.NET Core加解密實戰系列之——RSA非對稱加密算法


簡介

加解密現狀,編寫此項目的背景:git

  • 須要考慮系統環境兼容性問題(Linux、Windows)
  • 語言互通問題(如C#、Java)
  • 網上資料版本不1、不全面
  • .NET官方庫密碼算法提供不全面,很難針對其餘語言(Java)進行適配

本系列文章主要介紹如何結合BouncyCastle在 .NET Core 中使用非對稱加密算法、編碼算法、哈希算法、對稱加密算法、國密算法等一系列算法,內容篇幅代碼居多(加解密算法相關的原理知識網上有不少,所以不過多介紹)。若有錯誤之處,還請你們批評指正。github

本系列代碼項目地址:https://github.com/fuluteam/ICH.BouncyCastle.git算法

功能依賴

BouncyCastle(https://www.bouncycastle.org/csharp) 是一個開放源碼的輕量級密碼術包;它支持大量的密碼術算法,它提供了不少.NET Core標準庫沒有的算法。數組

支持.NET 4,.NET Standard 1.0-2.0,WP,Silverlight,MonoAndroid,Xamarin.iOS,.NET Coredom

功能 依賴
Portable.BouncyCastle Portable.BouncyCastle • 1.8.5

生成RSA祕鑰

PKCS1格式

/// <summary>
/// PKCS1(非Java適用)
/// </summary>
/// <param name="keySize">密鑰長度」通常只是指模值的位長度。目前主流可選值:102四、204八、307二、4096...</param>
/// <param name="format">PEM格式</param>
/// <returns></returns>
public RSAKeyParameter Pkcs1(int keySize, bool format=false)
{
    var keyGenerator = GeneratorUtilities.GetKeyPairGenerator("RSA");
    keyGenerator.Init(new KeyGenerationParameters(new SecureRandom(), keySize));

    var keyPair = keyGenerator.GenerateKeyPair();

    var subjectPublicKeyInfo = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(keyPair.Public);
    var privateKeyInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(keyPair.Private);
    
    if (!format)
    {
        return new RSAKeyParameter
        {
            PrivateKey = Base64.ToBase64String(privateKeyInfo.ParsePrivateKey().GetEncoded()),
            PublicKey = Base64.ToBase64String(subjectPublicKeyInfo.GetEncoded())
        };
    }

    var rsaKey = new RSAKeyParameter();
    using (var sw = new StringWriter())
    {
        var pWrt = new PemWriter(sw);
        pWrt.WriteObject(keyPair.Private);
        pWrt.Writer.Close();
        rsaKey.PrivateKey = sw.ToString();
    }

    using (var sw = new StringWriter())
    {
        var pWrt = new PemWriter(sw);
        pWrt.WriteObject(keyPair.Public);
        pWrt.Writer.Close();
        rsaKey.PublicKey = sw.ToString();
    }

    return rsaKey;
}

PKCS8格式

/// <summary>
/// PKCS8(JAVA適用)
/// </summary>
/// <param name="keySize">密鑰長度」通常只是指模值的位長度。目前主流可選值:102四、204八、307二、4096...</param>
/// <param name="format">PEM格式</param>
/// <returns></returns>
public RSAKeyParameter Pkcs8(int keySize, bool format=false)
{
    var keyGenerator = GeneratorUtilities.GetKeyPairGenerator("RSA");
    keyGenerator.Init(new KeyGenerationParameters(new SecureRandom(), keySize));
    var keyPair = keyGenerator.GenerateKeyPair();

    var subjectPublicKeyInfo = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(keyPair.Public);
    var privateKeyInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(keyPair.Private);

    if (!format)
    {
        return new RSAKeyParameter
        {
            PrivateKey = Base64.ToBase64String(privateKeyInfo.GetEncoded()),
            PublicKey = Base64.ToBase64String(subjectPublicKeyInfo.GetEncoded())
        };
    }

    var rsaKey = new RSAKeyParameter();
    using (var sw = new StringWriter())
    {
        var pWrt = new PemWriter(sw);
        var pkcs8 = new Pkcs8Generator(keyPair.Private);
        pWrt.WriteObject(pkcs8);
        pWrt.Writer.Close();
        rsaKey.PrivateKey = sw.ToString();
    }

    using (var sw = new StringWriter())
    {
        var pWrt = new PemWriter(sw);
        pWrt.WriteObject(keyPair.Public);
        pWrt.Writer.Close();
        rsaKey.PublicKey = sw.ToString();
    }

    return rsaKey;
}

私鑰操做

PKCS1與PKCS8格式互轉

僅私鑰有PKCS1和PKCS8之分,公鑰無格式區別。編碼

/// <summary>
 /// Pkcs1>>Pkcs8
 /// </summary>
 /// <param name="privateKey">Pkcs1私鑰</param>
 /// <param name="format">是否轉PEM格式</param>
 /// <returns></returns>
 public static string PrivateKeyPkcs1ToPkcs8(string privateKey, bool format = false)
 {
     var akp = RSAUtilities.GetAsymmetricKeyParameterFormPrivateKey(privateKey);
     if (format)
     {
         var sw = new StringWriter();
         var pWrt = new PemWriter(sw);
         var pkcs8 = new Pkcs8Generator(akp);
         pWrt.WriteObject(pkcs8);
         pWrt.Writer.Close();
         return sw.ToString();
     }
     else
     {
         var privateKeyInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(akp);
         return Base64.ToBase64String(privateKeyInfo.GetEncoded());
     }
 }
/// <summary>
/// Pkcs8>>Pkcs1
/// </summary>
/// <param name="privateKey">Pkcs8私鑰</param>
/// <param name="format">是否轉PEM格式</param>
/// <returns></returns>
public static string PrivateKeyPkcs8ToPkcs1(string privateKey, bool format = false)
{
    var akp = RSAUtilities.GetAsymmetricKeyParameterFormAsn1PrivateKey(privateKey);
    if (format)
    {
        var sw = new StringWriter();
        var pWrt = new PemWriter(sw);
        pWrt.WriteObject(akp);
        pWrt.Writer.Close();
        return sw.ToString();
    }
    else
    {
        var privateKeyInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(akp);
        return Base64.ToBase64String(privateKeyInfo.ParsePrivateKey().GetEncoded());
    }
}

PKCS1與PKCS8私鑰中提取公鑰

/// <summary>
/// 從Pkcs1私鑰中提取公鑰
/// </summary>
/// <param name="privateKey">Pkcs1私鑰</param>
/// <returns></returns>
public static string GetPublicKeyFromPrivateKeyPkcs1(string privateKey)
{
    var instance = RsaPrivateKeyStructure.GetInstance(Base64.Decode(privateKey));

    var publicParameter = (AsymmetricKeyParameter)new RsaKeyParameters(false, instance.Modulus,instance.PublicExponent);

    var privateParameter = (AsymmetricKeyParameter)new RsaPrivateCrtKeyParameters(instance.Modulus,instance.PublicExponent, instance.PrivateExponent, instance.Prime1, instance.Prime2, instance.Exponent1,instance.Exponent2, instance.Coefficient);

    var keyPair = new AsymmetricCipherKeyPair(publicParameter, privateParameter);
    var subjectPublicKeyInfo = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(keyPair.Public);

    return Base64.ToBase64String(subjectPublicKeyInfo.GetEncoded());
}
/// <summary>
/// 從Pkcs8私鑰中提取公鑰
/// </summary>
/// <param name="privateKey">Pkcs8私鑰</param>
/// <returns></returns>
public static string GetPublicKeyFromPrivateKeyPkcs8(string privateKey)
{
    var privateKeyInfo = PrivateKeyInfo.GetInstance(Asn1Object.FromByteArray(Base64.Decode(privateKey)));
    privateKey = Base64.ToBase64String(privateKeyInfo.ParsePrivateKey().GetEncoded());

    var instance = RsaPrivateKeyStructure.GetInstance(Base64.Decode(privateKey));

    var publicParameter = (AsymmetricKeyParameter)new RsaKeyParameters(false, instance.Modulus,instance.PublicExponent);

    var privateParameter = (AsymmetricKeyParameter)new RsaPrivateCrtKeyParameters(instance.Modulus,instance.PublicExponent, instance.PrivateExponent, instance.Prime1, instance.Prime2, instance.Exponent1,instance.Exponent2, instance.Coefficient);

    var keyPair = new AsymmetricCipherKeyPair(publicParameter, privateParameter);
    var subjectPublicKeyInfo = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(keyPair.Public);

    return Base64.ToBase64String(subjectPublicKeyInfo.GetEncoded());
}

PEM操做

PEM格式密鑰讀取

public static string ReadPkcs1PrivateKey(string text)
{
    if (!text.StartsWith("-----BEGIN RSA PRIVATE KEY-----"))
    {
        return text;
    }

    using (var reader = new StringReader(text))
    {
        var pr = new PemReader(reader);
        var keyPair = pr.ReadObject() as AsymmetricCipherKeyPair;
        pr.Reader.Close();

        var privateKeyInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(keyPair?.Private);
        return Base64.ToBase64String(privateKeyInfo.ParsePrivateKey().GetEncoded());
    }
}

public static string ReadPkcs8PrivateKey(string text)
{
    if (!text.StartsWith("-----BEGIN PRIVATE KEY-----"))
    {
        return text;
    }

    using (var reader = new StringReader(text))
    {
        var pr = new PemReader(reader);
        var akp = pr.ReadObject() as AsymmetricKeyParameter; ;
        pr.Reader.Close();
        return Base64.ToBase64String(PrivateKeyInfoFactory.CreatePrivateKeyInfo(akp).GetEncoded());
    }
}

 public static string ReadPublicKey(string text)
 {
    if (!text.StartsWith("-----BEGIN PUBLIC KEY-----"))
    {
        return text;
    }
    using (var reader = new StringReader(text))
    {
        var pr = new PemReader(reader);
        var keyPair = pr.ReadObject() as AsymmetricCipherKeyPair;
        pr.Reader.Close();

        var subjectPublicKeyInfo = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(keyPair?.Public);
        returnBase64.ToBase64String(subjectPublicKeyIno.GetEncoded());
    }
 }

PEM格式密鑰寫入

public static string WritePkcs1PrivateKey(string privateKey)
{
    if (privateKey.StartsWith("-----BEGIN RSA PRIVATE KEY-----"))
    {
        return privateKey;
    }

    var akp = RSAUtilities.GetAsymmetricKeyParameterFormPrivateKey(privateKey);
    using (var sw = new StringWriter())
    {
        var pWrt = new PemWriter(sw);
        pWrt.WriteObject(akp);
        pWrt.Writer.Close();
        return sw.ToString();
    }
}

public static string WritePkcs8PrivateKey(string privateKey)
{
    if (privateKey.StartsWith("-----BEGIN PRIVATE KEY-----"))
    {
        return privateKey;
    }

    var akp = RSAUtilities.GetAsymmetricKeyParameterFormAsn1PrivateKey(privateKey);

    using (var sw = new StringWriter())
    {
        var pWrt = new PemWriter(sw);
        var pkcs8 = new Pkcs8Generator(akp);
        pWrt.WriteObject(pkcs8);
        pWrt.Writer.Close();
        return sw.ToString();
    }
}

public static string WritePublicKey(string publicKey)
{
    if (publicKey.StartsWith("-----BEGIN PUBLIC KEY-----"))
    {
        return publicKey;
    }
    var akp = RSAUtilities.GetAsymmetricKeyParameterFormPublicKey(publicKey);
    using (var sw = new StringWriter())
    {
        var pWrt = new PemWriter(sw);
        pWrt.WriteObject(akp);
        pWrt.Writer.Close();
        return sw.ToString();
    }
}

RSA加解密

獲取非對稱祕鑰參數(AsymmetricKeyParameter)

/// <summary>
/// -----BEGIN RSA PRIVATE KEY-----
/// ...
/// -----END RSA PRIVATE KEY-----
/// </summary>
/// <param name="privateKey">Pkcs1格式私鑰</param>
/// <returns></returns>
public static AsymmetricKeyParameter GetAsymmetricKeyParameterFormPrivateKey(string privateKey)
{
    if (string.IsNullOrEmpty(privateKey))
    {
        throw new ArgumentNullException(nameof(privateKey));
    }

    var instance = RsaPrivateKeyStructure.GetInstance(Base64.Decode(privateKey));
    return new RsaPrivateCrtKeyParameters(instance.Modulus, instance.PublicExponent, instance.PrivateExponent,instance.Prime1, instance.Prime2, instance.Exponent1, instance.Exponent2, instance.Coefficient);
}

/// <summary>
/// -----BEGIN PRIVATE KEY-----
/// ...
/// -----END PRIVATE KEY-----
/// </summary>
/// <param name="privateKey">Pkcs8格式私鑰</param>
/// <returns></returns>
public static AsymmetricKeyParameter GetAsymmetricKeyParameterFormAsn1PrivateKey(string privateKey)
{
    return PrivateKeyFactory.CreateKey(Base64.Decode(privateKey));
}

/// <summary>
/// -----BEGIN PUBLIC KEY-----
/// ...
/// -----END PUBLIC KEY-----
/// </summary>
/// <param name="publicKey">公鑰</param>
/// <returns></returns>
public static AsymmetricKeyParameter GetAsymmetricKeyParameterFormPublicKey(string publicKey)
{
    if (string.IsNullOrEmpty(publicKey))
    {
        throw new ArgumentNullException(nameof(publicKey));
    }

    return PublicKeyFactory.CreateKey(Base64.Decode(publicKey));
}

RSA加解與解密

/// <summary>
 /// RSA加密
 /// </summary>
 /// <param name="data">未加密數據字節數組</param>
 /// <param name="parameters">非對稱密鑰參數</param>
 /// <param name="algorithm">密文算法</param>
 /// <returns>已加密數據字節數組</returns>
 public static byte[] Encrypt(byte[] data, AsymmetricKeyParameter parameters, string algorithm)
 {
     if (data == null)
     {
         throw new ArgumentNullException(nameof(data));
     }
     if (parameters == null)
     {
         throw new ArgumentNullException(nameof(parameters));
     }
     if (string.IsNullOrEmpty(algorithm))
     {
         throw new ArgumentNullException(nameof(algorithm));
     }

     var bufferedCipher = CipherUtilities.GetCipher(algorithm);
     bufferedCipher.Init(true, parameters);
     return bufferedCipher.DoFinal(data);
 }

 /// <summary>
 /// RSA解密
 /// </summary>
 /// <param name="data">已加密數據字節數組</param>
 /// <param name="parameters">非對稱密鑰參數</param>
 /// <param name="algorithm">密文算法</param>
 /// <returns>未加密數據字節數組</returns>
 public static byte[] Decrypt(byte[] data, AsymmetricKeyParameter parameters, string algorithm)
{
    if (data == null)
    {
        throw new ArgumentNullException(nameof(data));
    }
    if (parameters == null)
    {
        throw new ArgumentNullException(nameof(parameters));
    }
    if (string.IsNullOrEmpty(algorithm))
    {
        throw new ArgumentNullException(nameof(algorithm));
    }
    var bufferedCipher = CipherUtilities.GetCipher(algorithm);
    bufferedCipher.Init(false, parameters);
    return bufferedCipher.DoFinal(data);
}

 /// <summary>
 /// RSA加密——Base64
 /// </summary>
 /// <param name="data">未加密字符串</param>
 /// <param name="parameters">非對稱密鑰參數</param>
 /// <param name="algorithm">密文算法</param>
 /// <returns>已加密Base64字符串</returns>
 public static string EncryptToBase64(string data, AsymmetricKeyParameter parameters, string algorithm)
 {
     return Base64.ToBase64String(Encrypt(Encoding.UTF8.GetBytes(data), parameters, algorithm));
 }

 /// <summary>
 /// RSA解密——Base64
 /// </summary>
 /// <param name="data">已加密Base64字符串</param>
 /// <param name="parameters">非對稱密鑰參數</param>
 /// <param name="algorithm">密文算法</param>
 /// <returns>未加密字符串</returns>
 public static string DecryptFromBase64(string data, AsymmetricKeyParameter parameters, string algorithm)
 {
     return Encoding.UTF8.GetString(Decrypt(Base64.Decode(data), parameters, algorithm));
 }

/// <summary>
/// RSA加密——十六進制
/// </summary>
/// <param name="data">未加密字符串</param>
/// <param name="parameters">非對稱密鑰參數</param>
/// <param name="algorithm">密文算法</param>
/// <returns>已加密十六進制字符串</returns>
public static string EncryptToHex(string data, AsymmetricKeyParameter parameters, string algorithm)
{
    return Hex.ToHexString(Encrypt(Encoding.UTF8.GetBytes(data), parameters, algorithm));
}

///  <summary>
/// RSA解密——十六進制
/// </summary>
/// <param name="data">已加密十六進制字符串</param>
/// <param name="parameters">非對稱密鑰參數</param>
/// <param name="algorithm">密文算法</param>
/// <returns>未加密字符串</returns>
public static string DecryptFromHex(string data, AsymmetricKeyParameter parameters, string algorithm)
{
    return Encoding.UTF8.GetString(Decrypt(Hex.Decode(data), parameters, algorithm));
}

RSA密文算法

public const string RSA_NONE_NoPadding = "RSA/NONE/NoPadding";
public const string RSA_NONE_PKCS1Padding = "RSA/NONE/PKCS1Padding";
public const string RSA_NONE_OAEPPadding = "RSA/NONE/OAEPPadding";
public const string RSA_NONE_OAEPWithSHA1AndMGF1Padding = "RSA/NONE/OAEPWithSHA1AndMGF1Padding";
public const string RSA_NONE_OAEPWithSHA224AndMGF1Padding = "RSA/NONE/OAEPWithSHA224AndMGF1Padding";
public const string RSA_NONE_OAEPWithSHA256AndMGF1Padding = "RSA/NONE/OAEPWithSHA256AndMGF1Padding";
public const string RSA_NONE_OAEPWithSHA384AndMGF1Padding = "RSA/NONE/OAEPWithSHA384AndMGF1Padding";
public const string RSA_NONE_OAEPWithMD5AndMGF1Padding = "RSA/NONE/OAEPWithMD5AndMGF1Padding";

public const string RSA_ECB_NoPadding = "RSA/ECB/NoPadding";
public const string RSA_ECB_PKCS1Padding = "RSA/ECB/PKCS1Padding";
public const string RSA_ECB_OAEPPadding = "RSA/ECB/OAEPPadding";
public const string RSA_ECB_OAEPWithSHA1AndMGF1Padding = "RSA/ECB/OAEPWithSHA1AndMGF1Padding";
public const string RSA_ECB_OAEPWithSHA224AndMGF1Padding = "RSA/ECB/OAEPWithSHA224AndMGF1Padding";
public const string RSA_ECB_OAEPWithSHA256AndMGF1Padding = "RSA/ECB/OAEPWithSHA256AndMGF1Padding";
public const string RSA_ECB_OAEPWithSHA384AndMGF1Padding = "RSA/ECB/OAEPWithSHA384AndMGF1Padding";
public const string RSA_ECB_OAEPWithMD5AndMGF1Padding = "RSA/ECB/OAEPWithMD5AndMGF1Padding";

......

編碼算法

你們要明白,無論是對稱算法仍是非對稱算法,其輸入與輸出均是字節數組,一般咱們要結合編碼算法對加密以後或解密以前的數據,進行編碼操做。加密

BouncyCastle提供的Base64編碼算法

namespace Org.BouncyCastle.Utilities.Encoders
{
    public sealed class Base64
    {
        //
        public static byte[] Decode(byte[] data);
        //
        public static byte[] Decode(string data);
        //
        public static int Decode(string data, Stream outStream);
        //
        public static byte[] Encode(byte[] data);
        //
        public static byte[] Encode(byte[] data, int off, int length);
        //
        public static int Encode(byte[] data, Stream outStream);
        //
        public static int Encode(byte[] data, int off, int length, Stream outStream);
        public static string ToBase64String(byte[] data);
        public static string ToBase64String(byte[] data, int off, int length);
    }
}

BouncyCastle提供的Hex十六進制編碼算法

namespace Org.BouncyCastle.Utilities.Encoders
{
    //
    // 摘要:
    //     Class to decode and encode Hex.
    public sealed class Hex
    {
        //
        public static byte[] Decode(byte[] data);
        //
        public static byte[] Decode(string data);
        //
        public static int Decode(string data, Stream outStream);
        //
        public static byte[] Encode(byte[] data);
        //
        public static byte[] Encode(byte[] data, int off, int length);
        //
        public static int Encode(byte[] data, Stream outStream);
        //
        public static int Encode(byte[] data, int off, int length, Stream outStream);
        public static string ToHexString(byte[] data);
        public static string ToHexString(byte[] data, int off, int length);
    }
}

RSA加解密示例

private static void RSA_ECB_PKCS1Padding()
 {
     var data = "hello rsa";

     Console.WriteLine($"加密原文:{data}");

     // rsa pkcs8 private key encrypt
     //algorithm  rsa/ecb/pkcs1padding
     var pkcs8data = RSA.EncryptToBase64(data, RSAUtilities.GetAsymmetricKeyParameterFormAsn1PrivateKey(pkcs8_1024_private_key),CipherAlgorithms.RSA_ECB_PKCS1Padding);

     Console.WriteLine("密鑰格式:pkcs8,密文算法:rsa/ecb/pkcs1padding,加密結果");
     Console.WriteLine(pkcs8data);

     //rsa pkcs1 private key encrypt
     //algorithm  rsa/ecb/pkcs1padding
     var pkcs1data = RSA.EncryptToBase64(data, RSAUtilities.GetAsymmetricKeyParameterFormPrivateKey(pkcs1_1024_private_key),CipherAlgorithms.RSA_ECB_PKCS1Padding);

     Console.WriteLine($"密鑰格式:pkcs1,密文算法:rsa/ecb/pkcs1padding");
     Console.WriteLine(pkcs1data);

     Console.WriteLine($"加密結果比對是否一致:{pkcs8data.Equals(pkcs1data)}");

     var _1024_public_key = RSAKeyConverter.GetPublicKeyFromPrivateKeyPkcs1(pkcs1_1024_private_key);

     Console.WriteLine($"從pkcs1私鑰中提取公鑰:");
     Console.WriteLine(_1024_public_key);

     Console.WriteLine("使用公鑰解密數據:");
     //rsa public key decrypt
     //algorithm  rsa/ecb/pkcs1padding
     Console.WriteLine(RSA.DecryptFromBase64(pkcs1data, RSAUtilities.GetAsymmetricKeyParameterFormPublicKey(_1024_public_key),CipherAlgorithms.RSA_ECB_PKCS1Padding));

     Console.WriteLine();
 }

image

下期預告

下一篇將介紹哈希算法(HMACSHA一、HMACSHA25六、SHA一、SHA1WithRSA、SHA25六、SHA256WithRSA),敬請期待...
spa

相關文章
相關標籤/搜索