问题
Is there a built in procedure to digitally sign an HTTPS request with client's SSL private key in .net? Also, is there a built in procedure to verify the digital signature against an SSL certificate? Or do I have to roll my own? Or is there a third party library?
The data that I want to sign is normal HTTP form request. For example I'm providing this address to deduct balance of a card:
https://myserver/deduction
The client will post an HTTP form to that address with data like card=1234567890123456, currency=1, amount=1000, etc. This data is the one I want my client to sign.
I need the request to be digitally signed because the client manipulates money, so I want to be sure that the request really comes from the client and that nobody tampers with the content of the request.
I'm also considering using SSL client certificate, but it can only provide confidentiality and authentication, but not data integrity.
回答1:
There seems to be a whole example here with code how to do basic Digital Signature Implementation in C# http://tutorial.visualstudioteamsystem.com/details.aspx?item=134
var MySigner = new DSACryptoServiceProvider();
string publicKey;
using (var file = new FileStream(args[0], FileMode.Open, FileAccess.Read))
{
using (var reader = new BinaryReader(file))
{
var data = reader.ReadBytes((int)file.Length);
var signature = MySigner.SignData(data);
publicKey = MySigner.ToXmlString(false);
Console.WriteLine("Signature: " + Convert.ToBase64String(signature));
}
}
var verifier = new DSACryptoServiceProvider();
verifier.FromXmlString(publicKey);
using (var file = new FileStream(args[0], FileMode.Open, FileAccess.Read))
{
using (var reader = new BinaryReader(file))
{
byte[] data = reader.ReadBytes((int)file .Length);
if (verifier.VerifyData(data, signature))
Console.WriteLine("Signature");
else
Console.WriteLine("Signature is not verified");
}
}
来源:https://stackoverflow.com/questions/4688056/how-do-i-digitally-sign-an-https-request-in-net