RSA加密解密及RSA签名和验证及证书
- 公钥是给别人的
- 发送密文使用公钥加密
- 验证签名使用公钥验证
- 私钥是自己保留的
- 接受密文使用私钥解密
- 发送签名使用私钥签名
- 上述过程逆转是不行的,比如使用私钥加密,使用公钥解密是不行的
- 证书的制作参考自使用X.509数字证书加密解密实务(一)-- 证书的获得和管理
- 打开VS开发命令,输入下面的命令:
makecert -sr CurrentUser -ss My -n CN=MyTestCert -sky exchange -pe
- 从证书中读取私钥和公钥:
/// <summary>
/// 根据私钥证书得到证书实体,得到实体后可以根据其公钥和私钥进行加解密
/// 加解密函数使用DEncrypt的RSACryption类
/// </summary>
/// <param name="pfxFileName"></param>
/// <param name="password"></param>
/// <returns></returns>
public static X509Certificate2 GetCertificateFromPfxFile(string pfxFileName,
string password)
{
try
{
return new X509Certificate2(pfxFileName, password, X509KeyStorageFlags.Exportable);
}
catch (Exception e)
{
return null;
}
}
var cer= RSACryption.GetCertificateFromPfxFile(@"D:\my.pfx", "123456");
tbPrivateKey.Text = cer.PrivateKey.ToXmlString(true);
tbPublicKey.Text = cer.PublicKey.Key.ToXmlString(false);
完整测试代码:
WPF前端:
<Window x:Class="Security.MainWindow"
xmlns="http://schemas.microsoft.com/winfx/2006/xaml/presentation"
xmlns:x="http://schemas.microsoft.com/winfx/2006/xaml"
xmlns:d="http://schemas.microsoft.com/expression/blend/2008"
xmlns:mc="http://schemas.openxmlformats.org/markup-compatibility/2006"
xmlns:local="clr-namespace:Security"
mc:Ignorable="d"
Title="MainWindow" Height="700" Width="1200">
<Grid>
<Grid.RowDefinitions>
<RowDefinition Height="auto"></RowDefinition>
<RowDefinition Height="auto"></RowDefinition>
<RowDefinition Height="auto"></RowDefinition>
<RowDefinition Height="auto"></RowDefinition>
<RowDefinition Height="auto"></RowDefinition>
<RowDefinition Height="auto"></RowDefinition>
<RowDefinition Height="auto"></RowDefinition>
<RowDefinition Height="auto"></RowDefinition>
<RowDefinition Height="auto"></RowDefinition>
</Grid.RowDefinitions>
<StackPanel Margin="3" Orientation="Horizontal" HorizontalAlignment="Left">
<Button Margin="3" Name="GenerateKeys" Click="GenerateKeys_Click">生成Key</Button>
<Button Margin="3" Name="Encrypt" Click="Encrypt_Click">公钥加密</Button>
<Button Margin="3" Name="Decrypt" Click="Decrypt_Click">私钥解密</Button>
<Button Margin="3" Name="GetHash" Click="GetHash_Click">获取Hash</Button>
<Button Margin="3" Name="Sign" Click="Sign_Click">私钥签名</Button>
<Button Margin="3" Name="ValidateSign" Click="ValidateSign_Click">签名验证</Button>
<Button Margin="3" Name="InputPfx" Click="InputPfx_Click">导入证书</Button>
<Button Margin="3" Name="EcryptByPrivateKey" Click="EcryptByPrivateKey_Click">私钥加密</Button>
<Button Margin="3" Name="DcryptByPrivateKey" Click="DcryptByPrivateKey_Click">公钥解密</Button>
</StackPanel>
<StackPanel Grid.Row="1" Margin="3">
<TextBlock Margin="3">公钥:</TextBlock>
<TextBox Name="tbPublicKey" TextWrapping="Wrap" MinLines="2" Margin="3"></TextBox>
</StackPanel>
<StackPanel Grid.Row="2" Margin="3">
<TextBlock Margin="3">私钥:</TextBlock>
<TextBox Name="tbPrivateKey" TextWrapping="Wrap" MinLines="5" Margin="3"></TextBox>
</StackPanel>
<StackPanel Grid.Row="3" Margin="3">
<TextBlock Margin="3">待加密内容:</TextBlock>
<TextBox Name="tbContent" TextWrapping="Wrap" MinLines="3" Margin="3">i am cypher</TextBox>
</StackPanel>
<StackPanel Grid.Row="4" Margin="3">
<TextBlock Margin="3">公钥加密后内容:</TextBlock>
<TextBox Name="tbEncryptContent" TextWrapping="Wrap" MinLines="2" Margin="3"></TextBox>
</StackPanel>
<StackPanel Grid.Row="5" Margin="3">
<TextBlock Margin="3">私钥解密后内容:</TextBlock>
<TextBox Name="tbDecryptContent" TextWrapping="Wrap" Margin="3"></TextBox>
</StackPanel>
<StackPanel Grid.Row="6" Margin="3">
<TextBlock Margin="3">Hash:</TextBlock>
<TextBox Name="tbHash" Margin="3"></TextBox>
</StackPanel>
<StackPanel Grid.Row="7" Margin="3">
<TextBlock Margin="3">私钥签名后内容:</TextBlock>
<TextBox Name="tbSign" TextWrapping="Wrap" MinLines="2" Margin="3"></TextBox>
</StackPanel>
<StackPanel Grid.Row="8" Margin="3">
<TextBlock Margin="3">公钥签名验证:</TextBlock>
<TextBox Name="tbValidateSign" TextWrapping="Wrap" Margin="3"></TextBox>
</StackPanel>
</Grid>
</Window>
后端:
public partial class MainWindow : Window
{
public MainWindow()
{
InitializeComponent();
} private void GenerateKeys_Click(object sender, RoutedEventArgs e)
{
string privateKey = "";
string publicKey = "";
RSACryption.GenerateKey(out privateKey, out publicKey);
tbPrivateKey.Text = privateKey;
tbPublicKey.Text = publicKey;
} private void Encrypt_Click(object sender, RoutedEventArgs e)
{
tbEncryptContent.Text = RSACryption.RSAEncrypt(tbPublicKey.Text, tbContent.Text);
} private void Decrypt_Click(object sender, RoutedEventArgs e)
{
tbDecryptContent.Text = RSACryption.RSADecrypt(tbPrivateKey.Text, tbEncryptContent.Text);
} private void Sign_Click(object sender, RoutedEventArgs e)
{
tbSign.Text = RSACryption.GetSignature(tbPrivateKey.Text, tbHash.Text);
} private void GetHash_Click(object sender, RoutedEventArgs e)
{
tbHash.Text = RSACryption.GetHash(tbContent.Text);
} private void ValidateSign_Click(object sender, RoutedEventArgs e)
{
tbValidateSign.Text = RSACryption.ValidateSignature(tbPublicKey.Text, tbHash.Text, tbSign.Text).ToString();
} private void InputPfx_Click(object sender, RoutedEventArgs e)
{
var cer= RSACryption.GetCertificateFromPfxFile(@"D:\my.pfx", "123456");
tbPrivateKey.Text = cer.PrivateKey.ToXmlString(true);
tbPublicKey.Text = cer.PublicKey.Key.ToXmlString(false);
} private void EcryptByPrivateKey_Click(object sender, RoutedEventArgs e)
{
tbEncryptContent.Text = RSACryption.RSAEncrypt(tbPrivateKey.Text, tbContent.Text);
} private void DcryptByPrivateKey_Click(object sender, RoutedEventArgs e)
{
tbDecryptContent.Text = RSACryption.RSADecrypt(tbPublicKey.Text, tbEncryptContent.Text);
}
}
附上转自飛雲若雪的代码:
class RSACryption
{
#region RSA 加密解密 #region RSA 的密钥产生
/// <summary>
/// RSA产生密钥
/// </summary>
/// <param name="xmlKeys">私钥</param>
/// <param name="xmlPublicKey">公钥</param>
public void RSAKey(out string xmlKeys, out string xmlPublicKey)
{
try
{
System.Security.Cryptography.RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();
xmlKeys = rsa.ToXmlString(true);
xmlPublicKey = rsa.ToXmlString(false);
}
catch (Exception ex)
{
throw ex;
}
}
#endregion #region RSA加密函数
//##############################################################################
//RSA 方式加密
//KEY必须是XML的形式,返回的是字符串
//该加密方式有长度限制的!
//############################################################################## /// <summary>
/// RSA的加密函数
/// </summary>
/// <param name="xmlPublicKey">公钥</param>
/// <param name="encryptString">待加密的字符串</param>
/// <returns></returns>
public string RSAEncrypt(string xmlPublicKey, string encryptString)
{
try
{
byte[] PlainTextBArray;
byte[] CypherTextBArray;
string Result;
System.Security.Cryptography.RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();
rsa.FromXmlString(xmlPublicKey);
PlainTextBArray = (new UnicodeEncoding()).GetBytes(encryptString);
CypherTextBArray = rsa.Encrypt(PlainTextBArray, false);
Result = Convert.ToBase64String(CypherTextBArray);
return Result;
}
catch (Exception ex)
{
throw ex;
}
}
/// <summary>
/// RSA的加密函数
/// </summary>
/// <param name="xmlPublicKey">公钥</param>
/// <param name="EncryptString">待加密的字节数组</param>
/// <returns></returns>
public string RSAEncrypt(string xmlPublicKey, byte[] EncryptString)
{
try
{
byte[] CypherTextBArray;
string Result;
System.Security.Cryptography.RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();
rsa.FromXmlString(xmlPublicKey);
CypherTextBArray = rsa.Encrypt(EncryptString, false);
Result = Convert.ToBase64String(CypherTextBArray);
return Result;
}
catch (Exception ex)
{
throw ex;
}
}
#endregion #region RSA的解密函数
/// <summary>
/// RSA的解密函数
/// </summary>
/// <param name="xmlPrivateKey">私钥</param>
/// <param name="decryptString">待解密的字符串</param>
/// <returns></returns>
public string RSADecrypt(string xmlPrivateKey, string decryptString)
{
try
{
byte[] PlainTextBArray;
byte[] DypherTextBArray;
string Result;
System.Security.Cryptography.RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();
rsa.FromXmlString(xmlPrivateKey);
PlainTextBArray = Convert.FromBase64String(decryptString);
DypherTextBArray = rsa.Decrypt(PlainTextBArray, false);
Result = (new UnicodeEncoding()).GetString(DypherTextBArray);
return Result;
}
catch (Exception ex)
{
throw ex;
}
}
/// <summary>
/// RSA的解密函数
/// </summary>
/// <param name="xmlPrivateKey">私钥</param>
/// <param name="DecryptString">待解密的字节数组</param>
/// <returns></returns>
public string RSADecrypt(string xmlPrivateKey, byte[] DecryptString)
{
try
{
byte[] DypherTextBArray;
string Result;
System.Security.Cryptography.RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();
rsa.FromXmlString(xmlPrivateKey);
DypherTextBArray = rsa.Decrypt(DecryptString, false);
Result = (new UnicodeEncoding()).GetString(DypherTextBArray);
return Result;
}
catch (Exception ex)
{
throw ex;
}
}
#endregion #endregion #region RSA数字签名 #region 获取Hash描述表
/// <summary>
/// 获取Hash描述表
/// </summary>
/// <param name="strSource">待签名的字符串</param>
/// <param name="HashData">Hash描述</param>
/// <returns></returns>
public bool GetHash(string strSource, ref byte[] HashData)
{
try
{
byte[] Buffer;
System.Security.Cryptography.HashAlgorithm MD5 = System.Security.Cryptography.HashAlgorithm.Create("MD5");
Buffer = System.Text.Encoding.GetEncoding("GB2312").GetBytes(strSource);
HashData = MD5.ComputeHash(Buffer);
return true;
}
catch (Exception ex)
{
throw ex;
}
} /// <summary>
/// 获取Hash描述表
/// </summary>
/// <param name="strSource">待签名的字符串</param>
/// <param name="strHashData">Hash描述</param>
/// <returns></returns>
public bool GetHash(string strSource, ref string strHashData)
{
try
{
//从字符串中取得Hash描述
byte[] Buffer;
byte[] HashData;
System.Security.Cryptography.HashAlgorithm MD5 = System.Security.Cryptography.HashAlgorithm.Create("MD5");
Buffer = System.Text.Encoding.GetEncoding("GB2312").GetBytes(strSource);
HashData = MD5.ComputeHash(Buffer);
strHashData = Convert.ToBase64String(HashData);
return true;
}
catch (Exception ex)
{
throw ex;
}
} /// <summary>
/// 获取Hash描述表
/// </summary>
/// <param name="objFile">待签名的文件</param>
/// <param name="HashData">Hash描述</param>
/// <returns></returns>
public bool GetHash(System.IO.FileStream objFile, ref byte[] HashData)
{
try
{
//从文件中取得Hash描述
System.Security.Cryptography.HashAlgorithm MD5 = System.Security.Cryptography.HashAlgorithm.Create("MD5");
HashData = MD5.ComputeHash(objFile);
objFile.Close();
return true;
}
catch (Exception ex)
{
throw ex;
}
} /// <summary>
/// 获取Hash描述表
/// </summary>
/// <param name="objFile">待签名的文件</param>
/// <param name="strHashData">Hash描述</param>
/// <returns></returns>
public bool GetHash(System.IO.FileStream objFile, ref string strHashData)
{
try
{
//从文件中取得Hash描述
byte[] HashData;
System.Security.Cryptography.HashAlgorithm MD5 = System.Security.Cryptography.HashAlgorithm.Create("MD5");
HashData = MD5.ComputeHash(objFile);
objFile.Close();
strHashData = Convert.ToBase64String(HashData);
return true;
}
catch (Exception ex)
{
throw ex;
}
}
#endregion #region RSA签名
/// <summary>
/// RSA签名
/// </summary>
/// <param name="strKeyPrivate">私钥</param>
/// <param name="HashbyteSignature">待签名Hash描述</param>
/// <param name="EncryptedSignatureData">签名后的结果</param>
/// <returns></returns>
public bool SignatureFormatter(string strKeyPrivate, byte[] HashbyteSignature, ref byte[] EncryptedSignatureData)
{
try
{
System.Security.Cryptography.RSACryptoServiceProvider RSA = new System.Security.Cryptography.RSACryptoServiceProvider(); RSA.FromXmlString(strKeyPrivate);
System.Security.Cryptography.RSAPKCS1SignatureFormatter RSAFormatter = new System.Security.Cryptography.RSAPKCS1SignatureFormatter(RSA);
//设置签名的算法为MD5
RSAFormatter.SetHashAlgorithm("MD5");
//执行签名
EncryptedSignatureData = RSAFormatter.CreateSignature(HashbyteSignature);
return true;
}
catch (Exception ex)
{
throw ex;
}
} /// <summary>
/// RSA签名
/// </summary>
/// <param name="strKeyPrivate">私钥</param>
/// <param name="HashbyteSignature">待签名Hash描述</param>
/// <param name="m_strEncryptedSignatureData">签名后的结果</param>
/// <returns></returns>
public bool SignatureFormatter(string strKeyPrivate, byte[] HashbyteSignature, ref string strEncryptedSignatureData)
{
try
{
byte[] EncryptedSignatureData;
System.Security.Cryptography.RSACryptoServiceProvider RSA = new System.Security.Cryptography.RSACryptoServiceProvider();
RSA.FromXmlString(strKeyPrivate);
System.Security.Cryptography.RSAPKCS1SignatureFormatter RSAFormatter = new System.Security.Cryptography.RSAPKCS1SignatureFormatter(RSA);
//设置签名的算法为MD5
RSAFormatter.SetHashAlgorithm("MD5");
//执行签名
EncryptedSignatureData = RSAFormatter.CreateSignature(HashbyteSignature);
strEncryptedSignatureData = Convert.ToBase64String(EncryptedSignatureData);
return true;
}
catch (Exception ex)
{
throw ex;
}
} /// <summary>
/// RSA签名
/// </summary>
/// <param name="strKeyPrivate">私钥</param>
/// <param name="strHashbyteSignature">待签名Hash描述</param>
/// <param name="EncryptedSignatureData">签名后的结果</param>
/// <returns></returns>
public bool SignatureFormatter(string strKeyPrivate, string strHashbyteSignature, ref byte[] EncryptedSignatureData)
{
try
{
byte[] HashbyteSignature; HashbyteSignature = Convert.FromBase64String(strHashbyteSignature);
System.Security.Cryptography.RSACryptoServiceProvider RSA = new System.Security.Cryptography.RSACryptoServiceProvider(); RSA.FromXmlString(strKeyPrivate);
System.Security.Cryptography.RSAPKCS1SignatureFormatter RSAFormatter = new System.Security.Cryptography.RSAPKCS1SignatureFormatter(RSA);
//设置签名的算法为MD5
RSAFormatter.SetHashAlgorithm("MD5");
//执行签名
EncryptedSignatureData = RSAFormatter.CreateSignature(HashbyteSignature); return true;
}
catch (Exception ex)
{
throw ex;
}
} /// <summary>
/// RSA签名
/// </summary>
/// <param name="strKeyPrivate">私钥</param>
/// <param name="strHashbyteSignature">待签名Hash描述</param>
/// <param name="strEncryptedSignatureData">签名后的结果</param>
/// <returns></returns>
public bool SignatureFormatter(string strKeyPrivate, string strHashbyteSignature, ref string strEncryptedSignatureData)
{
try
{
byte[] HashbyteSignature;
byte[] EncryptedSignatureData;
HashbyteSignature = Convert.FromBase64String(strHashbyteSignature);
System.Security.Cryptography.RSACryptoServiceProvider RSA = new System.Security.Cryptography.RSACryptoServiceProvider();
RSA.FromXmlString(strKeyPrivate);
System.Security.Cryptography.RSAPKCS1SignatureFormatter RSAFormatter = new System.Security.Cryptography.RSAPKCS1SignatureFormatter(RSA);
//设置签名的算法为MD5
RSAFormatter.SetHashAlgorithm("MD5");
//执行签名
EncryptedSignatureData = RSAFormatter.CreateSignature(HashbyteSignature);
strEncryptedSignatureData = Convert.ToBase64String(EncryptedSignatureData);
return true;
}
catch (Exception ex)
{
throw ex;
}
}
#endregion #region RSA 签名验证
/// <summary>
/// RSA签名验证
/// </summary>
/// <param name="strKeyPublic">公钥</param>
/// <param name="HashbyteDeformatter">Hash描述</param>
/// <param name="DeformatterData">签名后的结果</param>
/// <returns></returns>
public bool SignatureDeformatter(string strKeyPublic, byte[] HashbyteDeformatter, byte[] DeformatterData)
{
try
{
System.Security.Cryptography.RSACryptoServiceProvider RSA = new System.Security.Cryptography.RSACryptoServiceProvider();
RSA.FromXmlString(strKeyPublic);
System.Security.Cryptography.RSAPKCS1SignatureDeformatter RSADeformatter = new System.Security.Cryptography.RSAPKCS1SignatureDeformatter(RSA);
//指定解密的时候HASH算法为MD5
RSADeformatter.SetHashAlgorithm("MD5");
if (RSADeformatter.VerifySignature(HashbyteDeformatter, DeformatterData))
{
return true;
}
else
{
return false;
}
}
catch (Exception ex)
{
throw ex;
}
}
/// <summary>
/// RSA签名验证
/// </summary>
/// <param name="strKeyPublic">公钥</param>
/// <param name="strHashbyteDeformatter">Hash描述</param>
/// <param name="DeformatterData">签名后的结果</param>
/// <returns></returns>
public bool SignatureDeformatter(string strKeyPublic, string strHashbyteDeformatter, byte[] DeformatterData)
{
try
{
byte[] HashbyteDeformatter;
HashbyteDeformatter = Convert.FromBase64String(strHashbyteDeformatter);
System.Security.Cryptography.RSACryptoServiceProvider RSA = new System.Security.Cryptography.RSACryptoServiceProvider();
RSA.FromXmlString(strKeyPublic);
System.Security.Cryptography.RSAPKCS1SignatureDeformatter RSADeformatter = new System.Security.Cryptography.RSAPKCS1SignatureDeformatter(RSA);
//指定解密的时候HASH算法为MD5
RSADeformatter.SetHashAlgorithm("MD5");
if (RSADeformatter.VerifySignature(HashbyteDeformatter, DeformatterData))
{
return true;
}
else
{
return false;
}
}
catch (Exception ex)
{
throw ex;
}
}
/// <summary>
/// RSA签名验证
/// </summary>
/// <param name="strKeyPublic">公钥</param>
/// <param name="HashbyteDeformatter">Hash描述</param>
/// <param name="strDeformatterData">签名后的结果</param>
/// <returns></returns>
public bool SignatureDeformatter(string strKeyPublic, byte[] HashbyteDeformatter, string strDeformatterData)
{
try
{
byte[] DeformatterData;
System.Security.Cryptography.RSACryptoServiceProvider RSA = new System.Security.Cryptography.RSACryptoServiceProvider();
RSA.FromXmlString(strKeyPublic);
System.Security.Cryptography.RSAPKCS1SignatureDeformatter RSADeformatter = new System.Security.Cryptography.RSAPKCS1SignatureDeformatter(RSA);
//指定解密的时候HASH算法为MD5
RSADeformatter.SetHashAlgorithm("MD5");
DeformatterData = Convert.FromBase64String(strDeformatterData);
if (RSADeformatter.VerifySignature(HashbyteDeformatter, DeformatterData))
{
return true;
}
else
{
return false;
}
}
catch (Exception ex)
{
throw ex;
}
}
/// <summary>
/// RSA签名验证
/// </summary>
/// <param name="strKeyPublic">公钥</param>
/// <param name="strHashbyteDeformatter">Hash描述</param>
/// <param name="strDeformatterData">签名后的结果</param>
/// <returns></returns>
public bool SignatureDeformatter(string strKeyPublic, string strHashbyteDeformatter, string strDeformatterData)
{
try
{
byte[] DeformatterData;
byte[] HashbyteDeformatter;
HashbyteDeformatter = Convert.FromBase64String(strHashbyteDeformatter);
System.Security.Cryptography.RSACryptoServiceProvider RSA = new System.Security.Cryptography.RSACryptoServiceProvider();
RSA.FromXmlString(strKeyPublic);
System.Security.Cryptography.RSAPKCS1SignatureDeformatter RSADeformatter = new System.Security.Cryptography.RSAPKCS1SignatureDeformatter(RSA);
//指定解密的时候HASH算法为MD5
RSADeformatter.SetHashAlgorithm("MD5");
DeformatterData = Convert.FromBase64String(strDeformatterData);
if (RSADeformatter.VerifySignature(HashbyteDeformatter, DeformatterData))
{
return true;
}
else
{
return false;
}
}
catch (Exception ex)
{
throw ex;
}
}
#endregion #endregion }