验证完整性 Ceritifcate { RSACryptoServiceProvider - SHA1 - 指纹 }

发布于 2024-07-25 10:09:00 字数 985 浏览 9 评论 0原文

我有一个小问题。 我想验证证书的完整性。

所以我做了这段代码:

using System.Security.Cryptography;
using System.Runtime.InteropServices;
using System.Security.Cryptography.X509Certificates; 

SHA1Managed sha1 = new SHA1Managed();
RSACryptoServiceProvider csp = null;
AsymmetricAlgorithm rsaAlgo = certificatEnCours.PublicKey.Key;
byte[] data = null;
byte[] hash = null;

string keyPublic = "";
string signatureLikeInteger = "";

bool verif = false;

// ------------- PART 1 -------------

signatureLikeInteger = certificatEnCours.Thumbprint;

data = Convert.FromBase64String(signatureLikeInteger);

// ------------- PART 2 -------------

hash = sha1.ComputeHash(certificatEnCours.RawData);

keyPublic = rsaAlgo.ToXmlString(false);

csp = new RSACryptoServiceProvider();

csp.FromXmlString(keyPublic);

// ------------------------------

verif = csp.VerifyData(hash, CryptoConfig.MapNameToOID("SHA1"), data);

我的问题是我的变量“verif”上已经有值“false”。

I have a little problem. I want to verify the integrity of a certificate.

So I did this code:

using System.Security.Cryptography;
using System.Runtime.InteropServices;
using System.Security.Cryptography.X509Certificates; 

SHA1Managed sha1 = new SHA1Managed();
RSACryptoServiceProvider csp = null;
AsymmetricAlgorithm rsaAlgo = certificatEnCours.PublicKey.Key;
byte[] data = null;
byte[] hash = null;

string keyPublic = "";
string signatureLikeInteger = "";

bool verif = false;

// ------------- PART 1 -------------

signatureLikeInteger = certificatEnCours.Thumbprint;

data = Convert.FromBase64String(signatureLikeInteger);

// ------------- PART 2 -------------

hash = sha1.ComputeHash(certificatEnCours.RawData);

keyPublic = rsaAlgo.ToXmlString(false);

csp = new RSACryptoServiceProvider();

csp.FromXmlString(keyPublic);

// ------------------------------

verif = csp.VerifyData(hash, CryptoConfig.MapNameToOID("SHA1"), data);

My problem its that i already have the value "false" on my variable "verif".

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

那小子欠揍 2024-08-01 10:09:00

这里没有实际的问题。 你是对的,你无条件忽略了 verif 的初始值。 更重要的是,您是否考虑过使用X509Certificate2来做验证?:

X509Certificate2 x2 = new X509Certificate2(certificatEnCours);
bool verif = x2.Verify();

我认为这比重新发明轮子更明智。

编辑:如果您正在验证证书链,我相信您想要使用 X509Chain
特别是 ChainStatus 属性。

There is no actual question here. You are right that you are unconditionally ignoring the initial value of verif. More importantly, have you considered using X509Certificate2 to do verification?:

X509Certificate2 x2 = new X509Certificate2(certificatEnCours);
bool verif = x2.Verify();

I think this is wiser than re-inventing the wheel.

EDIT: If you are verifying a chain of certificates I believe you want to use X509Chain
and in particular the ChainStatus property.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文