1. 技术文章
  2. Signing data with private key in c#

Signing data with private key in c#

匆匆过客 提交于 2019-12-28 03:04:07

问题


I need to sign some data with one private key using Algorithm SHA1RSA ,Rsa Key length 2048 with 64 base encoding.My code is like this

       string sPayload = "";
        HttpWebRequest httpWebRequest = (HttpWebRequest)WebRequest.Create("URI");
        httpWebRequest.ContentType = "application/json; charset=utf-8";
        httpWebRequest.Method = WebRequestMethods.Http.Post;

        using (StreamWriter streamWriter = new StreamWriter(httpWebRequest.GetRequestStream()))
        {
            sPayload = "{\"id\":\"14123213213\"," +
                         "\"uid\":\"teller\"," +
                         "\"pwd\":\"abc123\"," +
                         "\"apiKey\":\"2343243\"," +

                          "\"agentRefNo\":\"234324324\"}";

          httpWebRequest.Headers.Add("SIGNATURE", Convert.ToBase64String(new System.Security.Cryptography.SHA1CryptoServiceProvider().ComputeHash(Encoding.ASCII.GetBytes(sPayload))));

            streamWriter.Write(sPayload);
            streamWriter.Flush();
            streamWriter.Close();
        }
        System.Net.ServicePointManager.Expect100Continue = false;

        HttpWebResponse httpResponse = (HttpWebResponse)httpWebRequest.GetResponse();

        using (StreamReader streamReader = new StreamReader(httpResponse.GetResponseStream()))
        {
            string result = streamReader.ReadToEnd();
        }

In the Header name Signature i need to pass the signed data(sPayload) using the private key.But using above code an error is getting as "invalid signature" from third party and i'am not sure whether the Encryption part is correct or not.

httpWebRequest.Headers.Add("SIGNATURE", Convert.ToBase64String(new System.Security.Cryptography.SHA1CryptoServiceProvider().ComputeHash(Encoding.ASCII.GetBytes(sPayload))));

Third party had provide one certificate(cert,sha1) and key.should i refer that to the code?


回答1:


You have computed the SHA-1 hash of sPayload, not the RSA-SHA1 signature.

If you have an X509Certificate2:

using (RSA rsa = cert.GetRSAPrivateKey())
{
    return rsa.SignData(sPayload, HashAlgorithmName.SHA1, RSASignaturePadding.Pkcs1);
}

If you already have a raw RSA key then just leave off the using statement.

If you have to compute the hash of sPayload for some other reason you can do it like

byte[] hash;
byte[] signature;

using (HashAlgorithm hasher = SHA1.Create())
using (RSA rsa = cert.GetRSAPrivateKey())
{
    hash = hasher.ComputeHash(sPayload);
    signature = rsa.SignHash(hash, HashAlgorithmName.SHA1, RSASignaturePadding.Pkcs1);
}

SignHash still requires the HashAlgorithmName value because the algorithm identifier is embedded within the signature.



来源:https://stackoverflow.com/questions/31828420/signing-data-with-private-key-in-c-sharp

标签
c#
cryptography
httprequest
rsa
digital-signature
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!