RSA read PublicKey
本文关键字:PublicKey read RSA | 更新日期: 2023-09-27 18:26:36
我使用java和算法RSA生成了公钥,并且能够使用以下代码进行重建:
X509EncodedKeySpec pubKeySpec = new X509EncodedKeySpec(arrBytes);
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
publicKey = keyFactory.generatePublic(pubKeySpec);
问题如何使用csharp在dotnet端构造PublicKey?
示例公钥是:,在上面的代码中,我传递包含在编码的元素中的数据
<sun.security.rsa.RSAPublicKeyImpl resolves-to="java.security.KeyRep">
<type>PUBLIC</type>
<algorithm>RSA</algorithm>
<format>X.509</format>
<encoded>MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMf54mcK3EYJn9tT9BhRoTX+8AkqojIyeSfog9ncYEye
0VXyBULGg2lAQsDRt8lZsvPioORZW7eB6IKawshoWUsCAwEAAQ==</encoded>
</sun.security.rsa.RSAPublicKeyImpl>
不幸的是,C#没有提供任何简单的方法来实现这一点。但这将正确解码x509公钥(确保Base64首先解码x509key参数):
public static RSACryptoServiceProvider DecodeX509PublicKey(byte[] x509key)
{
byte[] SeqOID = { 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01 };
MemoryStream ms = new MemoryStream(x509key);
BinaryReader reader = new BinaryReader(ms);
if (reader.ReadByte() == 0x30)
ReadASNLength(reader); //skip the size
else
return null;
int identifierSize = 0; //total length of Object Identifier section
if (reader.ReadByte() == 0x30)
identifierSize = ReadASNLength(reader);
else
return null;
if (reader.ReadByte() == 0x06) //is the next element an object identifier?
{
int oidLength = ReadASNLength(reader);
byte[] oidBytes = new byte[oidLength];
reader.Read(oidBytes, 0, oidBytes.Length);
if (oidBytes.SequenceEqual(SeqOID) == false) //is the object identifier rsaEncryption PKCS#1?
return null;
int remainingBytes = identifierSize - 2 - oidBytes.Length;
reader.ReadBytes(remainingBytes);
}
if (reader.ReadByte() == 0x03) //is the next element a bit string?
{
ReadASNLength(reader); //skip the size
reader.ReadByte(); //skip unused bits indicator
if (reader.ReadByte() == 0x30)
{
ReadASNLength(reader); //skip the size
if (reader.ReadByte() == 0x02) //is it an integer?
{
int modulusSize = ReadASNLength(reader);
byte[] modulus = new byte[modulusSize];
reader.Read(modulus, 0, modulus.Length);
if (modulus[0] == 0x00) //strip off the first byte if it's 0
{
byte[] tempModulus = new byte[modulus.Length - 1];
Array.Copy(modulus, 1, tempModulus, 0, modulus.Length - 1);
modulus = tempModulus;
}
if (reader.ReadByte() == 0x02) //is it an integer?
{
int exponentSize = ReadASNLength(reader);
byte[] exponent = new byte[exponentSize];
reader.Read(exponent, 0, exponent.Length);
RSACryptoServiceProvider RSA = new RSACryptoServiceProvider();
RSAParameters RSAKeyInfo = new RSAParameters();
RSAKeyInfo.Modulus = modulus;
RSAKeyInfo.Exponent = exponent;
RSA.ImportParameters(RSAKeyInfo);
return RSA;
}
}
}
}
return null;
}
public static int ReadASNLength(BinaryReader reader)
{
//Note: this method only reads lengths up to 4 bytes long as
//this is satisfactory for the majority of situations.
int length = reader.ReadByte();
if ((length & 0x00000080) == 0x00000080) //is the length greater than 1 byte
{
int count = length & 0x0000000f;
byte[] lengthBytes = new byte[4];
reader.Read(lengthBytes, 4 - count, count);
Array.Reverse(lengthBytes); //
length = BitConverter.ToInt32(lengthBytes, 0);
}
return length;
}
上面的代码是基于这个问题(它只适用于特定的密钥大小)。上面的代码几乎适用于任何RSA密钥大小,并且已经使用您提供的密钥以及2048位和4096位密钥进行了测试。
另一种解决方案是使用工具生成证书(XCA是一个很好的工具),将证书导出到p12(PKCS12)文件,然后在Java和C#中加载证书以获取密钥。
在C#中,您可以使用X509Certificate2
类加载PKCS12文件。
X509Certificate2 cert = new X509Certificate2(certificateFile, certificatePassword, X509KeyStorageFlags.Exportable | X509KeyStorageFlags.PersistKeySet);
RSACryptoServiceProvider provider1 = (RSACryptoServiceProvider)cert.PublicKey.Key;
RSACryptoServiceProvider provider2 = (RSACryptoServiceProvider)cert.PrivateKey;
在Java中,您可以使用KeyStore
类加载PKCS12文件。
KeyStore keystore = KeyStore.getInstance("PKCS12");
keystore.load(new FileInputStream(certificateFile), certificatePassword.toCharArray());
Key key = keystore.getKey(certName, certificatePassword.toCharArray());
Certificate cert = keystore.getCertificate(certName);
PublicKey publicKey = cert.getPublicKey();
KeyPair keys = new KeyPair(publicKey, (PrivateKey) key);
在Java中,将publicKey
从PublicKey
强制转换为RSAPublicKey
。
具有getModulus
和getExponent
的将获得BigIntegers
,使用toByteArray
从中获得字节。
我不知道Java在BigInteger
类中保持前导0,所以请检查是否必须从公共指数中去掉前导null(0x00)字节。
使用Apache Commons编解码器或Java 8的Base64编码器将字节数组编码为Base64。
您可能需要检查字节顺序(可能颠倒模数,不确定)。
通过构造以下XML:"<RSAKeyValue><Modulus>
{此处为您的基数64编码的公共模数}</Modulus><Exponent>
{此处是您的基数六十四编码的公共指数}</Exponent></RSAKeyValue>"
来序列化它们。
在CSharp:中
var rsaCsp = new RSACryptoServiceProvider(o.BitLength);
rsaCsp.FromXmlString(xmlRsaKeyValue);
现在,您的公钥已加载到RSA CSP中。
通过添加p、Q、DP、DQ和InverseQ XML元素,可以将相同的过程扩展为加载私钥。
你好,你也可以试试这种方式,
private static string[] GenerateXMLPrivatePublicKeys(){
string[] keys = new string[2];
RSA rsa = new RSACryptoServiceProvider(2048);
string publicKey = rsa.ToXmlString(false);
string privateKey = rsa.ToXmlString(true);
keys[0] = publicKey;
keys[1] = privateKey;
return keys;
}