这个答案适用于 crypto++ 和 windows API。
经过多次试验/错误我终于成功了,问题来自于我构建 crypto++ rsa 密钥的方式(Integer
类型:模数和指数)。
我创建了一个新函数GetIntegerFromBase64String
直接转换我们从 xml 输出中获得的模数和指数rsa.ToXmlString
到 Integer 类型来初始化 cryptopp 中的密钥。
完整的 crypto++ 示例:
string signature_64str = "G+PQaArLByTNYF5c5BZo2X3Guf1AplyJyik6NXCJmXnZ7CD5AC/OKq+Iswcv8GboUVsMTvl8G+lCa9Od0DfytnDui7kA/c1qtH7BZzF55yA5Yf9DGOfD1RHOl3OkRvpK/mF+Sf8nJwgxsg51C3pk/oBFjA450q2zq8HfFG2KJcs=";
string modulus_64str = "0Z8GUI/rxlXanCCjkiP+c9HyvdlOibst2YD5XmZk4F86aLr7LbLtI7FMnr6rcQZa6RXkAykb5MIbasmkOmkLzSjhdTThnaZyuKBOBoybYB5mDecF2VMXfUIryEBFn4i6y58qhy0BnDnIhucdNXX0px10HL3uYzR2KBTC0lSFFmE=";
string exponent_64str = "AQAB";
Integer mod_integer = GetIntegerFromBase64String(modulus_64str);
Integer pub_integer = GetIntegerFromBase64String(exponent_64str);
InvertibleRSAFunction param;
param.SetModulus(mod_integer);
param.SetPublicExponent(pub_integer);
RSA::PublicKey pubkey(param);
string decoded_sig = DecodeBase64String(signature_64str);
if(!pubkey.Validate(rnd, 3))
cout << "Rsa public key validation failed" << endl;
else
cout << " key validation success"<< endl;
RSASS<PKCS1v15, SHA512>::Verifier verif(pubkey);
bool res = verif.VerifyMessage( reinterpret_cast<const byte*>(message.c_str()), message.length(), reinterpret_cast<const byte*>(decoded_sig.c_str()), decoded_sig.length() );
if( res ) {
cout << "Signature on message verified " << endl;
} else {
cout << "Message verification failed " << endl;
}
with :
string DecodeBase64String(string encoded )
{
string decoded;
Base64Decoder decoder;
decoder.Attach( new StringSink( decoded ) );
decoder.Put( (byte*)encoded.data(), encoded.size() );
decoder.MessageEnd();
return decoded;
}
Integer GetIntegerFromBase64String(string encoded)
{
string decoded = DecodeBase64String(encoded);
Integer integer( (byte*)decoded.c_str(),decoded.length());
return integer;
}
此外,我已经使用 Windows API 重现了验证,对于这种情况,我不使用 xml 密钥,而是直接使用我从以下位置获得的 blob 密钥(以 64 位编码)rsa.ExportCspBlob(假) https://msdn.microsoft.com/en-us/library/system.security.cryptography.rsacryptoserviceprovider.exportcspblob(v=vs.110).aspx
完整的 Windows API 示例:
在 c# 中,我得到的 CspBlob 如下:
using (RSACryptoServiceProvider rsa = new RSACryptoServiceProvider())
{
rsa.ImportParameters(privateKey);
var cspBlob = rsa.ExportCspBlob(false);
var cspBlobBase_64str = Convert.ToBase64String(cspBlob);// <---- HERE
然后在 C++ 中,我加载 blob 并验证签名,如下所示:
#include <windows.h>
...
string ErrorMessage;
string signature_64str = "G+PQaArLByTNYF5c5BZo2X3Guf1AplyJyik6NXCJmXnZ7CD5AC/OKq+Iswcv8GboUVsMTvl8G+lCa9Od0DfytnDui7kA/c1qtH7BZzF55yA5Yf9DGOfD1RHOl3OkRvpK/mF+Sf8nJwgxsg51C3pk/oBFjA450q2zq8HfFG2KJcs=";
string public_key_blob_64_bit_encoded = "BgIAAACkAABSU0ExAAQAAAEAAQBhFoVU0sIUKHY0Y+69HHQdp/R1NR3nhsg5nAEthyqfy7qIn0VAyCtCfRdT2QXnDWYeYJuMBk6guHKmneE0deEozQtpOqTJahvC5BspA+QV6VoGcau+nkyxI+2yLfu6aDpf4GRmXvmA2S27iU7ZvfLRc/4jkqMgnNpVxuuPUAaf0Q==";
string message = "hello";
if( RSA_VerifySignature(message, signature_64str, public_key_blob_64_bit_encoded, ErrorMessage))
{
cout << "OK : Signature on message verified " << endl;
}
else
{
cout << "Message verification failed, Error : " << ErrorMessage << endl;
}
with :
bool RSA_VerifySignature(string message, string signature_64BitEncoded, string publickeyBlob_64BitEncoded, string &ErrorMessage)
{
const size_t LENGHT_SIGNATURE = 128; // 128 bytes == 1024 RSA Key bits
const size_t LENGHT_BLOB_PUBLIC_KEY = 148; // 148 bytes
bool isSigOk = false;
HCRYPTHASH hash;
byte decoded_Blob[LENGHT_BLOB_PUBLIC_KEY] ;
size_t size_pubkey = Base64Decode(publickeyBlob_64BitEncoded, decoded_Blob, LENGHT_BLOB_PUBLIC_KEY);
byte decoded_signature[LENGHT_SIGNATURE] ;
size_t size_signature =Base64Decode(signature_64BitEncoded, decoded_signature, LENGHT_SIGNATURE);
//reverse bytes
byte reverse_decoded_signature[LENGHT_SIGNATURE];
for(int i=0;i<sizeof(reverse_decoded_signature);i++)
reverse_decoded_signature[i] = decoded_signature[LENGHT_SIGNATURE-i-1];
HCRYPTPROV cryptProvider;
// Get a handle to the PROV_RSA_AES (for CALG_SHA_512).
if (!CryptAcquireContext(&cryptProvider, 0, 0, PROV_RSA_AES, CRYPT_VERIFYCONTEXT)){
ErrorMessage = "Failure to acquire context";
goto Exit;
}
HCRYPTKEY publicKeyc;
// convert the blob to the public key
if(!CryptImportKey(cryptProvider, decoded_Blob, LENGHT_BLOB_PUBLIC_KEY, 0, 0, &publicKeyc)){
ErrorMessage = "Failure to import key";
goto Exit;
}
// create the hash object
if(!CryptCreateHash(cryptProvider, CALG_SHA_512 , 0, 0, &hash)){
ErrorMessage = "Failure to creat Hash" ;
goto Exit;
}
//hash the message
if(!CryptHashData(hash, (byte*) message.c_str(), message.length(), 0)){
ErrorMessage = "Failure to Hash Data" ;
goto Exit;
}
isSigOk = CryptVerifySignature(hash, reverse_decoded_signature, sizeof(reverse_decoded_signature), publicKeyc, nullptr, 0);
if(!isSigOk) ErrorMessage = "Invalid Signature" ;
Exit:
// After processing, hHash and cryptProvider must be released.
if(hash)
CryptDestroyHash(hash);
if(cryptProvider)
CryptReleaseContext(cryptProvider,0);
return isSigOk;
}
where Base64Decode
来自这个所以答案 https://stackoverflow.com/a/21867132/3205529.
ps:请注意,我在这个答案中已切换到SHA512。