEpAIBAAKCAQEAv4pVuabfkk1NxEpIz4GYMpG69hyJDXAFJAIuUP3qCIhq081KRwrWW+0qQZp6MMTHHA/O+rHHTR6vfGBOo6yxcs9c4QCbnt/RhQ+bOmLizTJURiFrbgFU9q8dlpJ8OaoSBE3M2dY6wMhck+vEGSr1w7Fm+wH+IPPyKfNynPDYs3rKzNyHJfre62Vf23tB/Zd+7UC0PAEing7uERZdrRfloy95v8o2kVBIk4v2YUjEpLaMDbytBo++wMbyTHqsHtJKlCfxAZ+sb7VKQx8JlNEMals4k8gwjCTtoum34jgscb7CQ1aleAskTrQO2zkQINssrN/sr3WlEZ4ZdNXXVb/JhQIDAQABAoIBAF5o4i47CXIEdnNtJgxZ1Vn/qMbMc+VStMX16Tx0m1mPXBB/3L+9oMD42l4xtU66f2XeiOfanuDtYhQNKFXWtjRf72jcMtiRe6V5dsrFmQMJbq6OpHQ5ZdadpBjmpSKLKIxEiNdKl/UUDUW/7Q12tmK524eXiNpXQ6LX40NmF3oHDwMb7ZGnynFBKdA4ZDZWcVpL1eGY9xTJnpAmLRsI4UXBVeSIKZYZAo4I4FhvWr/mkESiWhBGCGrFMQB75t1x6wTqHPBoWjo9HJrSW66tbEeIdwNbpxzlaYqcOMd+Uk6P38lCE5J6rxRCMXjvehEqZmAYswfMNS5a5o2a/xEHElUCgYEA4NTyPS+aQDP9Vu8fpsbCyfxiPLSam9JUJm2ON3/0C6uomYVHnL72AgM7srmmQB4cA6bbvscjB5oB504bQ73ppi56SFnvjhQckCAtU0VPTtOVSUYBOQGvhCY0Lr+AJHCKYCVEZEWdGFObVTApA+QXwHlpheSe+fuMZkIjEiuZX2cCgYEA2hfoopk1b6RNbBvp9X1TfiZYW/x6Jrs9ebr3z08lawtLeSJAXPS37XqYgVUTMXxs7mcIP7AHmGuFlu9nOA6sVF1E2C1I3f6YMH8OaZCiH0/e3swqyTkYyiHBmCnh2lWGVyf8jK+OF0Y9KI+omGiyFiPTco6VS6Q16Ozd/NJK+DMCgYEAtjB5V9GiSpKWoYLGgEwifrFRHeYwP0LSRA2VKC48odRpnHYfUMqB6aGbF7pPGTgM9XyaJ1+RaFCJaFmnyF413x9cohKXB+gOOVCJyiepG7RjDex3gy11gD3BHXy7J0w3JbAtWp/6rELb5c1P/0IvaR45v3FCzknkPN0tNEU2VNMCgYEAtlOIm+6jurrMMxY/CImGtI7QDc7MO/cLFOqW44xSRuRBa3qT/mJkJbf5KR57lkJkOwaN4diC8QzquN1aGIZD0Z/Lv0JUiaqfhuOho+VTdAPs2awsFN+T9uAzncdd1o7raY+3VdIqYxDIblFzbD8Squm2iy3iaENXAmyLxSH1pPsCgYAXZincMY50iTmF9qYaS9xs44d3riKRQpty97W+igW5MqFMmmajfy8QShVliG1cU10Hsvz0hAZ6SK5gl+Zp6CHrveuEr69+aee6Xjp3hiJKCEiId9ahCpr8EBPWYTi22azBzgGiXseqMEI2UR9SS6K7OZ2TRNwWOERuBsabERZQhQ==
PKCS#1 PEM 匯出
rsa.ExportPrivateKey(RSAKeyType.Pkcs1,true);//私鑰
rsa.ExportPublicKey(RSAKeyType.Pkcs1,true);//公鑰
私鑰輸出:
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAtffhsp2hu1b0isDlYZ2UHd5NPLGHJYwDzWFM29EiXZq3pHDY
CFNF5jJ+h8U4e10e9XDvVF6X02OLQVjVCZVlikRe5VmKGOU+azL5ojg1MbLOqEJr
fd3f/vxcZ4sCIxdWNgHefPixneNldIULBor9n4IlB5so54YdPZLXxLwSXJczTbeG
LuMRw2plKZpp8hLZTLeR42g0aIBUbBanDZuoP2ztjFthUTf+E7PbI4hmFhL4nszO
/9KuJEvlnLtQF9shHZ5ERvgHXFbHpM9e1nz4Yr+eaTWxVF6vNBicKFrTgMNtYtS/
6x004yVmpXdeHUBDwerIJwS7AJLXX0BC4mlDGQIDAQABAoIBADxo75+5nyCvjH2n
7j7K7oo/68pTcXdwlS6Qt9BeDJegrojEAaQ56QG0D7eJLOgfkRCQjpOm16aQ7IEk
OY118IDHk+12HVeIe4FhKejF2jsGjn7jlgXyK9Pd+dtSFcKKk89YLYG1mlm9TUgy
hueEKxDSRvLQevLp3jk7z6/7c+kSpPUrsreWyq6qP+lwfmPa6k6uAwEpHKfGKmCC
Sj3vnC2jBfG89RZFhvB9VUXqDs1Yppi1anFlymB7eJMOu33SG9hqHK/AwJpv1qM3
ONebjyZ2rrrCxhMuR3luDdgACHpINOyeb8zkR0v+24aqHGLs3V31bGkYqITJXSkm
udNHM2UCgYEA8cpokD3GMolB8npIDw7DcwoAW9J3rD44EDHpak+H+wNbUxHzcrwc
ylEcIkbM5hiIyEsmkWVwsqM/UQ9v+Fl/h6AlqPE4ai4D/pbfWnlPxPuTGzm/wpWR
sXcZJ+EAWn6MR+6fm1KeAsCRs8rBL5OKhFRXOzwdmulVg8jNGq4ijycCgYEAwKl7
gmSj7zlY0ATesawZVM3cSmV3rp5uCN61jZkY1zzOw4uiD0dDyCIhzYJc9fp2pUSf
plNYv58+StdoI+gJ8fd9Cp9afW7kTHXM8+SjOEwsECQKmiJZ+re+biXYJ60T9moJ
iDGcdNvS/s/F8rSqdd31gzdNALRqYWIvZSFVA78CgYBotForfFTDtaSVOFbUDnSc
8IvPN4kTUa49dR+7Jc2g6Yc2peNioAtnoVApl7dLPPyen8yH0gHHmeHlXGYEid0s
AjHMwwjHEj4wlW0LZNUiXD8L3yonPVXmH8kI9+qLRZnB3JfJTzGVx4ZQ8VBPJfkp
7MwJnrLDTp/1fZM0JoxYqQKBgQCrweykMIidqqhsuwq1ptHmcqhjgtYRzJgYPEPq
+oPUzxcd6YwOxt+8ugEcr42klSfU6rrRkxhZrOPh4Ouspx7GonbNU4der8/EAnk3
Lav9cpsNwLPa+ajyBYE1vXNY28oiMiJRUrlCzP7rv9ufJkWZUsmfs1tot27nZpsO
M4sRDQKBgQDvnddTAbTX+GAfkGS4t7iYPuwk2U1YplnT75fgvmgbm7Ett4PbeCBb
FLNeGxKodTChqO50+q82qasO00He5XGo+aSiwVigxjtI/5QZGjl9WxcWUwLrSTS4
lABg9PGeOzUZSgAVxYzXhJ2kkMtj8NhVqRvAEegjKc/tML6SDJ4coQ==
-----END RSA PRIVATE KEY-----
PKCS#8 匯出
rsa.ExportPrivateKey(RSAKeyType.Pkcs8);//私鑰
rsa.ExportPublicKey(RSAKeyType.Pkcs8);//公鑰
私鑰輸出:
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDLGWghUU/jAMivM53r6M01dtHIQwtDlDhfNLot5keKXRA0PD/yZ3ZZoi7W1ffvyfcuw2Db8nTGGIThFfESi7eyQdrLWqC7x8MppRtL6pYyercyApC4UhFBLTF4oUX/vecK9bHw/SuQGJtDfilZIxIfNZWpVrYpzEyAWpI6ix+pUlCA5LM9q3C6JbLsiMEvX3ypafoYUeOwx4ydEn3NwoR8EpeLzi3OHfcvo+m4yOUrLZXlMhDnMgPwyew4TOW/NsqaBvJJ+9r5hF/dcEQmpA8uvO6HJU7pClbwm0QjjjKdC/r//MHuiOFdv5b5bU0MJQGJ09tEWkEfUr/TqI2wZm/hAgMBAAECggEBAMVXX32YI3ZfqZ/LGLRD1TkQxc+/jS9R0uB3PDwjF/pSaM9Ih54Cd9WqJ7bp2upspLgUcYXldR+SbXLDviUWCxyyrmSPH8S12mUZn4dJXj2YTW7TXUkrvMZGol4i3gAbxmY4y3hslqqBrkOLT6Pj1tTqXQxYS9IbR24kExe9XLtIm/+3VcXRlW7AT2TZk1TRSjYB5OPmlYoPdQEZYk4ZL0NUNj1+HvQoeHX+b1iXJ08bP+KuTnJ+zxe6WG0x8x1cCpwOwGvEqMQ2SSyJihxw0969hPwwyeDDEWxkjaZdQt4I+aYE4KvLR75ixfkk6u5cknidmZjY0OCR2iLHbR40D/0CgYEA46+zjaa2cJEo1+7c8JSZHf+8/NAWAbo388caBIHlQ3tWDGVKbD0V+PsJPU3ZCZfIM0K1vBY0G/Ss/Pdn2CLVQwHHaVRMSAlpOdwzQdiao8dkT1B3zcVlzbInKbsc06C/3NCQZ+NKi1P2rlJ8u7tBq2Phbltwzu/KEfNe4vD2n7cCgYEA5Fr8WylpAF4o0LoOX1nZy4swvyOpG9a9yM9qilHeUVveIC7hEgNNe6kuasvmunPdF/8jOlcit2pBdg85Xu76h3g+AWK5cwnWwojeI3msAXpnej/VI5NkNGeTbJB64sX6PpmPvhMwApS6RRqpGttQ+qcO6lx6Vn5FF+jP8NxmvScCgYBC0nQd5Imyq8eS6BWLvfDaLw4mHGP5CdAWCZ8HJ6BDl9T/OlMHRT5HnlVt2oUSHaux76gqlVGhysNiUrH1avOwALunnAfvNGPfiVK5xnpMCt7TsEgY6hAguGJqCvJA4fKtOcDH3JsqHPBO5QKajjCNvniQzOFkuldRwV1duV6ILQKBgHrngZVrJ0l8ZElbKmslh/RmWPk3L0h9fq36/OOvhpGReW8m7BpuzqA1AXeXgPpva9sDhilbRqMjPFJXhVBUHWEWVYEXaqrA6+bOFYlQbkRpZhJFEulP5gnSiWVQKeOuHK7epZ/u4dMxy0NwQv3idqZBjeSTm4C7+2IP+wMvDNjXAoGBANM9wm6iiZOqZTCdMh/bnRDkChFTr8uLmbu5dtG8iXkGDhq0gX73GRrg4YL3R9oGSG/95zp5KThD94eAxZR1jrIChze77V6Y1urOMruUiluFIokoI94xUb7oh988yG2RSHzWQ3YzOGV1KqIf05j9JJvXZYcjUmB5yFWzPZVmDiwi
PKCS#8 PEM匯出
rsa.ExportPrivateKey(RSAKeyType.Pkcs8, true);//私鑰
rsa.ExportPublicKey(RSAKeyType.Pkcs8, true);//公鑰
私鑰輸出:
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDXuqAQz+MyeKuC
335rPshsHUFxLpZcBj97EiHq9qhvxMhLsMoa3YFvKlwktBoQWzZzgETls1N0H5E/
yhV+pljN4TIubfsOQ68TUfJkr9b+S1/25KwOwUmMndqaFb/vcYj1QtWTl65OXOWL
l3oKl7j2kwjmwtW8Smm97cEw15ijmRALP3qGvYyzL/YRIOHv+PmDpoMG0dedZRNz
u7hdhkU/UrlaRLvDLHyUJPkM+4SJHVUa2epYFMB7OX/b4ZQR0unxIBea2HAo8byG
qctOB41cXa6+t8dvRj2DhCXhMHGXKNU8DL9aALLmCbl2UTsJQyvNQ3FaT7TzQYsw
gOevjFttAgMBAAECggEBALltxOAukM91QZdAm917HbMwgmvS65M2G6Kht13LnoRT
1Qaac14cP4FaG9HArRaaEHe/LXlzZqxN5f+6qDcwrOxqQUP/bOiZ7QbiTUOWkWoL
R/VkITCdm6aumJQRVeVu5ZZLWGGA42agGv6duV0ZhPcM833GwwkRvUpv7rsY1i7n
ccUObhkv3ql8XjnCcz1rSSkf6W40+dp0pW2mCH6NPeT8kdtBH7mA/ZSK7ZMQbMGg
LNdCx069o91POKP/nZ9V9Ex2Bviic2TqpilC6Z/9EryxA0HszknUMX7Lnuhr7Fsb
n8wkvYLplebolTOrCy/athEZkGdwCrgdGFk7by/XsdECgYEA9BX0vnhr1d1A9rxz
YYt/Xt3DqqtnQ8ETe4CldI3/XIJ3CcMI4f52dAk+Jl9V4vHu4HRKODWjJ67FDExQ
Bu+FWUjk01rFSMmbsVJRenRyuGL4X5XTRwMCtcIcxfvYgttLVVpqCsDK2CredAxc
u+RZ5eI0/Y4gc+BKzDIbSy1LQ2sCgYEA4kJUQ4BlIQHD2CEj49ORL/WzWk01Wi9A
2ilQcVf/xbLeBJd04SemftHLF4ulKM6VZ4KyrTzewwM6rEw31fWo7dgxShwTdnMI
Hn3esTdZYK6O6zQ8PuEi/q4hTx4QYXDq63pKoDRTrkQAVZdTe0ujyczPXjdAKwYF
obd3sk606ocCgYA7tpdedZVkB7HZ6vaLOZZafgRdX3tu3vBGOY3AuvBrEFvQ3o7w
wtD1yEEVICOh1rAq5yg1IiIdFiuMu6qkV7qWwjeA4Wb8TJ4zPkFCpPRf2Y6Ly9qZ
N8pU7v0dDmTEdqOyaOEialH1ml87or6ZFN9NVw7BrSCRWKDT3bpBpP4RqwKBgQC/
i5u+kaILsWzVOikiJOgTDBTMa/Sw5rQmfTdm3TLhca3XgUknm+OuFXmz8zrdMxb0
zIbrdk64FbHET7otXo2m3ZHMxbwMWRIUjkbLDKqT2PORV2VxbjOsHEqCqlb/xxJ6
S8uFmQcGzvbhfvzjsoN0wfkEMA4Y3j5CTAn/X/Z1XQKBgGG4qDagG1unSkpNfHfu
qwjEjAkSR/pla4vJIaEaA94/gJ21upZfwjUUdRXJbk6W03OfSOlmy2zIeCguV+H/
UkMOcmBqVX/tbCQy7weCQwwHU4Dluy7xJIzrgYRXIuV+3zk2D63+LAK84+ksbL61
zCnaG86YfYxcClOZ/revxrnd
-----END PRIVATE KEY-----
XML 匯出
rsa.ExportPrivateKey(RSAKeyType.Xml);//私鑰
rsa.ExportPublicKey(RSAKeyType.Xml);//公鑰
私鑰輸出:
<RSAKeyValue>
<Modulus>09Hvw+dbHzi8x+9A1b2S0/128nA61ZyiaazJcDCUety4yHg0cdp5NOnyH35njYR4u2XO5l4GptwzJQfkEzCNoAniofBkb/WMQjvUhJ30eVpa7p/aq+4cgnMYuwYRCOLAB3jpldzIvii1+BOr3oLeT+1blK9f8u3T5liIxV3DBFxEWbnhQWHMgYXpDBIV9cjVhLYZLznefoWZ8N9bVdg1aucgYSWiPbURdfZusyS2fUJgiDLu63KQw8Bhc9cIMnUh6fq2UIBMk1mg/zuKyuMzCM8FX/VvleXJwS11LAgkEhtkOKQXo2xB65+zxPAUl0mKWGKSP9gY8p0+cav4nFCSLQ==</Modulus>
<Exponent>AQAB</Exponent>
<P>6ZEU55sugjc/qcPW0u0fSxy5tJYI+8tFsKfw/5AAm4pq2SVfDQHkRODlv5Zr8DnFQz7WN2L7FL6f11qdIjO4/dF9oo5YlD+jlmTOdaZovNLT0w0KGnN3ChFnnyxyNSG33sxlwgUrBppY2W4Sh0rzNQ4VIBhGes6dHxuMg0hWCKM=</P>
<Q>6ComYZkP5fJrT5tWNSTkb+UGyUwxquXWAgZB8GCkAzrc5t3QgPe+1W0bUSJOVddPX6mxx6yaM+ZMFc5pwdcyxYJ90+T/m2NNviMOC2fHB457OWr4HO0DloYHlWbniXfkOLGrWHshcbIEwbsYWnVYF3mOF2b/xDuDUB57B71Flu8=</Q>
<DP>k9guL1zfV7W5KrC4btOCF32bX2AJV7kX5/amal6ww8QeVk19mTI1WBQz2c5RjMJEx4gi+PRCkqMHcr388QVkd+X/bMJF97FAz5YHyhkH+15IjzOVzaCBHXJe8TalJFSvmuwvDV1QGuHgk+FFATbENDUx0hsLofjfJC3AB+nl65k=</DP>
<DQ>v80qvlDUuJUpILBlbSxYaTTeAWmoUtbkkfGXgj5k4aI8o6K3QgTrLKmh+sqLyxFBKvgnvp2TG7N0QkOwTYs7D795spgqr7Y/oQiW7sdCv7RviwUbi9Int7BtDXnhaUmaS1hFBalb/PEkSuUF/p2ZNHOg9yaJwRWlq4gy/jbZChM=</DQ>
<InverseQ>EydINmQ+aX8+2W7ZxU66P+0XSYsA2M/m7eF0cn5B+N3E2TOYgwunWqjPksyprEtNlP/puf7li/g8G5j3fQ0Xy/KrVwR2emcvCZMqpjzkYhSn9KcVHUVJg/LHb7BDVx/uSZwj9Ok2qDX73PSa91DEsIPiKPQjkVw1QJJ19wlJMiQ=</InverseQ>
<D>MzwYbp5LYCXtI78vQ4PzO+uXFdUnpfuZHU55+vUFNSKmX3cT2GYr4yyjMBL3ITflrA5YGUis+zdP96kM9cdMumUpuFnZMWuHXY3zPZCnTaMZU5a+4c9afgMw/CvfevK92BDbDzC0LarTOQopDE1DULns6O3ym2QDWTgY/QRM44StLMEaLjNdVhLS3lMZJPrMCtk1k044RStUkL/7yiLMUYtXV+Lpy/08dyHWdXfBcakusKw8EEZZ53skFeR6mkWT51wyKmBFf7D6rfUC+e282i8OGayu79zXvA0UutmUGa1Q9eAP8qsBrc/i++qa/X3JnfBrFyEwQBfQV3kiOM3T0Q==</D>
</RSAKeyValue>
匯入
PKCS#1 匯入
rsa.ImportPrivateKey(RSAKeyType.Pkcs1, "<privateKey>"); //私鑰
rsa.ImportPublicKey(RSAKeyType.Pkcs1, "<publicKey>"); //公鑰
PKCS#1 PEM 匯入
rsa.ImportPrivateKey(RSAKeyType.Pkcs1, "<privateKey>",true); //私鑰
rsa.ImportPublicKey(RSAKeyType.Pkcs1, "<publicKey>",true); //公鑰
PKCS#8 匯入
rsa.ImportPrivateKey(RSAKeyType.Pkcs8, "<privateKey>"); //私鑰
rsa.ImportPublicKey(RSAKeyType.Pkcs8, "<publicKey>"); //公鑰
PKCS#8 PEM 匯入
rsa.ImportPrivateKey(RSAKeyType.Pkcs8, "<privateKey>",true); //私鑰
rsa.ImportPublicKey(RSAKeyType.Pkcs8, "<publicKey>",true); //公鑰
XML 匯入
rsa.ImportPrivateKey(RSAKeyType.Xml, "<privateKey>"); //私鑰
rsa.ImportPublicKey(RSAKeyType.Xml, "<publicKey>"); //公鑰
七. RSAExtensions 大資料分段加密
下文所說的“長度”均為位元組長度。
RSA演算法的加密資料長度根據不同的填充演算法,一般最多支援 Key 模長( modulus )相等長度的資料,如果超過這個長度將會需要對資料進行拆分加密。
.NET Core 不支援 RSA_NO_PADDING 填充
Key 模長=KeySize/8
以下是我測試整理出來的 .NET Core 支援的填充演算法的支援的加密資料長度:
填充演算法 | 最小 KeySize | 最大加密資料長度 |
---|---|---|
Pkcs1 | 512 | 模長-11 |
OaepSHA1 | 512 | 模長-42 |
OaepSHA256 | 1024 | 模長-66 |
OaepSHA384 | 1024 | 模長-98 |
OaepSHA512 | 2048 | 模長-130 |
RSAExtensions 已經封裝好了分段加密,無需關心資料長度和模長的關係,使用方法如下:
var encrypt = rsa.EncryptBigData(data, <填充演算法>); //加密
var decrypt = rsa.DecryptBigData(encrypt, <填充演算法>); //解密
八. 資料加密與解密
加密與解密主要使用兩個方法:Encrypt
計算密文,Decrypt
根據密文解密
例:
var rsa = RSA.Create();
var data = "aaa";
var encrypt = rsa.Encrypt(Encoding.UTF8.GetBytes(data),RSAEncryptionPadding.Pkcs1); //加密
rsa.Decrypt(encrypt, RSAEncryptionPadding.Pkcs1); //解密
.NET 中的RSA僅支援 公鑰加密,私鑰解密
九. 資料簽名與驗籤
簽名與驗籤使用兩個方法:SignData
計算資料簽名,VerifyData
驗證資料簽名。使用公鑰簽名,私鑰驗籤。
例:
var rsa = RSA.Create();
var data = "aaa";
var sign = rsa.SignData(Encoding.UTF8.GetBytes(data), HashAlgorithmName.SHA1, RSASignaturePadding.Pkcs1); //簽名
rsa.VerifyData(Encoding.UTF8.GetBytes(data), sign, HashAlgorithmName.SHA1, RSASignaturePadding.Pkcs1); //驗籤
十. 使用技巧
1.金鑰轉換
從一種格式匯入,使用另一種格式匯出。
例:私鑰PKCS#1轉換為PKCS#8
var rsa = RSA.Create();
rsa.ImportRSAPrivateKey(<PKCS#1私鑰>,out _); //匯入PKCS#1私鑰
rsa.ExportPkcs8PrivateKey() //匯出為PKCS#8私鑰
2.私鑰匯出公鑰
var rsa = RSA.Create();
rsa.ImportRSAPrivateKey(<PKCS#1私鑰>,out _); //匯入PKCS#1私鑰
rsa.ExportRSAPublicKey(); //匯出私鑰
3.PKCS#8 加密私鑰去密碼
var rsa = RSA.Create();
rsa.ImportEncryptedPkcs8PrivateKey(password,paivateKey); //匯入加密私鑰
rsa.ExportPkcs8PrivateKey(); //匯出無密碼私鑰
4.通過命令列生成轉換Key
- 開源工具 DotnetRSA 快速生成和轉換RSA祕鑰
十一. 常見錯誤
報錯程式碼:var rsa = RSA.Create(256);
異常:
Unhandled exception. System.Security.Cryptography.CryptographicException: Specified key is not a valid size for this algorithm.
解決:KeySize不夠,增加 KeySize大小
報錯程式碼:rsa.Encrypt
異常:
Unhandled exception. Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException: 引數錯誤。
解決:KeySize不夠,增加 KeySize大小或者資料過長,需要選擇大資料分段加密
報錯程式碼:rsa.Encrypt
異常:
Unhandled exception. System.Security.Cryptography.CryptographicException: The message exceeds the maximum allowable length for the chosen options (53).
解決:資料過長,需要選擇大資料分段加密
報錯程式碼:rsa.Importxxxx
匯入Key
異常:
Unhandled exception. System.Security.Cryptography.CryptographicException: ASN1 corrupted data.
解決:匯入方法與Key格式不匹配,更換匯入方法
十二. 結束
RSAExtensions 開源地址: https://github.com/stulzq/RSAExtensions (希望來個Star支援一下)
參考文章:
- ASN.1 key structures in DER and PEM
- Announcing .NET Core 3.0
- 曉晨的RSA系列文章