数据加密总结进阶（5） 完

数字签名被用来验证发送者的身份和确认数据的完整性.它经常和公钥加密一起使用.

How Digital Signature work 数字签名是如何工作的呢?

一已经提到了 不再说了

NET构架中提供了RSACryptoServiceProvider, RSAPKCS1SignatureFormatter 和 RSAPKCS1SignatureDeformatter三个类创建和验证数字签名.他们都在System.Security.Cryptography命名空间内.

在这个例子中我们将创建一个叫做DigitalSignatureHelper 的类,这的功能就是创建和验证数字签名.注意运行这个例子的顺序.你需要用到我们上一篇做的MD5HashHelper类

public class DigitalSignatureHelper
{
RSAParameters m_private;
RSAParameters m_public;

public byte[] CreateSignature(byte[] hash)
{
RSACryptoServiceProvider RSA =
new RSACryptoServiceProvider();
RSAPKCS1SignatureFormatter RSAFormatter =
new RSAPKCS1SignatureFormatter(RSA);
RSAFormatter.SetHashAlgorithm("MD5");
m_public=RSA.ExportParameters(false);
m_private=RSA.ExportParameters(true);
return RSAFormatter.CreateSignature(hash);
}

public bool VerifySignature(byte[] hash,byte[] signedhash)
{
RSACryptoServiceProvider RSA = new RSACryptoServiceProvider();
RSAParameters RSAKeyInfo=new RSAParameters();
RSAKeyInfo.Modulus = m_public.Modulus;
RSAKeyInfo.Exponent = m_public.Exponent;
RSA.ImportParameters(RSAKeyInfo);
RSAPKCS1SignatureDeformatter RSADeformatter =
new RSAPKCS1SignatureDeformatter(RSA);
RSADeformatter.SetHashAlgorithm("MD5");
return RSADeformatter.VerifySignature(hash, signedhash);
}
}

Let's understand the code step-by-step.

We create a class called DigitalSignatureHelper with two private variables and two methods.

我们创建一个叫做DigitalSignatureHelper的类,他包含两个私有的成员变量和两个方法.

The class level variables m_private and m_public are of type RSAParameters and are used to store public and private key information.

m_private 和 m_public两个私有变量是 RSAParameters 类型,用来存储公钥和私钥的信息.

The method CreateSignature() accepts the hash value that has to be signed and returns the digitally signed hash as a return value

CreateSignature() 方法接收一个将要被签名的哈希值,返回被数字签名过的哈希值.

Inside this function we create an instance of a class called RSACryptoServiceProvider.

在方法体内部我们创建了一个RSACryptoServiceProvider类的实例.

We also create an instance of a class called RSAPKCS1SignatureFormatter and pass the instance of RSACryptoServiceProvider in its constructor.

我们也创建了一个RSAPKCS1SignatureFormatter 类的实例,并且在RSAPKCS1SignatureFormatter 类的构造函数中传递RSACryptoServiceProvider 类的实例.

The RSAPKCS1SignatureFormatter class is used to create PKCS #1 (Public Key Cryptographic Signature) version 1.5 signature. Where as RSACryptoServiceProvider provides encryption services.

RSAPKCS1SignatureFormatter 类被用来创建PKCS #1(注:公钥加密签名)版本的签名.这个类提供加密服务.

Since we will be using MD5 as a hashing algorithm, we call SetHashAlgorithm() method of RSAPKCS1SignatureFormatter and pass "MD5" as a parameter. If your hashing algorithm is SHA1 you would have passed SHA1 instead.

因为我们将用MD5作为哈希算法,所以我们调用RSAPKCS1SignatureFormatter 类的SetHashAlgorithm() 方法,并且传递MD5的参数.如果你使用的是SHA1的哈希算法,那么你就要传弟SHA1的参数.

Then we call ExportParameters() method of RSACryptoServiceProvider to get public and private keys generated. We store these keys the class level variables m_public and m_private respectively.

然后我们调用RSACryptoServiceProvider 类的ExportParameters() 方法来产生公钥和私钥.并且我们分别把公钥和私钥存储在变量m_public 和 m_private

Finally we call CreateSignature() method of RSAPKCS1SignatureFormatter class which returns the signature. The same is returned as the return value of the function. ]

最后,我们调用RSAPKCS1SignatureFormatter类的CreateSignature() 方法返回我们要的数字签名.

The VerifySignature() method accepts two parameters - original hash value and signed hash value. It compares the hashes and return true if they match.

VerifySignature() 方法接收两个变量:一个是原始的哈希值,一个是已签名的哈希值.这个方法将对比两个哈希值,如果匹配就返回True,否则返回False.

Inside this function we create an instance of RSACryptoServiceProvider class.

在这个方法内我们创建了RSACryptoServiceProvider类的实例.

We need to supply key information during signature verification and hence we create an instance of RSAParameters structure.

在签名验证时我们需要提拱密钥信息,所以我们创建了RSAParameters 结构类型的一个实例.

The Modulus and Exponent properties of this structure are set to the equivalent properties of previously obtained public key (m_public).

这个结构类型的 Modulus 和 Exponent属性是用来设置和获得公钥的.

We then call ImportParameters() method of RSACryptoServiceProvider to import the key information into the instance.

然后,我们调用RSACryptoServiceProvider类的方法ImportParameters(),并且导入密钥信息到这个实例中.

Then we create an instance of RSAPKCS1SignatureDeformatter class. This class is used to verify RSA PKCS #1 version 1.5 signatures.

然后,我们创建一个RSAPKCS1SignatureDeformatter 类的实例.这个类用来验证RSA PKCS #1 version 1.5的签名.

Again, we set the hashing algorithm to MD5 using SetHashAlgorithm() method of RSAPKCS1SignatureDeformatter class.

再次用RSAPKCS1SignatureDeformatter类的SetHashAlgorithm()方法设置哈希算法成"MD5"的.

Finally we call VerifySignature() method of RSAPKCS1SignatureDeformatter class and pass original hash value and signed hash value to it. This method returns true if the signature is verified successfully else it returns false. The same return value is returned as to the caller.

最后,我们调用RSAPKCS1SignatureDeformatter类的VerifySignature() 方法,并且传递原始的哈希值和签名后的哈希值.这个方法在验证成功后将返回True,否则返回False.同时他也会把这个结果返回给调用者.