How Digital Signature work 數字簽名是如何工作的呢?
一已經提到了 不再說了
NET構架中提供了RSACryptoServiceProvider, RSAPKCS1SignatureFormatter 和 RSAPKCS1SignatureDeformatter三個類創建和驗證數字簽名.他們都在System.Security.Cryptography命名空間內.
在這個例子中我們將創建一個叫做DigitalSignatureHelper 的類,這的功能就是創建和驗證數字簽名.注意運行這個例子的順序.你需要用到我們上一篇做的MD5HashHelper類
Let's understand the code step-by-step.
- We create a class called DigitalSignatureHelper with two private variables and two methods.
我們創建一個叫做DigitalSignatureHelper的類,他包含兩個私有的成員變量和兩個方法.
- The class level variables m_private and m_public are of type RSAParameters and are used to store public and private key information.
m_private 和 m_public兩個私有變量是 RSAParameters 類型,用來存儲公鑰和私鑰的信息.
- The method CreateSignature() accepts the hash value that has to be signed and returns the digitally signed hash as a return value
CreateSignature() 方法接收一個將要被簽名的哈希值,返回被數字簽名過的哈希值.
- Inside this function we create an instance of a class called RSACryptoServiceProvider.
在方法體內部我們創建了一個RSACryptoServiceProvider類的實例.
- We also create an instance of a class called RSAPKCS1SignatureFormatter and pass the instance of RSACryptoServiceProvider in its constructor.
我們也創建了一個RSAPKCS1SignatureFormatter 類的實例,並且在RSAPKCS1SignatureFormatter 類的構造函數中傳遞RSACryptoServiceProvider 類的實例.
- The RSAPKCS1SignatureFormatter class is used to create PKCS #1 (Public Key Cryptographic Signature) version 1.5 signature. Where as RSACryptoServiceProvider provides encryption services.
RSAPKCS1SignatureFormatter 類被用來創建PKCS #1(注:公鑰加密簽名)版本的簽名.這個類提供加密服務.
- Since we will be using MD5 as a hashing algorithm, we call SetHashAlgorithm() method of RSAPKCS1SignatureFormatter and pass "MD5" as a parameter. If your hashing algorithm is SHA1 you would have passed SHA1 instead.
因爲我們將用MD5作爲哈希算法,所以我們調用RSAPKCS1SignatureFormatter 類的SetHashAlgorithm() 方法,並且傳遞MD5的參數.如果你使用的是SHA1的哈希算法,那麼你就要傳弟SHA1的參數.
- Then we call ExportParameters() method of RSACryptoServiceProvider to get public and private keys generated. We store these keys the class level variables m_public and m_private respectively.
然後我們調用RSACryptoServiceProvider 類的ExportParameters() 方法來產生公鑰和私鑰.並且我們分別把公鑰和私鑰存儲在變量m_public 和 m_private
- Finally we call CreateSignature() method of RSAPKCS1SignatureFormatter class which returns the signature. The same is returned as the return value of the function. ]
最後,我們調用RSAPKCS1SignatureFormatter類的CreateSignature() 方法返回我們要的數字簽名.
- The VerifySignature() method accepts two parameters - original hash value and signed hash value. It compares the hashes and return true if they match.
VerifySignature() 方法接收兩個變量:一個是原始的哈希值,一個是已簽名的哈希值.這個方法將對比兩個哈希值,如果匹配就返回True,否則返回False.
- Inside this function we create an instance of RSACryptoServiceProvider class.
在這個方法內我們創建了RSACryptoServiceProvider類的實例.
- We need to supply key information during signature verification and hence we create an instance of RSAParameters structure.
在簽名驗證時我們需要提拱密鑰信息,所以我們創建了RSAParameters 結構類型的一個實例.
- The Modulus and Exponent properties of this structure are set to the equivalent properties of previously obtained public key (m_public).
這個結構類型的 Modulus 和 Exponent屬性是用來設置和獲得公鑰的.
- We then call ImportParameters() method of RSACryptoServiceProvider to import the key information into the instance.
然後,我們調用RSACryptoServiceProvider類的方法ImportParameters(),並且導入密鑰信息到這個實例中.
- Then we create an instance of RSAPKCS1SignatureDeformatter class. This class is used to verify RSA PKCS #1 version 1.5 signatures.
然後,我們創建一個RSAPKCS1SignatureDeformatter 類的實例.這個類用來驗證RSA PKCS #1 version 1.5的簽名.
- Again, we set the hashing algorithm to MD5 using SetHashAlgorithm() method of RSAPKCS1SignatureDeformatter class.
再次用RSAPKCS1SignatureDeformatter類的SetHashAlgorithm()方法設置哈希算法成"MD5"的.
- Finally we call VerifySignature() method of RSAPKCS1SignatureDeformatter class and pass original hash value and signed hash value to it. This method returns true if the signature is verified successfully else it returns false. The same return value is returned as to the caller.
最後,我們調用RSAPKCS1SignatureDeformatter類的VerifySignature() 方法,並且傳遞原始的哈希值和簽名後的哈希值.這個方法在驗證成功後將返回True,否則返回False.同時他也會把這個結果返回給調用者.
