C#下ECDsa签名、验签

最新推荐文章于 2024-04-27 20:58:07 发布
最新推荐文章于 2024-04-27 20:58:07 发布
阅读量5.4k 收藏 6
点赞数 1
分类专栏: C# 加密解密 文章标签: ECDsa 签名
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/starfd/article/details/96865574
版权

因为业务需要,与第三方对接时,第三方签名方法居然采用的ECDsa,而不是更常见的RSAMD5之类,真是不走寻常路,当然我是不会承认是我见识太少的!!!

麻利的让对方提供了签名算法代码,奈何对方是java,提供的也是java版本代码,具体代码如下:

/**
 * Project Name:trustsql_sdk
 * File Name:ECDSAAlgoUtil.java
 * Package Name:com.tencent.trustsql.sdk.algo
 * Date:Jul 26, 20175:17:04 PM
 * Copyright (c) 2017, Tencent All Rights Reserved.
 *
 */

package com.tencent.trustsql.sdk.algorithm;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.MessageDigest;
import java.security.SecureRandom;

import org.apache.commons.codec.binary.Base64;
import org.apache.commons.codec.binary.Hex;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.DERSequenceGenerator;
import org.bouncycastle.asn1.x9.X9ECParameters;
import org.bouncycastle.crypto.digests.SHA256Digest;
import org.bouncycastle.crypto.ec.CustomNamedCurves;
import org.bouncycastle.crypto.params.ECDomainParameters;
import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
import org.bouncycastle.crypto.signers.ECDSASigner;
import org.bouncycastle.crypto.signers.HMacDSAKCalculator;
import org.bouncycastle.jce.ECNamedCurveTable;
import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec;
import org.bouncycastle.math.ec.ECPoint;
import org.spongycastle.asn1.ASN1InputStream;
import org.spongycastle.asn1.ASN1Integer;
import org.spongycastle.asn1.DERSequenceGenerator;
import org.spongycastle.asn1.DLSequence;
import org.spongycastle.asn1.x9.X9ECParameters;
import org.spongycastle.crypto.digests.SHA256Digest;
import org.spongycastle.crypto.ec.CustomNamedCurves;
import org.spongycastle.crypto.params.ECDomainParameters;
import org.spongycastle.crypto.params.ECPrivateKeyParameters;
import org.spongycastle.crypto.params.ECPublicKeyParameters;
import org.spongycastle.crypto.signers.ECDSASigner;
import org.spongycastle.crypto.signers.HMacDSAKCalculator;
import org.spongycastle.math.ec.FixedPointUtil;

import com.google.common.base.Objects;
import com.tencent.trustsql.sdk.Constants;

/**
 * 
 * @author sagazhang
 *
 */
public class ECDSAAlgorithm {
	
	
	public static final ECDomainParameters CURVE;
	public static final BigInteger HALF_CURVE_ORDER;
	static {
		X9ECParameters CURVE_PARAMS = CustomNamedCurves.getByName("secp256k1");
		// Tell Bouncy Castle to precompute data that's needed during secp256k1
		// calculations. Increasing the width
		// number makes calculations faster, but at a cost of extra memory usage
		// and with decreasing returns. 12 was
		// picked after consulting with the BC team.
		FixedPointUtil.precompute(CURVE_PARAMS.getG(), 12);
		CURVE = new ECDomainParameters(CURVE_PARAMS.getCurve(), CURVE_PARAMS.getG(), CURVE_PARAMS.getN(),
				CURVE_PARAMS.getH());
		HALF_CURVE_ORDER = CURVE_PARAMS.getN().shiftRight(1);
	}

	public static String generatePrivateKey() throws Exception {
		SecureRandom secureRandom;
		try {
			secureRandom = SecureRandom.getInstance(Constants.RANDOM_NUMBER_ALGORITHM,
					Constants.RANDOM_NUMBER_ALGORITHM_PROVIDER);
		} catch (Exception e) {
			secureRandom = new SecureRandom();
		}
		// Generate the key, skipping as many as desired.
		byte[] privateKeyAttempt = new byte[32];
		secureRandom.nextBytes(privateKeyAttempt);
		BigInteger privateKeyCheck = new BigInteger(1, privateKeyAttempt);
		while (privateKeyCheck.compareTo(BigInteger.ZERO) == 0 || privateKeyCheck.compareTo(Constants.MAXPRIVATEKEY) == 1) {
			secureRandom.nextBytes(privateKeyAttempt);
			privateKeyCheck = new BigInteger(1, privateKeyAttempt);
		}
	//	System.out.println(Hex.encodeHexString(privateKeyAttempt));
		String result = Base64.encodeBase64String(privateKeyAttempt);
		result = result.replaceAll("[\\s*\t\n\r]", "");
		return result;
	}
	
	public static String generatePublicKey(String priateKeyBase64String, boolean encode) throws Exception {
		try {
			byte[] privateKeyBytes = Base64.decodeBase64(priateKeyBase64String);
			ECNamedCurveParameterSpec spec = ECNamedCurveTable.getParameterSpec("secp256k1");
			ECPoint pointQ = spec.getG().multiply(new BigInteger(1, privateKeyBytes));
			String result = Base64.encodeBase64String(pointQ.getEncoded(encode));
			result = result.replaceAll("[\\s*\t\n\r]", "");
			return result;
		} catch (Exception e) {
			throw new RuntimeException(e);
		}
	}
	
	public static String generatePublicKey(String priateKeyBase64String) throws Exception {
		return generatePublicKey(priateKeyBase64String, false);
	}
	
	public static String decodePublicKey(String encodePubKeyBase64String) throws Exception {
		try {
			byte[] encodePubkeyBytes = Base64.decodeBase64(encodePubKeyBase64String);
			ECNamedCurveParameterSpec spec = ECNamedCurveTable.getParameterSpec("secp256k1");
			ECPoint pointQ = spec.getG().getCurve().decodePoint(encodePubkeyBytes);
			String result = Base64.encodeBase64String(pointQ.getEncoded(false));
			result = result.replaceAll("[\\s*\t\n\r]", "");
			return result;
		} catch(Exception e) {
			throw new RuntimeException(e);
		}
	}
	
	public static String getAddress(byte[] keyBytes, int...version) throws Exception {
		byte[] hashSha256 = BaseAlgorithm.encode("SHA-256", keyBytes);
		MessageDigest messageDigest = MessageDigest.getInstance("RipeMD160");
		messageDigest.update(hashSha256);
		byte[] hashRipeMD160 = messageDigest.digest();
		byte[] versionHashBytes = new byte[1 + hashRipeMD160.length];
		if(version == null || version.length == 0) {
			versionHashBytes[0] = 0;
		} else {
			versionHashBytes[0] = (byte) version[0];
		}
		System.arraycopy(hashRipeMD160, 0, versionHashBytes, 1, hashRipeMD160.length);
		byte[] checkSumBytes = BaseAlgorithm.encodeTwice("SHA-256", versionHashBytes);
		byte[] rawAddr = new byte[versionHashBytes.length + 4];
		System.arraycopy(versionHashBytes, 0, rawAddr, 0, versionHashBytes.length);
		System.arraycopy(checkSumBytes, 0, rawAddr, versionHashBytes.length, 4);
//		byte[] hashRipeMD160 = messageDigest.digest();
//		byte[] hashDoubleSha256 = BaseAlgorithm.encodeTwice("SHA-256", hashRipeMD160);
//		byte[] rawAddr = new byte[1 + hashRipeMD160.length + 4];
// 		rawAddr[0] = 0;
//		System.arraycopy(hashRipeMD160, 0, rawAddr, 1, hashRipeMD160.length);
//		System.arraycopy(hashDoubleSha256, 0, rawAddr, hashRipeMD160.length + 1, 4);
		return Base58Algorithm.encode(rawAddr);
	}
	
	public static String sign(String privateKey, byte[] data, boolean isHash256) throws Exception {
		byte[] hash256 = data;
		if(!isHash256) { //未hash256 encode的字节数组
			hash256 = BaseAlgorithm.encode("SHA-256", data);
		}
		ECDSASigner signer = new ECDSASigner(new HMacDSAKCalculator(new SHA256Digest()));
		//ECDSASigner signer = new ECDSASigner();
		BigInteger pri = new BigInteger(1, Base64.decodeBase64(privateKey));
		ECPrivateKeyParameters privKey = new ECPrivateKeyParameters(pri, CURVE);
		signer.init(true, privKey);
		BigInteger[] components = signer.generateSignature(hash256);
		byte[] content = new ECDSASignature(components[0], components[1]).toCanonicalised().encodeToDER();
		String result = Base64.encodeBase64String(content);
		result = result.replaceAll("[\\s*\t\n\r]", "");
		return result;
	}
	
	public static String sign(String privateKey, byte[] data) throws Exception {
		byte[] hash256 = data;
		ECDSASigner signer = new ECDSASigner(new HMacDSAKCalculator(new SHA256Digest()));
		BigInteger pri = new BigInteger(1, Base64.decodeBase64(privateKey));
		ECPrivateKeyParameters privKey = new ECPrivateKeyParameters(pri, CURVE);
		signer.init(true, privKey);
		BigInteger[] components = signer.generateSignature(hash256);
		byte[] content = new ECDSASignature(components[0], components[1]).toCanonicalised().encodeToDER();
		String result = Base64.encodeBase64String(content);
		result = result.replaceAll("[\\s*\t\n\r]", "");
		return result;
	}
	
	public static boolean verify(String srcStr,String sign, String pubKey) throws Exception {
		byte[] hash256 = BaseAlgorithm.encode("SHA-256", srcStr.getBytes("UTF-8"));
		ECDSASignature eCDSASignature = ECDSASignature.decodeFromDER(Base64.decodeBase64(sign));
		ECDSASigner signer = new ECDSASigner();
		org.spongycastle.math.ec.ECPoint pub = CURVE.getCurve().decodePoint(Base64.decodeBase64(pubKey));
		ECPublicKeyParameters params = new ECPublicKeyParameters(CURVE.getCurve().decodePoint(pub.getEncoded()), CURVE);
		signer.init(false, params);
	    return signer.verifySignature(hash256, eCDSASignature.r, eCDSASignature.s);
	}
	
	public static boolean verify(String srcStr,boolean isHash256, String sign, String pubKey) throws Exception {
		byte[] hash256 = srcStr.getBytes("UTF-8");
		if(!isHash256) {
			hash256 = BaseAlgorithm.encode("SHA-256", srcStr.getBytes("UTF-8"));
		}
		ECDSASignature eCDSASignature = ECDSASignature.decodeFromDER(Base64.decodeBase64(sign));
		ECDSASigner signer = new ECDSASigner();
		org.spongycastle.math.ec.ECPoint pub = CURVE.getCurve().decodePoint(Base64.decodeBase64(pubKey));
		ECPublicKeyParameters params = new ECPublicKeyParameters(CURVE.getCurve().decodePoint(pub.getEncoded()), CURVE);
		signer.init(false, params);
	    return signer.verifySignature(hash256, eCDSASignature.r, eCDSASignature.s);
	}
	
	public static boolean verify(byte[] bytes, boolean isHash256, String sign, String pubKey) throws Exception {
		byte[] hash256 = bytes;
		if(!isHash256) {
			hash256 = BaseAlgorithm.encode("SHA-256", bytes);
		}
		ECDSASignature eCDSASignature = ECDSASignature.decodeFromDER(Base64.decodeBase64(sign));
		ECDSASigner signer = new ECDSASigner();
		org.spongycastle.math.ec.ECPoint pub = CURVE.getCurve().decodePoint(Base64.decodeBase64(pubKey));
		ECPublicKeyParameters params = new ECPublicKeyParameters(CURVE.getCurve().decodePoint(pub.getEncoded()), CURVE);
		signer.init(false, params);
	    return signer.verifySignature(hash256, eCDSASignature.r, eCDSASignature.s);
	}
	
	public static boolean VerifyRenSign(String pubKey, byte[] bytes, String sign) {
		byte[] hash256 = bytes;
		//byte[] hash256 = BaseAlgorithm.encode("SHA-256", bytes);
		ECDSASignature eCDSASignature = ECDSASignature.decodeFromDER(Base64.decodeBase64(sign));
		ECDSASigner signer = new ECDSASigner();
		org.spongycastle.math.ec.ECPoint pub = CURVE.getCurve().decodePoint(Base64.decodeBase64(pubKey));
		ECPublicKeyParameters params = new ECPublicKeyParameters(CURVE.getCurve().decodePoint(pub.getEncoded()), CURVE);
		signer.init(false, params);
	    return signer.verifySignature(hash256, eCDSASignature.r, eCDSASignature.s);
	}
	
	public static class ECDSASignature {
		/** The two components of the signature. */
		public final BigInteger r, s;

		/**
		 * Constructs a signature with the given components. Does NOT
		 * automatically canonicalise the signature.
		 */
		public ECDSASignature(BigInteger r, BigInteger s) {
			this.r = r;
			this.s = s;
		}

		/**
		 * Returns true if the S component is "low", that means it is below
		 * {@link ECKey#HALF_CURVE_ORDER}. See <a href=
		 * "https://github.com/bitcoin/bips/blob/master/bip-0062.mediawiki#Low_S_values_in_signatures">
		 * BIP62</a>.
		 */
		public boolean isCanonical() {
			return s.compareTo(HALF_CURVE_ORDER) <= 0;
		}

		/**
		 * Will automatically adjust the S component to be less than or equal to
		 * half the curve order, if necessary. This is required because for
		 * every signature (r,s) the signature (r, -s (mod N)) is a valid
		 * signature of the same message. However, we dislike the ability to
		 * modify the bits of a Bitcoin transaction after it's been signed, as
		 * that violates various assumed invariants. Thus in future only one of
		 * those forms will be considered legal and the other will be banned.
		 */
		public ECDSASignature toCanonicalised() {
			if (!isCanonical()) {
				// The order of the curve is the number of valid points that
				// exist on that curve. If S is in the upper
				// half of the number of valid points, then bring it back to the
				// lower half. Otherwise, imagine that
				// N = 10
				// s = 8, so (-8 % 10 == 2) thus both (r, 8) and (r, 2) are
				// valid solutions.
				// 10 - 8 == 2, giving us always the latter solution, which is
				// canonical.
				return new ECDSASignature(r, CURVE.getN().subtract(s));
			} else {
				return this;
			}
		}

		/**
		 * DER is an international standard for serializing data structures
		 * which is widely used in cryptography. It's somewhat like protocol
		 * buffers but less convenient. This method returns a standard DER
		 * encoding of the signature, as recognized by OpenSSL and other
		 * libraries.
		 */
		public byte[] encodeToDER() {
			try {
				return derByteStream().toByteArray();
			} catch (IOException e) {
				throw new RuntimeException(e); // Cannot happen.
			}
		}

		public static ECDSASignature decodeFromDER(byte[] bytes) {
			ASN1InputStream decoder = null;
			try {
				decoder = new ASN1InputStream(bytes);
				DLSequence seq = (DLSequence) decoder.readObject();
				if (seq == null)
					throw new RuntimeException("Reached past end of ASN.1 stream.");
				ASN1Integer r, s;
				try {
					r = (ASN1Integer) seq.getObjectAt(0);
					s = (ASN1Integer) seq.getObjectAt(1);
				} catch (ClassCastException e) {
					throw new IllegalArgumentException(e);
				}
				// OpenSSL deviates from the DER spec by interpreting these
				// values as unsigned, though they should not be
				// Thus, we always use the positive versions. See:
				// http://r6.ca/blog/20111119T211504Z.html
				return new ECDSASignature(r.getPositiveValue(), s.getPositiveValue());
			} catch (IOException e) {
				throw new RuntimeException(e);
			} finally {
				if (decoder != null)
					try {
						decoder.close();
					} catch (IOException x) {
					}
			}
		}

		protected ByteArrayOutputStream derByteStream() throws IOException {
			// Usually 70-72 bytes.
			ByteArrayOutputStream bos = new ByteArrayOutputStream(72);
			DERSequenceGenerator seq = new DERSequenceGenerator(bos);
			seq.addObject(new ASN1Integer(r));
			seq.addObject(new ASN1Integer(s));
			seq.close();
			return bos;
		}

		@Override
		public boolean equals(Object o) {
			if (this == o)
				return true;
			if (o == null || getClass() != o.getClass())
				return false;
			ECDSASignature other = (ECDSASignature) o;
			return r.equals(other.r) && s.equals(other.s);
		}

		@Override
		public int hashCode() {
			return Objects.hashCode(r, s);
		}
	}
}

好家伙,用的还是Tencent的sdk,而且一如RSA一样,对方提供的公钥私钥果然还是base64格式,根本无法应用于C#下的ECDsaCng,好在之前已经做过了大量BouncyCastle相关的代码,虽然略有波折,但还是成功的将java代码改造成了C#代码,而过程中发现java下的ASN1Integer,实际与C#下的DerInteger对应,这样如果后续还有其它基于BouncyCastle的跨语言对接,应该也可以减少一些对接中的阻碍

    using Org.BouncyCastle.Asn1;
    using Org.BouncyCastle.Crypto.Digests;
    using Org.BouncyCastle.Crypto.EC;
    using Org.BouncyCastle.Crypto.Parameters;
    using Org.BouncyCastle.Crypto.Signers;
    using Org.BouncyCastle.Math;
    using System.IO;

    /// <summary>
    /// ECDsa签名验证算法
    /// </summary>
    public static class ECDsaHelper
    {
        private static readonly ECDomainParameters Curve;
        private static readonly BigInteger HalfCurveOrder;
        static ECDsaHelper()
        {
            var curveParams = CustomNamedCurves.GetByName("secp256k1");
            Curve = new ECDomainParameters(curveParams.Curve, curveParams.G, curveParams.N, curveParams.H);
            HalfCurveOrder = curveParams.N.ShiftRight(1);
        }
        /// <summary>
        /// 签名
        /// </summary>
        /// <param name="privateKey">ECDsa私钥</param>
        /// <param name="content">待签名的内容</param>
        /// <returns></returns>
        public static byte[] SignData(byte[] privateKey, byte[] content)
        {
            //为了保证签名结果与java一致,此处参数同样传递了IDsaKCalculator,但测试发现如果不传虽然签名结果不一致,但验签是可以通过的
            var signer = new ECDsaSigner(new HMacDsaKCalculator(new Sha256Digest()));
            var priKey = new ECPrivateKeyParameters(new BigInteger(1, privateKey), Curve);
            signer.Init(true, priKey);
            var components = signer.GenerateSignature(content);
            using (var stream = new MemoryStream())
            {
                var seq = new DerSequenceGenerator(stream);
                seq.AddObject(new DerInteger(components[0]));
                var s = components[1];
                if (s.CompareTo(HalfCurveOrder) > 0)
                {
                    s = Curve.N.Subtract(components[1]);
                }
                seq.AddObject(new DerInteger(s));
                seq.Close();
                var signature = stream.ToArray();
                return signature;
            }
        }
        /// <summary>
        /// 验签
        /// </summary>
        /// <param name="publicKey">ECDsa公钥</param>
        /// <param name="content">待验签的内容</param>
        /// <param name="signature">待比较的签名结果</param>
        /// <returns></returns>
        public static bool VerifyData(byte[] publicKey, byte[] content, byte[] signature)
        {
            using (var input = new Asn1InputStream(signature))
            {
                var seq = (DerSequence)input.ReadObject();
                if (seq != null)
                {
                    var signer = new ECDsaSigner();
                    var point = Curve.Curve.DecodePoint(publicKey);
                    var pubKey = new ECPublicKeyParameters(Curve.Curve.DecodePoint(point.GetEncoded()), Curve);
                    signer.Init(false, pubKey);
                    return signer.VerifySignature(content, ((DerInteger)seq[0]).Value, ((DerInteger)seq[1]).Value);
                }
            }
            return false;
        }
    }

就两个方法,也就不提供测试代码了,反正签名的逻辑是没看懂,只是依样画葫芦的抄了java的逻辑。

娃都会打酱油了
关注
  • 1
    点赞
  • 6
    收藏
    觉得还不错? 一键收藏
  • 5
    评论
专栏目录
用Bouncy Castle的C#版API产生公钥和私钥
拂去尘埃,打落地上
08-05 1万+
开源API链接地址:The Legion of the Bouncy Castle     Bouncy Castle,简称为BC,原本是java的一个开源JCE提供者,后来也提供了C#版本的API,我下载其编译好的DLL,在C#项目中直接引用,用其几个API,产生我指定位数的公钥和私钥(目前是1024位,但产生CA的密钥时,要2048位才能满足安全需求)。虽然开源很好很强大,但这个API就是文档很缺陷,C#的文档更是少得可怜,没办法,下载源代码慢慢看吧。。。     在接下来的几篇关于CA文章中,大体按下
java privatekey输出字符串,从本地Java中的私钥字符串派生EC公钥以获取曲线secp256k1...
weixin_42484477的博客
02-16 1604
I need to derive an EC Public Key from an EC private key string without the "help" of any third party library.The Private key is externally produced and provided and I need to get the Public Key to ge...
C#使用ECC椭圆曲线算法实现加密与解密&签名验签,有完整代码
flyinmind的专栏
06-14 2421
C#使用EC椭圆曲线算法实现加解密&签名验签,有完整代码。 实现了将公钥、私钥转为base64字符串,以及反向转换。 转换的公私钥可以与Java互通。
ECDSA签名算法
qq_41661056的博客
04-22 881
package main import ( "crypto/ecdsa" "crypto/elliptic" "crypto/rand" "crypto/sha256" "crypto/x509" "encoding/base64" "encoding/hex" "fmt" "math/big" "strings" ) // 生成公私钥 func GenKeyPair() (privateKey string, publicKey string, e error) { // Gen
【区块链】椭圆曲线数字签名算法(ECDSA
最新发布
qq_64585761的博客
04-27 2055
椭圆曲线数字签名算法的原理。
C# RSA加密、解密、加签、验签、支持JAVA格式公钥私钥、PEM格式公钥私钥、.NET格式公钥私钥 -变态模式【支持私钥加密,公钥解密】(二)
热门推荐
蜗牛水里爬
02-28 2万+
2019-02-26更新:已上传github RSA变态模式:【私钥加密,公钥解密】 一般这种写法都是JAVA弄的。.NET原生不支持。为啥,我也不清楚,大概是因为安全性问题吧,毕竟公钥是人人都可是持有的。私钥只有自己拥有。 对接注意事项:http://blog.csdn.net/gzy11/article/details/54573973 一般方法请看:http://blog.csdn....
Cryptography API: Next Generation(CNG)使用梳理——非对称加密算法应用(五)与OpenSSL数字签名认证的互通(ECDSA
耍宝王专栏
07-17 686
CNG中的数字签名算法主要包括RSA、DSA和ECDSA,其中RSA算法所得的签名值是可以直接与OpenSSL相互验证的,而DSA和ECDSA则不行,这是因为输出的格式不同OpenSSL采用DER,而ECDSA在OpenSSL3之前可以使用ECDSA_do_sign获得ECDSA_SIG格式,但penSSL3以后的版本因为隐藏了底部实现,所以其数字签名函数只能使用EVP_SignXXXXX、EVP_Digest和EVP_PKEY_sign这些函数了,其输出的签名格式为DER。
ECDSA快速验签算法
12-17
快速验签算法,Verification of ECDSA signatures is considerably slower than generation of ECDSA signatures. This paper describes a method that can be used to accelerate verification of ECDSA signatures...
基于OpenSSL库的ECDSA签名与验证,附代码和文档
01-25
**OpenSSL库与ECDSA签名验证** OpenSSL是一个开源项目,提供了一系列强大的加密和证书管理功能,广泛应用于网络通信安全领域。它包含了多种加密算法,其中包括椭圆曲线数字签名算法(ECDSA)。ECDSA是基于椭圆曲线...
基于OpenSSL库的ECDSA签名与验证1
08-03
1、生成密钥对 2 2、导出私钥 2 3、导出公钥 3 4、生成密钥源代码 3 1、导入私钥 8 2、数据签名 8 3、数据签名源代码 8 1、导入公钥 14
ECDSA签名【利用ECDSA签名算法实现密码加密】
03-29
ECDSA签名是美国联邦的标准,此加密算法利用签名保存公钥和私钥,代码很简单!
ECDSA-Test.rar_ECDSA_ECDSA签名算法
09-21
**ECDSA(椭圆曲线数字签名算法)**是一种基于椭圆曲线密码学(ECC)的数字签名协议,被广泛应用于网络安全和区块链技术中。它提供了数据完整性和发送者身份验证,确保信息在传输过程中不被篡改。与RSA等传统公钥...
算法2_非对称加密算法之ECDSA(椭圆曲线数字签名算法)
Blockchain210的博客
04-16 9599
ECDSA(椭圆曲线数字签名算法) AES(高级加密标准): =>对称加密 ​ 对业务数据进行加密,防止他人可以看见 ECDSA(椭圆曲线数字签名算法):=>非对称加密算法(公钥和私钥) ​ 验证数据的真实性,防止业务数据被篡改 SHA(安全哈希算法)=>哈希算法 1. 作用: 因为ECDSA椭圆曲线数字签名算法获得公钥和私钥对是一一对应的,不存在"不同私钥但是公钥相同的情况"所有伪造ECDSA签名是根本不可能的 2. 解释ECDSA ECDSA当中有两个词要注意:Curve(曲线
C#实现JAVA中SHA1withECDSA数字签名
fjj8707的专栏
01-11 342
请测有效,点个赞哦!!! using System; using Org.BouncyCastle.Security; using Org.BouncyCastle.Crypto.Engines; using Org.BouncyCastle.Crypto; using Org.BouncyCastle.Crypto.Encodings; using System.IO; namespace Test { public class RSATool { private ...
ECDSA签名+验签
andylau00j的专栏
08-14 1万+
    ECDSA签名每次结果不同。      原因:ECDSA签名过程中混入随机值,生成签名结果不同。     公钥证书验签没问题。   1. 签名过程     假设要签名的消息是一个字符串:“Hello World!”。DSA签名的第一个步骤是对待签名的消息生成一个消息摘要。不同的签名算法使用不同的消息摘要算法。比如,DSS使用SHA1来生成160比特的摘要,而ECDSA256使用S...
图解ECDSA签名验签基本原理
区块链之美
04-27 2354
本文首发公众号VenusBlockChain,关注公众号后可免费阅读!VenusBlockChain致力于区块链技术研究,传播区块链技术和解决方案、区块链应用落地、区块链行业动态等。 1 ECDSA算法 首先,需要设置参数(a,b,p,N,G)(a,b,p,N,G)(a,b,p,N,G)来初始化一椭圆曲线,椭圆曲线方程y2=(x3+ax+b)modpy^2=(x^3+ax+b)modpy2=(x...
密码学——ECDSA签名算法
qq_41546054的博客
10-10 5990
123
密码学系列 - 椭圆曲线 ECDSA - 签名验签
搬砖魁首的博客
01-06 4597
数字签名的生成 数字签名的验证 公钥恢复
C#实现RSA公钥加密私钥解密、私钥加密公钥解密以及Pcks12、X509证书加解密、签名验签
sky 胡萝卜星星
01-25 1万+
RSA的私钥签名公钥验签可以见http://blog.csdn.net/starfd/article/details/51917916,所以这里就没提供对应代码,具体代码如下: using Org.BouncyCastle.Asn1; using Org.BouncyCastle.Asn1.Pkcs; using Org.BouncyCastle.Asn1.X509; ...
ECDSA签名验签过程
05-21
ECDSA (Elliptic Curve Digital Signature Algorithm) 是一种基于椭圆曲线密码学的数字签名算法,其签名和验证过程如下: 1. 签名过程 假设消息为 m,私钥为 d,椭圆曲线为 E。 1. 选择一个随机数 k,满足 1 <= k <= n-1,其中 n 是椭圆曲线上的点的个数。 2. 计算点 P = k * G,其中 G 是椭圆曲线上的基点。 3. 计算 r = x(P) mod n,其中 x(P) 表示点 P 的横坐标。 4. 计算 s = (H(m) + d * r) * k^(-1) mod n,其中 H(m) 是消息 m 的哈希值,k^(-1) 表示 k 的逆元。 5. 签名结果为 (r, s)。 2. 验签过程 假设收到的消息为 m,签名为 (r, s),公钥为 Q,椭圆曲线为 E。 1. 计算 e = H(m),其中 H(m) 是消息 m 的哈希值。 2. 计算 w = s^(-1) mod n,其中 s^(-1) 表示 s 的逆元。 3. 计算 u1 = e * w mod n 和 u2 = r * w mod n。 4. 计算点 P = u1 * G + u2 * Q。 5. 如果 P = O,即点 P 是无穷远点,则验证失败。 6. 否则,计算 v = x(P) mod n,如果 v = r,则验证成功,否则验证失败。 以上就是 ECDSA签名和验证过程,其中涉及到了椭圆曲线的基本操作和数论知识。

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论 5
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值