问题描述

没有人知道？我相信它是RSAPKCS1，它仍然安全吗？

Does anyone know which signature algorithm is used for RSACryptoServiceProvider.SignHash? I believe it is RSAPKCS1, is that still secure?

有没有人想过将RSASSA-PSS配置为RSACryptoServiceProvider的签名算法，而无需使用某些第三方库像BouncyCastle吗？

Does anyone have an idea of configuring RSASSA-PSS as the signature algorithm for the RSACryptoServiceProvider without using some third-party library like BouncyCastle?

提前感谢。

推荐答案

RSACryptoServiceProvider 只能执行PKCS-1签名。

RSACryptoServiceProvider can only do PKCS-1 signatures.

在.NET 4.6中，在RSA基类上添加了一组新方法其中添加了 RSASignaturePadding 参数。 RSACng 类可以通过 RSASignaturePadding.Pss 值（带有MGF-1，MGF摘要和PSS摘要既是消息摘要，盐大小也是摘要大小。

In .NET 4.6 a new set of methods was added on the RSA base class which added an RSASignaturePadding parameter. The RSACng class can do RSASSA-PSS via the RSASignaturePadding.Pss value (PSS with MGF-1, MGF digest and PSS digest are both the message digest, and the salt size is the digest size).

.NET 4.6还为从证书获取密钥增加了更好的类型安全性，并且新方法很可能会返回RSACng：

.NET 4.6 also added better type-safety to getting keys from certificates, and the new approaches will most likely return RSACng:

using (RSA privateKey = cert.GetRSAPrivateKey())
{
    return privateKey.SignHash(hash, HashAlgorithmName.SHA256, RSASignaturePadding.Pss);
}

这篇关于C＃中的RSASSA-PSS的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！