如何在C＃中使用ANSI X9.31 RSA創建數字簽名？

Question

我想弄清楚如何使用ANSI X9.31版本的RSA數字簽名算法創建數字簽名。這與PKCS＃1實現不同，主要是由於填充方案。

我以爲我可以使用RSACryptoServiceProvider SignHash;但是，這使用PKCS＃1或OAEP。我無法弄清楚如何使用ANS X9.31填充。幫幫我？

編輯：如果我使用BouncyCastle，是否需要使用「RSABlindingEngine」或者我可以只使用「RSAEngine」？看下面的例子：

using System.Security.Cryptography; 

public byte[] SignSha256AnsiX931Rsa(
    byte[] data, 
    System.Security.Cryptography.X509Certificates.X509Certificate2 certificate) 
{ 
    // Do a SHA-256 hash of the data, using CNG 
    SHA256Cng sha = new SHA256Cng(); 
    byte[] digest = sha.ComputeHash(data); 

    // Pad the hash using ANSI X9.31 padding scheme 
    byte[] paddedHash = AnsiX931PadData(digest); 

    // Encrypt the data using RSA encryption 
    return RsaEncryptData(paddedHash, certificate); 
} 

/// <summary> 
/// Pads the passed in SHA-256 hash (32-bytes) using the padding scheme 
/// specified for ANS X9.31 RSA digital signatures. 
/// </summary> 
/// <param name="sha256HashedData">The 32-byte hash</param> 
public byte[] AnsiX931PadData(byte[] sha256HashedData) 
{ 
    // N = Modulus Length (in bytes) = 256, where modulus is 2048-bits (length of private key) 
    // M = Message 
    // k = Hash Output = Digest = Hash(M) 
    // z = Len(k) (in bytes) = 32, where using Hash = SHA-256 
    // p = number of fixed padding bytes, in this case 4 (6b, ba, 34, and cc) 
    // 
    // Padded Hash = 6b [bb]*x ba [k] 34 cc, where x = 220 (N - z - 4 = 256 - 32 - 4 = 220) 
    // [6b bb bb ... bb ba] [Hash(M)] [hashID=34] [cc] 
    // 
    // See: 
    // http://www.drdobbs.com/rsa-digital-signatures/184404605?pgno=6 
    // http://books.google.com/books?id=7gBn_gEBQesC&lpg=PA388&dq=x9.31%20padding&pg=PA386#v=onepage&q=x9.31%20padding&f=false 

    const int MOD_LENGTH = 256; // 2048-bit private key length 
    const int PAD_LENGTH = 4; // number of fixed padding bytes, in this case 4 (6b, ba, 34, and cc) 
    const int HASH_LENGTH = 32; // where using Hash = SHA-256 

    if (sha256HashedData.Length != HASH_LENGTH) throw new ArgumentException("The hash provided is the incorrect length"); 

    List<byte> paddedHash = new List<byte>(MOD_LENGTH); 

    paddedHash.Add(0x6b); 

    int bbRepeats = MOD_LENGTH - HASH_LENGTH - PAD_LENGTH; 

    for (int ii = 0; ii < bbRepeats; ii++) 
    { 
     paddedHash.Add(0xbb); 
    } 

    paddedHash.Add(0xba); 
    paddedHash.AddRange(sha256HashedData); 
    paddedHash.Add(0x34); // SHA-256 Hash ID; 0x33 = SHA-1 
    paddedHash.Add(0xcc); 

    return paddedHash.ToArray(); 
} 

/// <summary> 
/// Encrypts the data using an X509 certificate and the RSA encryption scheme 
/// </summary> 
public byte[] RsaEncryptData(
    byte[] data, 
    System.Security.Cryptography.X509Certificates.X509Certificate2 certificate) 
{ 
    Org.BouncyCastle.Crypto.Engines.RsaBlindedEngine engine = new Org.BouncyCastle.Crypto.Engines.RsaBlindedEngine(); 
    engine.Init(true, getBouncyPrivateKey(certificate)); 
    return engine.ProcessBlock(data, 0, data.Length); 
} 

/// <summary> 
/// Gets the private key from an X509Certificate 
/// </summary> 
private Org.BouncyCastle.Crypto.AsymmetricKeyParameter getBouncyPrivateKey(
    System.Security.Cryptography.X509Certificates.X509Certificate2 certificate) 
{ 
    // Need to transform the key from X509 to RSACrypto so we can do SHA-256 since 
    // X509 only supports SHA-1: 
    System.Security.Cryptography.RSACryptoServiceProvider key = new System.Security.Cryptography.RSACryptoServiceProvider(2048); 

    // Round-trip the key to XML and back, there might be a better way but this works 
    key.FromXmlString(certificate.PrivateKey.ToXmlString(true)); 

    return Org.BouncyCastle.Security.DotNetUtilities.GetKeyPair(key).Private; 
} 

Answer 1

棘手。您可以使用或從Bouncy Castle for C#中提取RSA致盲引擎，然後自己執行填充/解除壓縮。在this age old Dr Dobbs article中有描述。