XML-DSIG 的签名值计算
SignatureValue calculation for XML-DSIG
我正在尝试使用 NET 框架组件(RSACryptoServiceProvider) 在 C++/CLI 中。请有人用更简单的话解释 XMLDSIG 规范 ( http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/ ) 的这段摘录,因为我的编程和数学背景很少,因此很难理解这一点 - 或者提供一段真实代码的摘录作为实施的例子?
The SignatureValue content for an RSA signature is the base64 [MIME]
encoding of the octet string computed as per RFC 2437 [PKCS1, section
8.1.1: Signature generation for the RSASSA-PKCS1-v1_5 signature scheme]. As specified in the EMSA-PKCS1-V1_5-ENCODE function RFC 2437
[PKCS1, section 9.2.1], the value input to the signature function MUST
contain a pre-pended algorithm object identifier for the hash
function, but the availability of an ASN.1 parser and recognition of
OIDs is not required of a signature verifier. The PKCS#1 v1.5
representation appears as: CRYPT (PAD (ASN.1 (OID, DIGEST (data))))
Note that the padded ASN.1 will be of the following form: 01 | FF*
| 00 | prefix | hash where "|" is concatenation, "01", "FF", and "00"
are fixed octets of the corresponding hexadecimal value, "hash" is the
SHA1 digest of the data, and "prefix" is the ASN.1 BER SHA1 algorithm
designator prefix required in PKCS1 [RFC 2437], that is, hex 30 21
30 09 06 05 2B 0E 03 02 1A 05 00 04 14 This prefix is included to make
it easier to use standard cryptographic libraries. The FF octet MUST
be repeated the maximum number of times such that the value of the
quantity being CRYPTed is one octet shorter than the RSA modulus.
换句话说,如果我有某个 XML 元素的 hash 值(不是用 base64 编码的,对吗?),我该怎么办在将它发送到 SignHash(在 RSACryptoServiceProvider)函数之前处理它?
我知道它在文本中,但我很难理解它。
我完全不明白"CRYPT (PAD (ASN.1 (OID, DIGEST (data))))",虽然我理解其中的一部分......我不明白获取OID然后ASN的方式以及如何填充它......
让我试着解释一下这些组件,看看这是否能让你更接近:
- DIGEST(data) 是您已经计算的散列值
- OID 是一个全局唯一标识符,表示所使用的散列算法。对于 SHA1,这是 1.3.14.3.2.26
- ANS.1 表示 OID 和散列值的 ANS.1 编码作为 ASN.1 序列。这意味着参考中列出的十六进制值,后跟实际的哈希值。
- PAD 表示将 01 FF* 01 与 ASN.1 编码的前缀和哈希连接起来以获得所需的长度(FF* 表示将 FF 重复适当的次数,RFC 给出了详细信息)
- CRYPT 是 RSA 加密函数
不过,我相信 signHash-函数会为您完成所有这些工作,您只需提供 OID 和哈希值即可。
我正在尝试使用 NET 框架组件(RSACryptoServiceProvider) 在 C++/CLI 中。请有人用更简单的话解释 XMLDSIG 规范 ( http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/ ) 的这段摘录,因为我的编程和数学背景很少,因此很难理解这一点 - 或者提供一段真实代码的摘录作为实施的例子?
The SignatureValue content for an RSA signature is the base64 [MIME] encoding of the octet string computed as per RFC 2437 [PKCS1, section 8.1.1: Signature generation for the RSASSA-PKCS1-v1_5 signature scheme]. As specified in the EMSA-PKCS1-V1_5-ENCODE function RFC 2437 [PKCS1, section 9.2.1], the value input to the signature function MUST contain a pre-pended algorithm object identifier for the hash function, but the availability of an ASN.1 parser and recognition of OIDs is not required of a signature verifier. The PKCS#1 v1.5 representation appears as: CRYPT (PAD (ASN.1 (OID, DIGEST (data)))) Note that the padded ASN.1 will be of the following form: 01 | FF* | 00 | prefix | hash where "|" is concatenation, "01", "FF", and "00" are fixed octets of the corresponding hexadecimal value, "hash" is the SHA1 digest of the data, and "prefix" is the ASN.1 BER SHA1 algorithm designator prefix required in PKCS1 [RFC 2437], that is, hex 30 21 30 09 06 05 2B 0E 03 02 1A 05 00 04 14 This prefix is included to make it easier to use standard cryptographic libraries. The FF octet MUST be repeated the maximum number of times such that the value of the quantity being CRYPTed is one octet shorter than the RSA modulus.
换句话说,如果我有某个 XML 元素的 hash 值(不是用 base64 编码的,对吗?),我该怎么办在将它发送到 SignHash(在 RSACryptoServiceProvider)函数之前处理它? 我知道它在文本中,但我很难理解它。 我完全不明白"CRYPT (PAD (ASN.1 (OID, DIGEST (data))))",虽然我理解其中的一部分......我不明白获取OID然后ASN的方式以及如何填充它......
让我试着解释一下这些组件,看看这是否能让你更接近:
- DIGEST(data) 是您已经计算的散列值
- OID 是一个全局唯一标识符,表示所使用的散列算法。对于 SHA1,这是 1.3.14.3.2.26
- ANS.1 表示 OID 和散列值的 ANS.1 编码作为 ASN.1 序列。这意味着参考中列出的十六进制值,后跟实际的哈希值。
- PAD 表示将 01 FF* 01 与 ASN.1 编码的前缀和哈希连接起来以获得所需的长度(FF* 表示将 FF 重复适当的次数,RFC 给出了详细信息)
- CRYPT 是 RSA 加密函数
不过,我相信 signHash-函数会为您完成所有这些工作,您只需提供 OID 和哈希值即可。