如何在 dotnet core 3.1 MacOS 上使用 ECDsa 使用现有私钥对消息进行签名?
How to sign a message with existing private key by using ECDsa on dotnet core 3.1 MacOS?
我通过 运行 以下命令生成了一个密钥:
openssl ecparam -genkey -name secp256k1 -out private.key
值得一提的是,我不得不使用 secp256k1 曲线。
这里是private.key:
-----BEGIN EC PARAMETERS-----
BgUrgQQACg==
-----END EC PARAMETERS-----
-----BEGIN EC PRIVATE KEY-----
MHQCAQEEIMaqRFP3zkco2B2xZaIDQ0/JGcgOqzLPcTTJPqvpu+UooAcGBSuBBAAK
oUQDQgAEp0mktO9BMlsVw9lG8EIxr9wZizBHSlUv3VIbf3sTBmCxE4myJvZcgF8b
qDp0T/o9TqnsBw15LU3wdnqV4tJp6w==
-----END EC PRIVATE KEY-----
然后我尝试签署一些随机的纯文本消息:
var privateKey = CngKey.Import(privateKeyBytes, CngKeyBlobFormat.EccPrivateBlob);
var signer = new ECDsaCng(privateKey);
var signed = signer.SignData(messageBytes, HashAlgorithmName.SHA256);
但是在调用 CngKey.Import 时遇到问题:Windows Cryptography Next Generation (CNG) is not supported on this platform. (MacOS)
有什么办法可以跨平台实现吗?
感谢 Maarten Bodewes I found BouncyCastle.NetCore包。
这是一个解决方案:
public void Main()
{
var asymmetricCipherKeyPair = ReadAsymmetricCipherKeyPairFromPem("./key.pem");
var signature = GetSignature(asymmetricCipherKeyPair.Private, "Some message");
}
private string GetSignature(AsymmetricKeyParameter privateKeyParameter, string message)
{
var signer = SignerUtilities.GetSigner("SHA-256withECDSA");
signer.Init(true, privateKeyParameter);
signer.BlockUpdate(Encoding.ASCII.GetBytes(message), 0, Encoding.ASCII.GetBytes(message).Length);
var signature = signer.GenerateSignature();
return Convert.ToBase64String(signature);
}
private AsymmetricCipherKeyPair ReadAsymmetricCipherKeyPairFromPem(string pathToPem)
{
using var reader = File.OpenText(pathToPem);
var keyPair = (AsymmetricCipherKeyPair)new PemReader(reader).ReadObject();
return keyPair;
}
This library 使用纯 C# 安全地生成密钥、签名和验证 ECDSA-secp256k1 签名。在 .NET Standard 1.3+ 上运行。这是一个例子:
using System;
using EllipticCurve;
PrivateKey privateKey = PrivateKey.fromPem(privateKeyPem);
Signature signature = Ecdsa.sign(message, privateKey);
Console.WriteLine(signature.toBase64());
PublicKey publicKey = privateKey.publicKey();
Console.WriteLine(Ecdsa.verify(message, signature, publicKey));
我通过 运行 以下命令生成了一个密钥:
openssl ecparam -genkey -name secp256k1 -out private.key
值得一提的是,我不得不使用 secp256k1 曲线。
这里是private.key:
-----BEGIN EC PARAMETERS-----
BgUrgQQACg==
-----END EC PARAMETERS-----
-----BEGIN EC PRIVATE KEY-----
MHQCAQEEIMaqRFP3zkco2B2xZaIDQ0/JGcgOqzLPcTTJPqvpu+UooAcGBSuBBAAK
oUQDQgAEp0mktO9BMlsVw9lG8EIxr9wZizBHSlUv3VIbf3sTBmCxE4myJvZcgF8b
qDp0T/o9TqnsBw15LU3wdnqV4tJp6w==
-----END EC PRIVATE KEY-----
然后我尝试签署一些随机的纯文本消息:
var privateKey = CngKey.Import(privateKeyBytes, CngKeyBlobFormat.EccPrivateBlob);
var signer = new ECDsaCng(privateKey);
var signed = signer.SignData(messageBytes, HashAlgorithmName.SHA256);
但是在调用 CngKey.Import 时遇到问题:Windows Cryptography Next Generation (CNG) is not supported on this platform. (MacOS)
有什么办法可以跨平台实现吗?
感谢 Maarten Bodewes I found BouncyCastle.NetCore包。
这是一个解决方案:
public void Main()
{
var asymmetricCipherKeyPair = ReadAsymmetricCipherKeyPairFromPem("./key.pem");
var signature = GetSignature(asymmetricCipherKeyPair.Private, "Some message");
}
private string GetSignature(AsymmetricKeyParameter privateKeyParameter, string message)
{
var signer = SignerUtilities.GetSigner("SHA-256withECDSA");
signer.Init(true, privateKeyParameter);
signer.BlockUpdate(Encoding.ASCII.GetBytes(message), 0, Encoding.ASCII.GetBytes(message).Length);
var signature = signer.GenerateSignature();
return Convert.ToBase64String(signature);
}
private AsymmetricCipherKeyPair ReadAsymmetricCipherKeyPairFromPem(string pathToPem)
{
using var reader = File.OpenText(pathToPem);
var keyPair = (AsymmetricCipherKeyPair)new PemReader(reader).ReadObject();
return keyPair;
}
This library 使用纯 C# 安全地生成密钥、签名和验证 ECDSA-secp256k1 签名。在 .NET Standard 1.3+ 上运行。这是一个例子:
using System;
using EllipticCurve;
PrivateKey privateKey = PrivateKey.fromPem(privateKeyPem);
Signature signature = Ecdsa.sign(message, privateKey);
Console.WriteLine(signature.toBase64());
PublicKey publicKey = privateKey.publicKey();
Console.WriteLine(Ecdsa.verify(message, signature, publicKey));