错误值的数字签名
Posted
技术标签:
【中文标题】错误值的数字签名【英文标题】:Digital Signature with wrong value 【发布时间】:2011-12-26 16:38:58 【问题描述】:我正在尝试为文本块创建数字签名。虽然我似乎能够创建签名,但它与我们的测试用例要求的数字测试签名不同。我使用的代码如下。
X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
store.Open(OpenFlags.OpenExistingOnly);
X509Certificate2Collection certcol = store.Certificates.Find(X509FindType.FindByIssuerName, "eBusiness Development CA", false);
if (certcol.Count > 0)
X509Certificate2 cert = certcol[0];
System.Security.Cryptography.RSACryptoServiceProvider privateKey = cert.PrivateKey as System.Security.Cryptography.RSACryptoServiceProvider;
System.Security.Cryptography.SHA1CryptoServiceProvider sha = new System.Security.Cryptography.SHA1CryptoServiceProvider();
byte[] hash = sha.ComputeHash(System.Text.ASCIIEncoding.ASCII.GetBytes(txtIn.Text));
byte[] SignedHash = privateKey.SignHash(hash, System.Security.Cryptography.CryptoConfig.MapNameToOID("SHA"));
String val = Convert.ToBase64String(SignedHash) + Environment.NewLine + Environment.NewLine;
**Below is the test certificate being used**
-----BEGIN CERTIFICATE-----
MIIDajCCAtOgAwIBAgIBCjANBgkqhkiG9w0BAQQFADCBhDELMAkGA1UEBhMCQVUx
DDAKBgNVBAgTA05TVzEPMA0GA1UEBxMGU3lkbmV5MQ0wCwYDVQQKEwRBU0lDMSQw
IgYDVQQLExtJVFNCIGVCdXNpbmVzcyBTeXN0ZW1zIFRlYW0xITAfBgNVBAMTGGVC
dXNpbmVzcyBEZXZlbG9wbWVudCBDQTAeFw0wMjA1MjcwMzA4MDlaFw0wMzA1Mjcw
MzA4MDlaMF0xCzAJBgNVBAYTAkFVMQwwCgYDVQQIEwNOU1cxDzANBgNVBAcTBlN5
ZG5leTENMAsGA1UEChMEQVNJQzENMAsGA1UECxMEVGVzdDERMA8GA1UEAxMIVGVz
dGVyIDIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM3zyt6WrajwGLx7L9b/
ji36J5cUi3FCiAnHWT6rU4iO/0kO5GC5DhIlEVW64e29sXD7V5G+Dc1DyhweHOFC
1nz55zci4peeg+QPj8LApexjKcCjm6y6hilN8u5YUzBG7lkI0miUcrF2zF9Kxrqo
c/GxKL7Btdj3jGCZpwmVmQrHAgMBAAGjggEQMIIBDDAJBgNVHRMEAjAAMCwGCWCG
SAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4E
FgQUwvFqXS71CPKI/CUSuTqzZmTKY8AwgbEGA1UdIwSBqTCBpoAUdVgA2CTNbQWg
/GHtVe7HDcH/Ci2hgYqkgYcwgYQxCzAJBgNVBAYTAkFVMQwwCgYDVQQIEwNOU1cx
DzANBgNVBAcTBlN5ZG5leTENMAsGA1UEChMEQVNJQzEkMCIGA1UECxMbSVRTQiBl
QnVzaW5lc3MgU3lzdGVtcyBUZWFtMSEwHwYDVQQDExhlQnVzaW5lc3MgRGV2ZWxv
cG1lbnQgQ0GCAQAwDQYJKoZIhvcNAQEEBQADgYEAM3NVo4i+ndGqddZAtGxqpeE0
dWondUaN3DV+0CpQFYfH3cblGtnTkQdgUFbBxrDrFvIuoYZWv2X1zYl3SAFbF91U
WFxklCCmU9POoeB+j4fDqN+H69eAUZUz2vVHcLVePhNJhm64lYAhA83Rodv/sj6c
vxkxeg9xtdlZXGrmKik=
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIICXgIBAAKBgQDN88relq2o8Bi8ey/W/44t+ieXFItxQogJx1k+q1OIjv9JDuRg
uQ4SJRFVuuHtvbFw+1eRvg3NQ8ocHhzhQtZ8+ec3IuKXnoPkD4/CwKXsYynAo5us
uoYpTfLuWFMwRu5ZCNJolHKxdsxfSsa6qHPxsSi+wbXY94xgmacJlZkKxwIDAQAB
AoGBALSKsd3dAxFkoJqh9rcnwhDmCUy00uSPqUfBPKfmcsz0ZjA6YNO1hfM8EW0w
7ZuGvgVIIGT/0YOOmJ97el+yQukp8ViYQLWidLOe/IWPzWrcK+D7gBs/sGUNakWl
Dqen6+HcUV9NBW/AvY4wWigllWx+F9fRt2Y+BLV3lO7EngsJAkEA+haLzFi4+Sdm
SPot7f2yYy366Ktqt9XbAWbWllE/Md2kt0wFI3gs85uURIf9UIrLL+JbrPRw1rzq
j94qXdE7TQJBANLSJpZougjyQG+rgbkf4BbUlfy9S8iKNDk4YfYviDQ4EJ99c5Mb
qF5ukiqnPSRNuKm5iePdFT2kB/F4mbvFjGMCQQCPjqmpH7TusQMyGQqMdvkTna1O
KjgUVxpkb5f2qaTRBx4qaeT5O17yZ/hwbm+m8EU6s4FUguzTF5a+BxXizNxxAkEA
qZZxggbGuBGfsfTmCnRQwCzMZp4jyzMZpXnsm6xKxa7f+FxjT1AtVaFepT8Y2Q5I
YQemm40p3AcKeL2J9VmJfwJAHTf41K9iQlbQEyq8LMF7EQ7IqwmOlebh86qJPVqE
Fv9xZRAOzxG/ZgsXImMvWEUabqcIoXA7i9CZOJNg/kvKdw==
-----END RSA PRIVATE KEY-----
**Below is the Data I am trying to create a digital signature for Starting from ZHDASCRA53 0700 to the end of ZTRENDRA53 22 including the new line contstant at the very end**
ZHDASCRA53 0700 956456
ZXCMIIDajCCAtOgAwIBAgIBCjANBgkqhkiG9w0BAQQFADCBhDELMAkGA1UEBhMCQVUx
ZXCDDAKBgNVBAgTA05TVzEPMA0GA1UEBxMGU3lkbmV5MQ0wCwYDVQQKEwRBU0lDMSQw
ZXCIgYDVQQLExtJVFNCIGVCdXNpbmVzcyBTeXN0ZW1zIFRlYW0xITAfBgNVBAMTGGVC
ZXCdXNpbmVzcyBEZXZlbG9wbWVudCBDQTAeFw0wMjA1MjcwMzA4MDlaFw0wMzA1Mjcw
ZXCMzA4MDlaMF0xCzAJBgNVBAYTAkFVMQwwCgYDVQQIEwNOU1cxDzANBgNVBAcTBlN5
ZXCZG5leTENMAsGA1UEChMEQVNJQzENMAsGA1UECxMEVGVzdDERMA8GA1UEAxMIVGVz
ZXCdGVyIDIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM3zyt6WrajwGLx7L9b/
ZXCji36J5cUi3FCiAnHWT6rU4iO/0kO5GC5DhIlEVW64e29sXD7V5G+Dc1DyhweHOFC
ZXC1nz55zci4peeg+QPj8LApexjKcCjm6y6hilN8u5YUzBG7lkI0miUcrF2zF9Kxrqo
ZXCc/GxKL7Btdj3jGCZpwmVmQrHAgMBAAGjggEQMIIBDDAJBgNVHRMEAjAAMCwGCWCG
ZXCSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4E
ZXCFgQUwvFqXS71CPKI/CUSuTqzZmTKY8AwgbEGA1UdIwSBqTCBpoAUdVgA2CTNbQWg
ZXC/GHtVe7HDcH/Ci2hgYqkgYcwgYQxCzAJBgNVBAYTAkFVMQwwCgYDVQQIEwNOU1cx
ZXCDzANBgNVBAcTBlN5ZG5leTENMAsGA1UEChMEQVNJQzEkMCIGA1UECxMbSVRTQiBl
ZXCQnVzaW5lc3MgU3lzdGVtcyBUZWFtMSEwHwYDVQQDExhlQnVzaW5lc3MgRGV2ZWxv
ZXCcG1lbnQgQ0GCAQAwDQYJKoZIhvcNAQEEBQADgYEAM3NVo4i+ndGqddZAtGxqpeE0
ZXCdWondUaN3DV+0CpQFYfH3cblGtnTkQdgUFbBxrDrFvIuoYZWv2X1zYl3SAFbF91U
ZXCWFxklCCmU9POoeB+j4fDqN+H69eAUZUz2vVHcLVePhNJhm64lYAhA83Rodv/sj6c
ZXCvxkxeg9xtdlZXGrmKik=
ZDCALPHA ADAM 20110801 Y Y A96373
ZTRENDRA53 22
**^ Include last newline constant**
**Below is the expected signature**
jrnTLMj6W4vbZ/FJ13TLl+nsfsIWkbUU6UgZqIutPmQlZgB6eYWwF5noHsTc90CXXEXUV1GS3UZvedFEzr8D1cqbf4EOHYZJclcHlF/Ve47lXwggZ1G7FIlqHAmlGNcLktyLehOsyHapYY6oyqQF6by2/I9sMD5qy/LpxHObSaS=
**Below is the signature I get (which is wrong)**
C1r3XVKCl/yfg0lm67C95ozma/L1EWQFgmHV4T1RDq+yxqxCF4FN7fcmuF8eSoLuyJZWx4HnNPqTZwetmKzyDhGpzZaBf4FMfCC7bgIBWaZrHUgVmswUITbQmNZv2T2Ka4q8PpNAhPRv3VhXb2UPeuz7zcsmNwTsCRzT+gvw/c8=
任何能产生预期签名的天才,我都会永远感激不尽。如果社区不能回答这个问题,我们愿意向专业人士付费,因此我们很乐意接受建议。
问候所有 - 布鲁斯
【问题讨论】:
测试数据是如何创建的?它使用相同的编码吗? 使用的芯片表示为DES-CBC3-SHA 我的意思是您使用了 ascii 编码,但还有其他编码(ASCII/UTF7/8/32/UNICODE),是否可以使用替代编码创建测试数据。即使是发布在 Web 表单上的数据在剪切和粘贴到 Web 表单时也会丢失/获得信息 - 即回车或空格(截断)。 感谢您的回复,所有的文档都只指ASCII 【参考方案1】:我验证了您使用证书公钥提供的两个签名,并且都是正确的 RSA/PKCS#1 签名。但是,签名使用不同的摘要算法:您的签名使用 SHA-1 算法,而“正确”签名使用 MD5 算法。这就解释了为什么签名不同。
【讨论】:
以上是关于错误值的数字签名的主要内容,如果未能解决你的问题,请参考以下文章
在“”类型上找不到带有“数字”类型参数的索引签名 - Typescript 编译器错误