RSA 非對稱金鑰加解密與數位簽章筆記

staticvoid RSAEncDec()

{

//建立RSA公私鑰

    var rsaEnc = new RSACryptoServiceProvider();

//Key長度384-16384, Win8.1+最小512

//預設1024，可new RSACryptoServiceProvider(2048)指定不同大小

    Console.WriteLine($"KeySize={rsaEnc.KeySize}");

//匯出公鑰(用於解密，檢驗簽章)，XML格式

    var pubKey = rsaEnc.ToXmlString(false);

    Console.WriteLine($"PubKey={pubKey}");

//匯出公私鑰

    var rsaKeys = rsaEnc.ToXmlString(true);

    Console.WriteLine($"RSAKeys={rsaKeys}");

//加密小段文字(用公鑰)

    var rawText = ".NET Rocks!";

    var rawData = Encoding.UTF8.GetBytes(rawText);

//第二個參數指定是否使用OAEP提高安全性

    var encData = rsaEnc.Encrypt(rawData, true);

//產生數位簽章

    var stream = new MemoryStream(rawData);

    var signature = rsaEnc.SignData(stream, 

new SHA1CryptoServiceProvider());

//** 解密 ** 需要公私鑰

    var rsaDec = new RSACryptoServiceProvider();

//從XML還原公私鑰

    rsaDec.FromXmlString(rsaKeys);

//使用私鑰解密

    var decData = rsaDec.Decrypt(encData, true);

    var test = Encoding.UTF8.GetString(decData);

    Console.WriteLine($"解密結果: {test}");

//** 驗章 ** 只需公鑰

    var rsa4Sign = new RSACryptoServiceProvider();

    rsa4Sign.FromXmlString(pubKey);

//檢驗數位簽章

    var valid = rsa4Sign.VerifyData(decData, 

new SHA1CryptoServiceProvider(), signature);

    Console.WriteLine($"數位簽章: {(valid?"PASS":"FAILED")}");

//測試修改一個Byte讓簽章無效

    decData[0]++;

    valid = rsa4Sign.VerifyData(decData, 

new SHA1CryptoServiceProvider(), signature);

    Console.WriteLine($"篡改版數位簽章: {(valid ? "PASS" : "FAILED")}");

}

staticvoid RsaEncDecFile()

{

//建立RSA公私鑰

    var rsaEnc = new RSACryptoServiceProvider(2048);

//匯出金鑰

    var pubKey = rsaEnc.ToXmlString(false);

    var rsaKeys = rsaEnc.ToXmlString(true);

//建立AES Managed時產生隨機Key及IV，不用另行指定

    var aes = new AesManaged();

    var encAesKeyIV = aes.Key.Concat(aes.IV).ToArray();

    var aesKeyEncrypted = rsaEnc.Encrypt(encAesKeyIV, true);

byte[] signature;

    Stopwatch sw = new Stopwatch();

    sw.Start();

//準備加密Stream

using (var encFile = 

new FileStream("D:\\Encrypted.bin", FileMode.Create))

    {

using (var outStream = new

            CryptoStream(

                encFile, aes.CreateEncryptor(), CryptoStreamMode.Write))

        {

//讀取約500MB檔案寫入加密Stream

using (var fs = new FileStream("D:\\Source.zip",

                FileMode.Open))

            {

//REF: Buffer Size 64K CPU clock 較少 

//https://goo.gl/UAuPyt

                var buff = newbyte[65536];

int bytesRead = 0;

while ((bytesRead = fs.Read(buff, 0, buff.Length)) > 0)

                {

                    outStream.Write(buff, 0, bytesRead);

                }

            }

        }

    }

    sw.Stop();

    Console.WriteLine($"加密耗時: {sw.ElapsedMilliseconds}ms");

byte[] srcHash = SHA1.Create().ComputeHash(

new FileStream("D:\\Source.zip", FileMode.Open));

    signature = rsaEnc.SignHash(srcHash, CryptoConfig.MapNameToOID("SHA1"));

    var rsaDec = new RSACryptoServiceProvider();

//從XML還原公私鑰

    rsaDec.FromXmlString(rsaKeys);

//解密出AES Key

    var aesKeyIV = rsaDec.Decrypt(aesKeyEncrypted, true);

    aes = new AesManaged()

    {

        KeySize = 256,

        Key = aesKeyIV.Take(32).ToArray(),

        IV = aesKeyIV.Skip(32).Take(16).ToArray(),

        BlockSize = 128

    };

    sw.Restart();

//準備解密Stream

using (var decFile = new FileStream("D:\\Decrypted.zip", FileMode.Create))

    {

using (var encFile = new FileStream("D:\\Encrypted.bin", FileMode.Open))

        {

using (var decStream = new CryptoStream(encFile,

                aes.CreateDecryptor(), CryptoStreamMode.Read))

            {

                var buff = newbyte[65536];

int bytesRead = 0;

while ((bytesRead = decStream.Read(buff, 0, buff.Length)) > 0)

                {

                    decFile.Write(buff, 0, bytesRead);

                }

            }

        }

    }

    sw.Stop();

    Console.WriteLine($"解密耗時: {sw.ElapsedMilliseconds}ms");

//印出解密檔案Hash與原始檔比對是否相同

byte[] decHash = SHA1.Create().ComputeHash(

new FileStream("D:\\Decrypted.zip", FileMode.Open));

    Console.WriteLine($"Source SHA1={BitConverter.ToString(srcHash)}");

    Console.WriteLine($"Decrypted SHA1={BitConverter.ToString(decHash)}");

//檢驗數位簽章

    var valid =

        rsaDec.VerifyHash(decHash, CryptoConfig.MapNameToOID("SHA1"), signature);

    Console.WriteLine($"數位簽章: {(valid ? "PASS" : "FAILED")}");

}

staticvoid RsaKeyContainer()

{

//在個人RSA容器區建立金鑰容器並存入RSA金鑰

//一個KeyContainerName對應一把金鑰

    var csp1 = new CspParameters();

    csp1.KeyContainerName = "RSALab";

    var rsa1 = new RSACryptoServiceProvider(csp1);

//如果要從外部匯入金鑰，先建立RSA再FromXmlString()

    var csp2 = new CspParameters()

    {

        KeyContainerName = "RSALab"

    };

    var rsa2 = new RSACryptoServiceProvider(csp2);

    rsa2.PersistKeyInCsp = true;

    rsa2.FromXmlString("...");

//若同名金鑰容器已存在，自動取回上次存入的金鑰

    var csp3 = new CspParameters()

    {

        KeyContainerName = "RSALab"

    };

    var rsa3 = new RSACryptoServiceProvider(csp3);

//要刪除金鑰，先取消PersistKeyInCsp再Clear()

//金鑰容器也會一併被刪除

    var csp4 = new CspParameters()

    {

        KeyContainerName = "RSALab"

    };

    var rsa4 = new RSACryptoServiceProvider(csp4);

    rsa4.PersistKeyInCsp = false;

    rsa4.Clear();

}