问题描述
PHP代码验证银行提供的iPizza签名:
$ key = openssl_pkey_get_public(file_get_contents($ preferences ['bank_certificate']) );
if(!openssl_verify($ data,$ signature,$ key)){
trigger_error( Invalid signature,E_USER_ERROR);
}
我尝试使用
$ b将其转换为ASP .NET$ b
SHA1CryptoServiceProvider sha1 =新的SHA1CryptoServiceProvider();
X509Certificate2 cert = new X509Certificate2(HttpContext.Current.Request.MapPath(〜/ App_Data / bankert.crt),);
RSACryptoServiceProvider rsaCryptoIPT = new RSACryptoServiceProvider();
rsaCryptoIPT.ImportCspBlob(cert.RawData);
if(!rsaCryptoIPT.VerifyData(data,CryptoConfig.MapNameToOID( SHA1),签名))
抛出new InvalidOperationException(来自银行的无效签名);
但是行rsaCryptoIPT.ImportCspBlob(cert.RawData)导致Cryptography.CryptographicException无效的提供程序版本:
StackTrace:
在System.Security.Cryptography.CryptographicException.ThrowCryptogaphicException(Int32 hr)
在System.Security。 Cryptography.Utils._ImportCspBlob(Byte [] keyBlob,SafeProvHandle hProv,CspProviderFlags flags,SafeKeyHandle&hKey)
at System.Security.Cryptography.Utils.ImportCspBlobHelper(CspAlgorithmType keyType,Byte [] ,Boolean randomKeyContainer,SafeProvHandle& safeProvHandle,SafeKeyHandle& safeKeyHandle)
,位于System.Security.Cryptography.RSACryptoServiceProvider.ImportCspBlob(Byte [] keyBlob)
...
如何修复?
bank_certificate文件包含
UPDATE: I changed code according to tyranid answer to
var cert = new X509Certificate2(HttpContext.Current.Request.MapPath("~/App_Data/banksert.crt"), "");
var rsaCryptoIPT = (RSACryptoServiceProvider)cert.PublicKey.Key;
var sha1 = new SHA1CryptoServiceProvider();
if (!rsaCryptoIPT.VerifyData(data, sha1, signature))
throw new InvalidOperationException("Invalid signature from bank ");
This code causes Invalid signature from bank exception. Inspecting cert object in shows cert data.How to fix this so that signature is validated?Debugger shows that bank cert valid date has expired. Maybe this causes error or VerifyDate second parameter is wrong.
I can successfully sign the data and bank accepts signature using code
SHA1CryptoServiceProvider sha1 = new SHA1CryptoServiceProvider();
X509Certificate2 cert = new X509Certificate2(HttpContext.Current.Request.MapPath("~/App_Data/P12File.p12"), "");
RSACryptoServiceProvider rsaCryptoIPT = (RSACryptoServiceProvider)cert.PrivateKey;
byte[] binSignature = rsaCryptoIPT.SignData(binData, sha1);
Verifying bank signature should be reverse to this process, same algorithms are used. How to verify signature ?
Do you have Enhanced crypto provider installed?Actually, to not depend on crypto providers, you can use other libraries, which implements all the cryptography stuff in native code. I know about EldoS SecureBlackbox (which is commercial), and Bouncy Castle (free one), however there can be other libraries on market.
这篇关于如何将openssl_pkey_get_public和openssl_verify转换为C#.NET的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!