devbox
你好赵伟
这个屌丝很懒,什么也没留下!
关注作者
热门标签
热门文章
当前位置:   article > 正文

C#使用ECC椭圆曲线算法实现加密与解密&签名与验签,有完整代码_ecdomainparameters

作者:你好赵伟 | 2024-06-17 12:50:59

ecdomainparameters

        在C#、Java、Android中都使用BouncyCastle,以此实现多种环境之间的互通,比如在Java中生成的公私钥,在C#或Android中使用……

        为了在几种环境中得到一致结果,实现时做了一些退化。比如公钥、私钥转为字符串时,直接读取了公私钥的参数,而不是转为PKCS8(java中默认);还比如,C#中找不到ECIES,所以java与C#中都使用SM2实现加解密,等等。

        网上难以搜索到相关实现,所以贴上完整代码。有些地方还不确定是否符号标准,比如公私钥转为字符串时,直接使用其中D、Q值,不确定这种实现在未来版本中是否会变得不适用。如果哪位安全专家看到这篇文章,希望能够批评指正。在Java、C#中测试,两边可以互通。相反,如果在Java中使用Key的getEncoded得到的公私钥,在C#中不能使用;反之亦然,在C#中转为PKCS8,在Java中不能用。

        以下是几个主要函数的说明:

  1. genKeyPair产生公私钥对,密钥长度是256位,据说强度与RSA 3072相当;
  2. sign使用私钥签名,verify使用公钥验签;
  3. encrypt使用公钥加密,decrypt使用私钥解密;
  4. privateKey2Str将私钥转为base64字符串,publicKey2Str将公钥转为base64字符串,对应有str2PublicKey、str2PrivateKey进行逆向转变,此功能用在与js的交互中。

        以上列举的这些功能在至简网格中用到,至简网格是为中小企业信息化准备的,它是一套分布式、服务化、端云结合的开发框架。它可以多实例跨机房、跨城市部署,也可以部署到一部旧手机中。提供的服务都是开源、免费的,以此为中小企业节省成本。其中用到多种技术,对这些技术点的摸索,都记录在CSDN至简网格专栏中,便于自己查找,也希望能帮到需要的人。

  1. using Org.BouncyCastle.Asn1;
  2. using Org.BouncyCastle.Asn1.X9;
  3. using Org.BouncyCastle.Crypto;
  4. using Org.BouncyCastle.Crypto.EC;
  5. using Org.BouncyCastle.Crypto.Engines;
  6. using Org.BouncyCastle.Crypto.Generators;
  7. using Org.BouncyCastle.Crypto.Parameters;
  8. using Org.BouncyCastle.Math;
  9. using Org.BouncyCastle.Math.EC;
  10. using Org.BouncyCastle.Security;
  11. using System;
  12.  
  13. namespace MeshClient.util {
  14. public class Ecc {
  15. 	private const string SIGN_ALGORITHM = "SHA256withECDSA"; //"SM3withSM2";
  16. 	private static readonly SecureRandom random = new SecureRandom();
  17. 	private static readonly ECDomainParameters domainParameters;
  18. 	private readonly ECPrivateKeyParameters privateKey;
  19. 	private readonly ECPublicKeyParameters publicKey;
  20.  
  21. 	static Ecc() {
  22. 		DerObjectIdentifier oid = X9ObjectIdentifiers.Prime256v1;
  23. 		X9ECParameters ecps = CustomNamedCurves.GetByOid(oid);
  24. 		domainParameters = new ECDomainParameters(ecps.Curve, ecps.G, ecps.N, ecps.H, ecps.GetSeed());
  25. 	}
  26.  
  27. 	private Ecc(ECPrivateKeyParameters privateKey, ECPublicKeyParameters publicKey) {
  28. 		this.privateKey = privateKey;
  29. 		this.publicKey = publicKey;
  30. 	}
  31.  
  32. 	public static Ecc instance(AsymmetricCipherKeyPair keyPair) {
  33. 		return new Ecc((ECPrivateKeyParameters)keyPair.Private, (ECPublicKeyParameters)keyPair.Public);
  34. 	}
  35.  
  36. 	public static Ecc instance() {
  37. 		AsymmetricCipherKeyPair keyPair = genKeyPair();
  38. 		return new Ecc((ECPrivateKeyParameters)keyPair.Private, (ECPublicKeyParameters)keyPair.Public);
  39. 	}
  40.  
  41. 	//产生EC公私钥对
  42. 	public static AsymmetricCipherKeyPair genKeyPair() {
  43. 		ECKeyGenerationParameters ecKeyGenerationParameters = new ECKeyGenerationParameters(domainParameters, random);
  44. 		ECKeyPairGenerator gen = new ECKeyPairGenerator();
  45.  
  46. 		gen.Init(ecKeyGenerationParameters);
  47. 		return gen.GenerateKeyPair();
  48. 	}
  49.  
  50. 	/// <summary>
  51. 	/// 签名
  52. 	/// </summary>
  53. 	/// <param name="content">待签名内容</param>
  54. 	/// <param name="privateKey">EC私钥</param>
  55. 	/// <returns></returns>
  56. 	public static byte[] sign(byte[] content, ECPrivateKeyParameters privateKey) {
  57. 		ISigner signer = SignerUtilities.GetSigner(SIGN_ALGORITHM);
  58.  
  59. 		signer.Init(true, new ParametersWithRandom(privateKey, random));
  60. 		signer.BlockUpdate(content, 0, content.Length);
  61.  
  62. 		return signer.GenerateSignature();
  63. 	}
  64.  
  65. 	/// <summary>
  66. 	/// 验签
  67. 	/// </summary>
  68. 	/// <param name="content">待验签内容</param>
  69. 	/// <param name="signature">待比较的签名结果</param>
  70. 	/// <param name="publicKey">EC公钥</param>
  71. 	/// <returns></returns>
  72. 	public static bool verify(byte[] content, byte[] signature, ECPublicKeyParameters publicKey) {
  73. 		ISigner signer = SignerUtilities.GetSigner(SIGN_ALGORITHM);
  74.  
  75. 		signer.Init(false, publicKey);
  76. 		signer.BlockUpdate(content, 0, content.Length);
  77.  
  78. 		return signer.VerifySignature(signature);
  79. 	}
  80.  
  81. 	//使用SM2(国密2)算法解密数据
  82. 	public static byte[] decrypt(byte[] cipherText, ECPrivateKeyParameters privateKey) {
  83. 		SM2Engine sm2Engine = new SM2Engine();
  84. 		sm2Engine.Init(false, privateKey);
  85. 		return sm2Engine.ProcessBlock(cipherText, 0, cipherText.Length);
  86. 	}
  87.  
  88. 	//使用SM2(国密2)算法加密数据
  89. 	public static byte[] encrypt(byte[] plainText, ECPublicKeyParameters publicKey) {
  90. 		SM2Engine sm2Engine = new SM2Engine();
  91. 		sm2Engine.Init(true, new ParametersWithRandom(publicKey, random));
  92. 		return sm2Engine.ProcessBlock(plainText, 0, plainText.Length);
  93. 	}
  94.  
  95. 	/**
  96. 	 * convert a privateKey to string
  97. 	 * @param privateKey 私钥
  98. 	 * @return 私钥字符串,以base64编码
  99. 	 */
  100. 	public static string privateKey2Str(ECPrivateKeyParameters privateKey) {
  101. 		return Convert.ToBase64String(privateKey2Bytes(privateKey));
  102. 	}
  103.  
  104. 	public static byte[] privateKey2Bytes(ECPrivateKeyParameters privateKey) {
  105. 		return privateKey.D.ToByteArray();
  106. 	}
  107.  
  108. 	/**
  109. 	 * convert the privateKey to string
  110. 	 * @return 私钥字符串,以base64编码
  111. 	 */
  112. 	public string privateKey2Str() {
  113. 		return privateKey2Str(this.privateKey);
  114. 	}
  115.  
  116. 	/**
  117. 	 * 将私钥从字符串转为私钥对象
  118. 	 * @param content 私钥字符串,标准base64格式
  119. 	 * @return 私钥
  120. 	 */
  121. 	public static ECPrivateKeyParameters str2PrivateKey(string privateKey) {
  122. 		byte[] publicKeyBytes = Convert.FromBase64String(privateKey);
  123. 		return bytes2PrivateKey(publicKeyBytes);
  124. 	}
  125.  
  126. 	public static ECPrivateKeyParameters bytes2PrivateKey(byte[] privateKey) {
  127. 		BigInteger D = new BigInteger(1, privateKey);
  128. 		return new ECPrivateKeyParameters(D, domainParameters);
  129. 	}
  130.  
  131. 	/**
  132. 	 * convert a publicKey to string
  133. 	 * @param publicKey 公钥
  134. 	 * @return 公钥字符串,以base64格式返回
  135. 	 */
  136. 	public static string publicKey2Str(ECPublicKeyParameters publicKey) {
  137. 		BigInteger x = publicKey.Q.AffineXCoord.ToBigInteger();
  138. 		BigInteger y = publicKey.Q.AffineYCoord.ToBigInteger();
  139. 		byte[] bX = x.ToByteArray();
  140. 		byte[] bY = y.ToByteArray();
  141. 		int xLen = bX.Length;
  142. 		byte[] key = new byte[1 + xLen + bY.Length];
  143. 		key[0] = (byte)xLen; //EC256的情况为32
  144. 		Array.Copy(bX, 0, key, 1, xLen);
  145. 		Array.Copy(bY, 0, key, 1 + xLen, bY.Length);
  146.  
  147. 		return Convert.ToBase64String(key);
  148. 	}
  149.  
  150. 	public string publicKey2Str() {
  151. 		return publicKey2Str(this.publicKey);
  152. 	}
  153.  
  154. 	/**
  155. 	 * 将公钥从字符串转为私钥对象
  156. 	 * @param content 公钥字符串,标准base64格式
  157. 	 * @return 公钥
  158. 	 */
  159. 	public static ECPublicKeyParameters str2PublicKey(string publicKey) {
  160. 		byte[] key = Convert.FromBase64String(publicKey);
  161. 		return bytes2PublicKey(key);
  162. 	}
  163.  
  164. 	public static ECPublicKeyParameters bytes2PublicKey(byte[] key) {
  165. 		int xLen = (key[0]) & 0xff;
  166. 		if (xLen >= key.Length) {
  167. 			throw new ArgumentException("Invalid key data");
  168. 		}
  169. 		byte[] x = new byte[xLen];
  170. 		Array.Copy(key, 1, x, 0, xLen);
  171. 		byte[] y = new byte[key.Length - 1 - xLen];
  172. 		Array.Copy(key, 1 + xLen, y, 0, y.Length);
  173. 		ECPoint Q = domainParameters.Curve.ValidatePoint(new BigInteger(1, x), new BigInteger(1, y));
  174. 		return new ECPublicKeyParameters(Q, domainParameters);
  175. 	}
  176. }
  177. }

        

        

声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/你好赵伟/article/detail/731279
推荐阅读
相关标签

Copyright © 2003-2013 www.wpsshop.cn 版权所有,并保留所有权利。

  

闽ICP备14008679号