如何验证应用程序启动器更新程序的文件?
How to verify files for application launcher-updater?
我正在尝试为我的游戏启动器添加一些功能。游戏exe启动前需要验证游戏文件。如果任何文件损坏,更新程序将再次下载该文件。可以从服务器上的 xml 文件验证文件(检查文件字节或 md5)。我真的不擅长编程,但正在尝试学习 C#。如果有人指导我,我将不胜感激。
MD5 校验和是一种简单但并非万无一失的验证方法。
我建议使用加密签名,这是一种校验和(现在通常是 SHA256),其加密方式允许收件人验证有效负载的真实性。
使用这种技术,您的用户不仅知道有效载荷是有效的,而且知道它来自您,而不是入侵您网站的人。
当然,这取决于您私钥的安全性,因此请妥善保管。
您可以按照 https://msdn.microsoft.com/en-us/library/hk8wx38z(v=vs.110).aspx
上的教程进行操作
微软说:
Digital signatures are usually applied to hash values that represent larger data. The following example applies a digital signature to a hash value. First, a new instance of the RSACryptoServiceProvider class is created to generate a public/private key pair. Next, the RSACryptoServiceProvider is passed to a new instance of the RSAPKCS1SignatureFormatter class. This transfers the private key to the RSAPKCS1SignatureFormatter, which actually performs the digital signing. Before you can sign the hash code, you must specify a hash algorithm to use. This example uses the SHA1 algorithm. Finally, the CreateSignature method is called to perform the signing.
class Class1
{
static void Main()
{
//The hash value to sign.
byte[] HashValue = {59,4,248,102,77,97,142,201,210,12,224,93,25,41,100,197,213,134,130,135};
//The value to hold the signed value.
byte[] SignedHashValue;
//Generate a public/private key pair.
RSACryptoServiceProvider RSA = new RSACryptoServiceProvider();
//Create an RSAPKCS1SignatureFormatter object and pass it the
//RSACryptoServiceProvider to transfer the private key.
RSAPKCS1SignatureFormatter RSAFormatter = new RSAPKCS1SignatureFormatter(RSA);
//Set the hash algorithm to SHA1.
RSAFormatter.SetHashAlgorithm("SHA1");
//Create a signature for HashValue and assign it to
//SignedHashValue.
SignedHashValue = RSAFormatter.CreateSignature(HashValue);
}
}
对于 XML 特别是:
The .NET Framework provides the System.Security.Cryptography.Xml namespace, which enables you sign XML. Signing XML is important when you want to verify that the XML originates from a certain source. For example, if you are using a stock quote service that uses XML, you can verify the source of the XML if it is signed.
我正在尝试为我的游戏启动器添加一些功能。游戏exe启动前需要验证游戏文件。如果任何文件损坏,更新程序将再次下载该文件。可以从服务器上的 xml 文件验证文件(检查文件字节或 md5)。我真的不擅长编程,但正在尝试学习 C#。如果有人指导我,我将不胜感激。
MD5 校验和是一种简单但并非万无一失的验证方法。
我建议使用加密签名,这是一种校验和(现在通常是 SHA256),其加密方式允许收件人验证有效负载的真实性。
使用这种技术,您的用户不仅知道有效载荷是有效的,而且知道它来自您,而不是入侵您网站的人。
当然,这取决于您私钥的安全性,因此请妥善保管。
您可以按照 https://msdn.microsoft.com/en-us/library/hk8wx38z(v=vs.110).aspx
上的教程进行操作微软说:
Digital signatures are usually applied to hash values that represent larger data. The following example applies a digital signature to a hash value. First, a new instance of the RSACryptoServiceProvider class is created to generate a public/private key pair. Next, the RSACryptoServiceProvider is passed to a new instance of the RSAPKCS1SignatureFormatter class. This transfers the private key to the RSAPKCS1SignatureFormatter, which actually performs the digital signing. Before you can sign the hash code, you must specify a hash algorithm to use. This example uses the SHA1 algorithm. Finally, the CreateSignature method is called to perform the signing.
class Class1
{
static void Main()
{
//The hash value to sign.
byte[] HashValue = {59,4,248,102,77,97,142,201,210,12,224,93,25,41,100,197,213,134,130,135};
//The value to hold the signed value.
byte[] SignedHashValue;
//Generate a public/private key pair.
RSACryptoServiceProvider RSA = new RSACryptoServiceProvider();
//Create an RSAPKCS1SignatureFormatter object and pass it the
//RSACryptoServiceProvider to transfer the private key.
RSAPKCS1SignatureFormatter RSAFormatter = new RSAPKCS1SignatureFormatter(RSA);
//Set the hash algorithm to SHA1.
RSAFormatter.SetHashAlgorithm("SHA1");
//Create a signature for HashValue and assign it to
//SignedHashValue.
SignedHashValue = RSAFormatter.CreateSignature(HashValue);
}
}
对于 XML 特别是:
The .NET Framework provides the System.Security.Cryptography.Xml namespace, which enables you sign XML. Signing XML is important when you want to verify that the XML originates from a certain source. For example, if you are using a stock quote service that uses XML, you can verify the source of the XML if it is signed.