using Org.BouncyCastle.Asn1.Pkcs; using Org.BouncyCastle.Asn1.X509; using Org.BouncyCastle.Crypto; using Org.BouncyCastle.Crypto.Parameters; using Org.BouncyCastle.Math; using Org.BouncyCastle.Pkcs; using Org.BouncyCastle.Security; using Org.BouncyCastle.X509; using System; using System.IO; using System.Security.Cryptography; using System.Text; using System.Xml; namespace EntrustSettle.Common.Helper { /// /// RSA加解密 使用OpenSSL的私钥加密/公钥解密 (一般不用) /// 公私钥请使用openssl生成 /// public class RSAHelperExtend { /// /// 生成公钥与私钥方法 /// /// public static string[] CreateKey(KeyType keyType) { string[] sKeys = new String[2]; RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(); switch (keyType) { case KeyType.XML: { //私钥 sKeys[0] = rsa.ToXmlString(true); //公钥 sKeys[1] = rsa.ToXmlString(false); } break; case KeyType.PKS8: { //JAVA私钥 sKeys[0] = RSAPrivateKeyDotNet2Java(sKeys[0]); //JAVA公钥 sKeys[1] = RSAPublicKeyDotNet2Java(sKeys[1]); } break; default: break; } return sKeys; } /// /// 密钥类型 /// public enum KeyType { /// /// xml类型 /// XML, /// /// pks8类型 /// PKS8 } /// /// RSA私钥格式转换,.net->java /// /// .net生成的私钥 /// public static string RSAPrivateKeyDotNet2Java(string privateKey) { XmlDocument doc = new XmlDocument(); doc.LoadXml(privateKey); BigInteger m = new BigInteger(Convert.FromBase64String(doc.DocumentElement.GetElementsByTagName("Modulus")[0].InnerText)); BigInteger exp = new BigInteger(Convert.FromBase64String(doc.DocumentElement.GetElementsByTagName("Exponent")[0].InnerText)); BigInteger d = new BigInteger(Convert.FromBase64String(doc.DocumentElement.GetElementsByTagName("D")[0].InnerText)); BigInteger p = new BigInteger(Convert.FromBase64String(doc.DocumentElement.GetElementsByTagName("P")[0].InnerText)); BigInteger q = new BigInteger(Convert.FromBase64String(doc.DocumentElement.GetElementsByTagName("Q")[0].InnerText)); BigInteger dp = new BigInteger(Convert.FromBase64String(doc.DocumentElement.GetElementsByTagName("DP")[0].InnerText)); BigInteger dq = new BigInteger(Convert.FromBase64String(doc.DocumentElement.GetElementsByTagName("DQ")[0].InnerText)); BigInteger qinv = new BigInteger(Convert.FromBase64String(doc.DocumentElement.GetElementsByTagName("InverseQ")[0].InnerText)); RsaPrivateCrtKeyParameters privateKeyParam = new RsaPrivateCrtKeyParameters(m, exp, d, p, q, dp, dq, qinv); PrivateKeyInfo privateKeyInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(privateKeyParam); byte[] serializedPrivateBytes = privateKeyInfo.ToAsn1Object().GetEncoded(); return Convert.ToBase64String(serializedPrivateBytes); } /// /// RSA公钥格式转换,.net->java /// /// .net生成的公钥 /// public static string RSAPublicKeyDotNet2Java(string publicKey) { XmlDocument doc = new XmlDocument(); doc.LoadXml(publicKey); BigInteger m = new BigInteger(1, Convert.FromBase64String(doc.DocumentElement.GetElementsByTagName("Modulus")[0].InnerText)); BigInteger p = new BigInteger(1, Convert.FromBase64String(doc.DocumentElement.GetElementsByTagName("Exponent")[0].InnerText)); RsaKeyParameters pub = new RsaKeyParameters(false, m, p); SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(pub); byte[] serializedPublicBytes = publicKeyInfo.ToAsn1Object().GetDerEncoded(); return Convert.ToBase64String(serializedPublicBytes); } /// /// RSA私钥格式转换,java->.net /// /// java生成的RSA私钥 /// public static string RSAPrivateKeyJavaToDotNet(string privateKey) { RsaPrivateCrtKeyParameters privateKeyParam = (RsaPrivateCrtKeyParameters)PrivateKeyFactory.CreateKey(Convert.FromBase64String(privateKey)); return string.Format("{0}{1}

{2}

{3}{4}{5}{6}{7}
", Convert.ToBase64String(privateKeyParam.Modulus.ToByteArrayUnsigned()), Convert.ToBase64String(privateKeyParam.PublicExponent.ToByteArrayUnsigned()), Convert.ToBase64String(privateKeyParam.P.ToByteArrayUnsigned()), Convert.ToBase64String(privateKeyParam.Q.ToByteArrayUnsigned()), Convert.ToBase64String(privateKeyParam.DP.ToByteArrayUnsigned()), Convert.ToBase64String(privateKeyParam.DQ.ToByteArrayUnsigned()), Convert.ToBase64String(privateKeyParam.QInv.ToByteArrayUnsigned()), Convert.ToBase64String(privateKeyParam.Exponent.ToByteArrayUnsigned())); } /// /// RSA公钥格式转换,java->.net /// /// java生成的公钥 /// public static string RSAPublicKeyJavaToDotNet(string publicKey) { RsaKeyParameters publicKeyParam = (RsaKeyParameters)PublicKeyFactory.CreateKey(Convert.FromBase64String(publicKey)); return string.Format("{0}{1}", Convert.ToBase64String(publicKeyParam.Modulus.ToByteArrayUnsigned()), Convert.ToBase64String(publicKeyParam.Exponent.ToByteArrayUnsigned())); } /// /// 最大加密长度 /// private static int MAX_ENCRYPT_BLOCK = 245; /// /// 最大解密长度 /// private static int MAX_DECRYPT_BLOCK = 256; /// /// 用私钥给数据进行RSA加密 /// /// /// /// public static string PrivateKeyEncrypt(string xmlPrivateKey, string strEncryptString) { RSAHelper rs = new RSAHelper(RSAType.RSA, Encoding.UTF8, xmlPrivateKey); var xml = rs._privateKeyRsaProvider.ToXmlString(true); MAX_ENCRYPT_BLOCK = rs._privateKeyRsaProvider.KeySize / 8 - 11; //加载私钥 RSACryptoServiceProvider privateRsa = new RSACryptoServiceProvider(); privateRsa.FromXmlString(xml); //转换密钥 AsymmetricCipherKeyPair keyPair = DotNetUtilities.GetKeyPair(privateRsa); IBufferedCipher c = CipherUtilities.GetCipher("RSA/ECB/PKCS1Padding"); //使用RSA/ECB/PKCS1Padding格式 c.Init(true, keyPair.Private);//第一个参数为true表示加密,为false表示解密;第二个参数表示密钥 byte[] DataToEncrypt = Encoding.UTF8.GetBytes(strEncryptString);//获取字节 byte[] cache; int time = 0;//次数 int inputLen = DataToEncrypt.Length; int offSet = 0; using (MemoryStream outStream = new MemoryStream()) { while (inputLen - offSet > 0) { if (inputLen - offSet > MAX_ENCRYPT_BLOCK) { cache = c.DoFinal(DataToEncrypt, offSet, MAX_ENCRYPT_BLOCK); } else { cache = c.DoFinal(DataToEncrypt, offSet, inputLen - offSet); } //写入 outStream.Write(cache, 0, cache.Length); time++; offSet = time * MAX_ENCRYPT_BLOCK; } byte[] resData = outStream.ToArray(); string strBase64 = Convert.ToBase64String(resData); return strBase64; } } /// /// 用公钥给数据进行RSA解密 /// /// 公钥(XML格式字符串) /// 要解密数据 /// 解密后的数据 public static string PublicKeyDecrypt(string xmlPublicKey, string strDecryptString) { RSAHelper rs = new RSAHelper(RSAType.RSA, Encoding.UTF8, "", xmlPublicKey); var xml = rs._publicKeyRsaProvider.ToXmlString(false); MAX_DECRYPT_BLOCK = rs._publicKeyRsaProvider.KeySize / 8; //加载公钥 RSACryptoServiceProvider publicRsa = new RSACryptoServiceProvider(); publicRsa.FromXmlString(xml); RSAParameters rp = publicRsa.ExportParameters(false); //转换密钥 AsymmetricKeyParameter pbk = DotNetUtilities.GetRsaPublicKey(rp); IBufferedCipher c = CipherUtilities.GetCipher("RSA/ECB/PKCS1Padding"); //第一个参数为true表示加密,为false表示解密;第二个参数表示密钥 c.Init(false, pbk); byte[] DataToDecrypt = Convert.FromBase64String(strDecryptString); //byte[] outBytes = c.DoFinal(DataToDecrypt);//解密 //string strDec = Encoding.UTF8.GetString(outBytes); byte[] cache; int time = 0;//次数 int inputLen = DataToDecrypt.Length; int offSet = 0; using (MemoryStream outStream = new MemoryStream()) { while (inputLen - offSet > 0) { if (inputLen - offSet > MAX_DECRYPT_BLOCK) { cache = c.DoFinal(DataToDecrypt, offSet, MAX_DECRYPT_BLOCK); } else { cache = c.DoFinal(DataToDecrypt, offSet, inputLen - offSet); } //写入 outStream.Write(cache, 0, cache.Length); time++; offSet = time * MAX_DECRYPT_BLOCK; } byte[] resData = outStream.ToArray(); string strDec = Encoding.UTF8.GetString(resData); return strDec; } } /// /// 私钥签名 /// /// 需签名的数据 /// 私钥 /// hash算法 /// 签名后的值 public static string Sign(string str, string privateKey, SignAlgType signAlgType) { //根据需要加签时的哈希算法转化成对应的hash字符节 byte[] bt = Encoding.UTF8.GetBytes(str); byte[] rgbHash = null; switch (signAlgType) { case SignAlgType.SHA1: { var csp = SHA1.Create(); rgbHash = csp.ComputeHash(bt); } break; case SignAlgType.SHA256: { var csp = SHA256.Create(); rgbHash = csp.ComputeHash(bt); } break; case SignAlgType.MD5: { var csp = MD5.Create(); rgbHash = csp.ComputeHash(bt); } break; default: break; } RSACryptoServiceProvider key = new RSACryptoServiceProvider(); RSAHelper rs = new RSAHelper(RSAType.RSA, Encoding.UTF8, privateKey); var xml = rs._privateKeyRsaProvider.ToXmlString(true); key.FromXmlString(xml); RSAPKCS1SignatureFormatter formatter = new RSAPKCS1SignatureFormatter(key); formatter.SetHashAlgorithm(signAlgType.ToString());//此处是你需要加签的hash算法,需要和上边你计算的hash值的算法一致,不然会报错。 byte[] inArray = formatter.CreateSignature(rgbHash); return Convert.ToBase64String(inArray); } /// /// 公钥验签 /// /// 待验证的字符串 /// 加签之后的字符串 /// 公钥 /// hash算法 /// 签名是否符合 public static bool Verify(string str, string sign, string publicKey, SignAlgType signAlgType) { byte[] bt = Encoding.UTF8.GetBytes(str); byte[] rgbHash = null; switch (signAlgType) { case SignAlgType.SHA1: { var csp = SHA1.Create(); rgbHash = csp.ComputeHash(bt); } break; case SignAlgType.SHA256: { var csp = SHA256.Create(); rgbHash = csp.ComputeHash(bt); } break; case SignAlgType.MD5: { var csp = MD5.Create(); rgbHash = csp.ComputeHash(bt); } break; default: break; } RSACryptoServiceProvider key = new RSACryptoServiceProvider(); RSAHelper rs = new RSAHelper(RSAType.RSA, Encoding.UTF8, "", publicKey); var xml = rs._publicKeyRsaProvider.ToXmlString(false); key.FromXmlString(xml); RSAPKCS1SignatureDeformatter deformatter = new RSAPKCS1SignatureDeformatter(key); deformatter.SetHashAlgorithm(signAlgType.ToString()); byte[] rgbSignature = Convert.FromBase64String(sign); if (deformatter.VerifySignature(rgbHash, rgbSignature)) return true; return false; } /// /// 签名算法类型 /// public enum SignAlgType { /// /// sha1 /// SHA1, /// /// sha256 /// SHA256, /// /// md5 /// MD5 } } }