关于rsa加密有私钥、公钥
私钥:对外不公开,供自己签名对外输出,对传入的数据进行解密。
公钥:对外公开,供外部人员对数据进行加密传出,然后对传入数据进行验签。
rsa对数据加密有长度限制,若长度可控的情况下,建议转换byte[]进行分段加密传输,
若对于大文件的传输:
建议一:
使用des、aes进行加密大文件,将des/aes的密钥使用rsa加密,使用(https/http)传输,这样既能保证数据安全性也能提高性能。
建议二:
双向签名验签,将大文件进行签名,将签名和文件base64之后使用https一同传输。
建议二中的方式数据安全性则有https负责进行保护,数据的完整性则有签名进行保护,防止数据篡改,
二中方法自己可以针对每个用户都分配一个私钥供用户进行签名,自己这端需要存储每个用户的公钥进行验签,这样保证多个用户情况之下数据安全性。
测试数据:
1 var xmlprikey ="";
2 var xmlpubkey ="";
3 rsa = new RSACryption();
4 //待处理字符串
5 var str="hello成功啊啊!¥%……&*(!@#$%^&*()@#$%^&*()_}::{>>?}{>?{?";
6 var strlen= str.Length;
7 rsa.RSAKey(out xmlprikey, out xmlpubkey);
8 //加密
9 var rsaencrypt= rsa.RSAEncrypt(xmlpubkey, str);
10 //解密
11 var rsadecrypt = rsa.RSADecrypt(xmlprikey, rsaencrypt);
12 //获取hash描述
13 var gethash="";
14 //获取hash值是否成功
15 var hashbool= rsa.GetHash(str, ref gethash);
16 //签名之后的数据
17 var strEncryptedSignatureData ="";
18 //rsa签名
19 rsa.SignatureFormatter(xmlprikey,gethash, ref strEncryptedSignatureData);
20 //rsa验签
21 var SignatureDeformatter =rsa.SignatureDeformatter(xmlpubkey, gethash, strEncryptedSignatureData);
22 //加密之后数据
23 var strEnc="gVVqccxkEIQxMfkXxAmHup9/c0ZMhQzqLJpdrLwysaIaE+o/GFtINp6Q7o1eI4HOIxfdU7/9VEKdPEXakspooXVcH4GZkgWFRhe5VkM7Wj71RiUiEHa+o/H78Fn4q7B0JaiJjiUwfTIr0GHP5nMkPvYDiBZVfzuBARJCcjkrXVM=";
24 var strEncLen= strEnc.Length;
View Code
rsa类库:
class RSACryption
{
#region RSA 加密解密
#region RSA 的密钥产生
/// <summary>
/// RSA产生密钥
/// </summary>
/// <param name="xmlKeys">私钥</param>
/// <param name="xmlPublicKey">公钥</param>
public void RSAKey(out string xmlKeys, out string xmlPublicKey)
{
try
{
System.Security.Cryptography.RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();
xmlKeys = rsa.ToXmlString(true);
xmlPublicKey = rsa.ToXmlString(false);
}
catch (Exception ex)
{
throw ex;
}
}
#endregion
#region RSA加密函数
//##############################################################################
//RSA 方式加密
//KEY必须是XML的形式,返回的是字符串
//该加密方式有长度限制的!
//##############################################################################
/// <summary>
/// RSA的加密函数
/// </summary>
/// <param name="xmlPublicKey">公钥</param>
/// <param name="encryptString">待加密的字符串</param>
/// <returns></returns>
public string RSAEncrypt(string xmlPublicKey, string encryptString)
{
try
{
byte[] PlainTextBArray;
byte[] CypherTextBArray;
string Result;
System.Security.Cryptography.RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();
rsa.FromXmlString(xmlPublicKey);
PlainTextBArray = (new UnicodeEncoding()).GetBytes(encryptString);
CypherTextBArray = rsa.Encrypt(PlainTextBArray, false);
Result = Convert.ToBase64String(CypherTextBArray);
return Result;
}
catch (Exception ex)
{
throw ex;
}
}
/// <summary>
/// RSA的加密函数
/// </summary>
/// <param name="xmlPublicKey">公钥</param>
/// <param name="EncryptString">待加密的字节数组</param>
/// <returns></returns>
public string RSAEncrypt(string xmlPublicKey, byte[] EncryptString)
{
try
{
byte[] CypherTextBArray;
string Result;
System.Security.Cryptography.RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();
rsa.FromXmlString(xmlPublicKey);
CypherTextBArray = rsa.Encrypt(EncryptString, false);
Result = Convert.ToBase64String(CypherTextBArray);
return Result;
}
catch (Exception ex)
{
throw ex;
}
}
#endregion
#region RSA的解密函数
/// <summary>
/// RSA的解密函数
/// </summary>
/// <param name="xmlPrivateKey">私钥</param>
/// <param name="decryptString">待解密的字符串</param>
/// <returns></returns>
public string RSADecrypt(string xmlPrivateKey, string decryptString)
{
try
{
byte[] PlainTextBArray;
byte[] DypherTextBArray;
string Result;
System.Security.Cryptography.RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();
rsa.FromXmlString(xmlPrivateKey);
PlainTextBArray = Convert.FromBase64String(decryptString);
DypherTextBArray = rsa.Decrypt(PlainTextBArray, false);
Result = (new UnicodeEncoding()).GetString(DypherTextBArray);
return Result;
}
catch (Exception ex)
{
throw ex;
}
}
/// <summary>
/// RSA的解密函数
/// </summary>
/// <param name="xmlPrivateKey">私钥</param>
/// <param name="DecryptString">待解密的字节数组</param>
/// <returns></returns>
public string RSADecrypt(string xmlPrivateKey, byte[] DecryptString)
{
try
{
byte[] DypherTextBArray;
string Result;
System.Security.Cryptography.RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();
rsa.FromXmlString(xmlPrivateKey);
DypherTextBArray = rsa.Decrypt(DecryptString, false);
Result = (new UnicodeEncoding()).GetString(DypherTextBArray);
return Result;
}
catch (Exception ex)
{
throw ex;
}
}
#endregion
#endregion
#region RSA数字签名
#region 获取Hash描述表
/// <summary>
/// 获取Hash描述表
/// </summary>
/// <param name="strSource">待签名的字符串</param>
/// <param name="HashData">Hash描述</param>
/// <returns></returns>
public bool GetHash(string strSource, ref byte[] HashData)
{
try
{
byte[] Buffer;
System.Security.Cryptography.HashAlgorithm sha = System.Security.Cryptography.HashAlgorithm.Create("SHA1");
Buffer = Encoding.UTF8.GetBytes(strSource);
HashData = sha.ComputeHash(Buffer);
return true;
}
catch (Exception ex)
{
throw ex;
}
}
/// <summary>
/// 获取Hash描述表
/// </summary>
/// <param name="strSource">待签名的字符串</param>
/// <param name="strHashData">Hash描述</param>
/// <returns></returns>
public bool GetHash(string strSource, ref string strHashData)
{
try
{
//从字符串中取得Hash描述
byte[] Buffer;
byte[] HashData;
System.Security.Cryptography.HashAlgorithm sha = System.Security.Cryptography.HashAlgorithm.Create("SHA1");
Buffer = Encoding.UTF8.GetBytes(strSource);
HashData = sha.ComputeHash(Buffer);
strHashData = Convert.ToBase64String(HashData);
return true;
}
catch (Exception ex)
{
throw ex;
}
}
/// <summary>
/// 获取Hash描述表
/// </summary>
/// <param name="objFile">待签名的文件</param>
/// <param name="HashData">Hash描述</param>
/// <returns></returns>
public bool GetHash(System.IO.FileStream objFile, ref byte[] HashData)
{
try
{
//从文件中取得Hash描述
System.Security.Cryptography.HashAlgorithm sha = System.Security.Cryptography.HashAlgorithm.Create("SHA1");
HashData = sha.ComputeHash(objFile);
objFile.Close();
return true;
}
catch (Exception ex)
{
throw ex;
}
}
/// <summary>
/// 获取Hash描述表
/// </summary>
/// <param name="objFile">待签名的文件</param>
/// <param name="strHashData">Hash描述</param>
/// <returns></returns>
public bool GetHash(System.IO.FileStream objFile, ref string strHashData)
{
try
{
//从文件中取得Hash描述
byte[] HashData;
System.Security.Cryptography.HashAlgorithm sha = System.Security.Cryptography.HashAlgorithm.Create("SHA1");
HashData = sha.ComputeHash(objFile);
objFile.Close();
strHashData = Convert.ToBase64String(HashData);
return true;
}
catch (Exception ex)
{
throw ex;
}
}
#endregion
#region RSA签名
/// <summary>
/// RSA签名
/// </summary>
/// <param name="strKeyPrivate">私钥</param>
/// <param name="HashbyteSignature">待签名Hash描述</param>
/// <param name="EncryptedSignatureData">签名后的结果</param>
/// <returns></returns>
public bool SignatureFormatter(string strKeyPrivate, byte[] HashbyteSignature, ref byte[] EncryptedSignatureData)
{
try
{
System.Security.Cryptography.RSACryptoServiceProvider RSA = new System.Security.Cryptography.RSACryptoServiceProvider();
RSA.FromXmlString(strKeyPrivate);
System.Security.Cryptography.RSAPKCS1SignatureFormatter RSAFormatter = new System.Security.Cryptography.RSAPKCS1SignatureFormatter(RSA);
//设置签名的算法为MD5
RSAFormatter.SetHashAlgorithm("SHA1");
//执行签名
EncryptedSignatureData = RSAFormatter.CreateSignature(HashbyteSignature);
return true;
}
catch (Exception ex)
{
throw ex;
}
}
/// <summary>
/// RSA签名
/// </summary>
/// <param name="strKeyPrivate">私钥</param>
/// <param name="HashbyteSignature">待签名Hash描述</param>
/// <param name="m_strEncryptedSignatureData">签名后的结果</param>
/// <returns></returns>
public bool SignatureFormatter(string strKeyPrivate, byte[] HashbyteSignature, ref string strEncryptedSignatureData)
{
try
{
byte[] EncryptedSignatureData;
System.Security.Cryptography.RSACryptoServiceProvider RSA = new System.Security.Cryptography.RSACryptoServiceProvider();
RSA.FromXmlString(strKeyPrivate);
System.Security.Cryptography.RSAPKCS1SignatureFormatter RSAFormatter = new System.Security.Cryptography.RSAPKCS1SignatureFormatter(RSA);
//设置签名的算法为MD5
RSAFormatter.SetHashAlgorithm("SHA1");
//执行签名
EncryptedSignatureData = RSAFormatter.CreateSignature(HashbyteSignature);
strEncryptedSignatureData = Convert.ToBase64String(EncryptedSignatureData);
return true;
}
catch (Exception ex)
{
throw ex;
}
}
/// <summary>
/// RSA签名
/// </summary>
/// <param name="strKeyPrivate">私钥</param>
/// <param name="strHashbyteSignature">待签名Hash描述</param>
/// <param name="EncryptedSignatureData">签名后的结果</param>
/// <returns></returns>
public bool SignatureFormatter(string strKeyPrivate, string strHashbyteSignature, ref byte[] EncryptedSignatureData)
{
try
{
byte[] HashbyteSignature;
HashbyteSignature = Convert.FromBase64String(strHashbyteSignature);
System.Security.Cryptography.RSACryptoServiceProvider RSA = new System.Security.Cryptography.RSACryptoServiceProvider();
RSA.FromXmlString(strKeyPrivate);
System.Security.Cryptography.RSAPKCS1SignatureFormatter RSAFormatter = new System.Security.Cryptography.RSAPKCS1SignatureFormatter(RSA);
//设置签名的算法为MD5
RSAFormatter.SetHashAlgorithm("SHA1");
//执行签名
EncryptedSignatureData = RSAFormatter.CreateSignature(HashbyteSignature);
return true;
}
catch (Exception ex)
{
throw ex;
}
}
/// <summary>
/// RSA签名
/// </summary>
/// <param name="strKeyPrivate">私钥</param>
/// <param name="strHashbyteSignature">待签名Hash描述</param>
/// <param name="strEncryptedSignatureData">签名后的结果</param>
/// <returns></returns>
public bool SignatureFormatter(string strKeyPrivate, string strHashbyteSignature, ref string strEncryptedSignatureData)
{
try
{
byte[] HashbyteSignature;
byte[] EncryptedSignatureData;
HashbyteSignature = Convert.FromBase64String(strHashbyteSignature);
System.Security.Cryptography.RSACryptoServiceProvider RSA = new System.Security.Cryptography.RSACryptoServiceProvider();
RSA.FromXmlString(strKeyPrivate);
System.Security.Cryptography.RSAPKCS1SignatureFormatter RSAFormatter = new System.Security.Cryptography.RSAPKCS1SignatureFormatter(RSA);
//设置签名的算法为MD5
RSAFormatter.SetHashAlgorithm("SHA1");
//执行签名
EncryptedSignatureData = RSAFormatter.CreateSignature(HashbyteSignature);
strEncryptedSignatureData = Convert.ToBase64String(EncryptedSignatureData);
return true;
}
catch (Exception ex)
{
throw ex;
}
}
#endregion
#region RSA 签名验证
/// <summary>
/// RSA签名验证
/// </summary>
/// <param name="strKeyPublic">公钥</param>
/// <param name="HashbyteDeformatter">Hash描述</param>
/// <param name="DeformatterData">签名后的结果</param>
/// <returns></returns>
public bool SignatureDeformatter(string strKeyPublic, byte[] HashbyteDeformatter, byte[] DeformatterData)
{
try
{
System.Security.Cryptography.RSACryptoServiceProvider RSA = new System.Security.Cryptography.RSACryptoServiceProvider();
RSA.FromXmlString(strKeyPublic);
System.Security.Cryptography.RSAPKCS1SignatureDeformatter RSADeformatter = new System.Security.Cryptography.RSAPKCS1SignatureDeformatter(RSA);
//指定解密的时候HASH算法为SHA1
RSADeformatter.SetHashAlgorithm("SHA1");
if (RSADeformatter.VerifySignature(HashbyteDeformatter, DeformatterData))
{
return true;
}
else
{
return false;
}
}
catch (Exception ex)
{
throw ex;
}
}
/// <summary>
/// RSA签名验证
/// </summary>
/// <param name="strKeyPublic">公钥</param>
/// <param name="strHashbyteDeformatter">Hash描述</param>
/// <param name="DeformatterData">签名后的结果</param>
/// <returns></returns>
public bool SignatureDeformatter(string strKeyPublic, string strHashbyteDeformatter, byte[] DeformatterData)
{
try
{
byte[] HashbyteDeformatter;
HashbyteDeformatter = Convert.FromBase64String(strHashbyteDeformatter);
System.Security.Cryptography.RSACryptoServiceProvider RSA = new System.Security.Cryptography.RSACryptoServiceProvider();
RSA.FromXmlString(strKeyPublic);
System.Security.Cryptography.RSAPKCS1SignatureDeformatter RSADeformatter = new System.Security.Cryptography.RSAPKCS1SignatureDeformatter(RSA);
//指定解密的时候HASH算法为SHA1
RSADeformatter.SetHashAlgorithm("SHA1");
if (RSADeformatter.VerifySignature(HashbyteDeformatter, DeformatterData))
{
return true;
}
else
{
return false;
}
}
catch (Exception ex)
{
throw ex;
}
}
/// <summary>
/// RSA签名验证
/// </summary>
/// <param name="strKeyPublic">公钥</param>
/// <param name="HashbyteDeformatter">Hash描述</param>
/// <param name="strDeformatterData">签名后的结果</param>
/// <returns></returns>
public bool SignatureDeformatter(string strKeyPublic, byte[] HashbyteDeformatter, string strDeformatterData)
{
try
{
byte[] DeformatterData;
System.Security.Cryptography.RSACryptoServiceProvider RSA = new System.Security.Cryptography.RSACryptoServiceProvider();
RSA.FromXmlString(strKeyPublic);
System.Security.Cryptography.RSAPKCS1SignatureDeformatter RSADeformatter = new System.Security.Cryptography.RSAPKCS1SignatureDeformatter(RSA);
//指定解密的时候HASH算法为SHA1
RSADeformatter.SetHashAlgorithm("SHA1");
DeformatterData = Convert.FromBase64String(strDeformatterData);
if (RSADeformatter.VerifySignature(HashbyteDeformatter, DeformatterData))
{
return true;
}
else
{
return false;
}
}
catch (Exception ex)
{
throw ex;
}
}
/// <summary>
/// RSA签名验证
/// </summary>
/// <param name="strKeyPublic">公钥</param>
/// <param name="strHashbyteDeformatter">Hash描述</param>
/// <param name="strDeformatterData">签名后的结果</param>
/// <returns></returns>
public bool SignatureDeformatter(string strKeyPublic, string strHashbyteDeformatter, string strDeformatterData)
{
try
{
byte[] DeformatterData;
byte[] HashbyteDeformatter;
HashbyteDeformatter = Convert.FromBase64String(strHashbyteDeformatter);
System.Security.Cryptography.RSACryptoServiceProvider RSA = new System.Security.Cryptography.RSACryptoServiceProvider();
RSA.FromXmlString(strKeyPublic);
System.Security.Cryptography.RSAPKCS1SignatureDeformatter RSADeformatter = new System.Security.Cryptography.RSAPKCS1SignatureDeformatter(RSA);
//指定解密的时候HASH算法为SHA1
RSADeformatter.SetHashAlgorithm("SHA1");
DeformatterData = Convert.FromBase64String(strDeformatterData);
if (RSADeformatter.VerifySignature(HashbyteDeformatter, DeformatterData))
{
return true;
}
else
{
return false;
}
}
catch (Exception ex)
{
throw ex;
}
}
#endregion
#endregion
}
View Code