最近因为项目需要通过RSA加密来保证客户端与服务端的通信安全。但是C#自带的RSA算法类RSACryptoServiceProvider只支持公钥加密私钥解密,即数字证书的使用。
所以参考了一些网上的资料写了一个RSA的算法实现。算法实现是基于网上提供的一个大整数类。
一、密钥管理
取得密钥主要是通过2种方式
一种是通过RSACryptoServiceProvider取得:
///
/// RSA算法对象,此处主要用于获取密钥对
///
private RSACryptoServiceProvider RSA;
///
/// 取得密钥
///
/// true:包含私钥 false:不包含私钥
///
public string ToXmlString(bool includPrivateKey)
{
if (includPrivateKey)
{
return RSA.ToXmlString(true);
}
else
{
return RSA.ToXmlString(false);
}
}
///
/// 通过密钥初始化RSA对象
///
/// XML格式的密钥信息
public void FromXmlString(string xmlString)
{
RSA.FromXmlString(xmlString);
}
一种是通过BigInteger中的获取大素数的方法
///
/// 取得密钥对
///
/// 大整数
/// 公钥
/// 密钥
public void GetKey(out string n,out string e,out string d )
{
byte[] pseudoPrime1 = {
(byte)0x85, (byte)0x84, (byte)0x64, (byte)0xFD, (byte)0x70, (byte)0x6A,
(byte)0x9F, (byte)0xF0, (byte)0x94, (byte)0x0C, (byte)0x3E, (byte)0x2C,
(byte)0x74, (byte)0x34, (byte)0x05, (byte)0xC9, (byte)0x55, (byte)0xB3,
(byte)0x85, (byte)0x32, (byte)0x98, (byte)0x71, (byte)0xF9, (byte)0x41,
(byte)0x21, (byte)0x5F, (byte)0x02, (byte)0x9E, (byte)0xEA, (byte)0x56,
(byte)0x8D, (byte)0x8C, (byte)0x44, (byte)0xCC, (byte)0xEE, (byte)0xEE,
(byte)0x3D, (byte)0x2C, (byte)0x9D, (byte)0x2C, (byte)0x12, (byte)0x41,
(byte)0x1E, (byte)0xF1, (byte)0xC5, (byte)0x32, (byte)0xC3, (byte)0xAA,
(byte)0x31, (byte)0x4A, (byte)0x52, (byte)0xD8, (byte)0xE8, (byte)0xAF,
(byte)0x42, (byte)0xF4, (byte)0x72, (byte)0xA1, (byte)0x2A, (byte)0x0D,
(byte)0x97, (byte)0xB1, (byte)0x31, (byte)0xB3,
};
byte[] pseudoPrime2 = {
(byte)0x99, (byte)0x98, (byte)0xCA, (byte)0xB8, (byte)0x5E, (byte)0xD7,
(byte)0xE5, (byte)0xDC, (byte)0x28, (byte)0x5C, (byte)0x6F, (byte)0x0E,
(byte)0x15, (byte)0x09, (byte)0x59, (byte)0x6E, (byte)0x84, (byte)0xF3,
(byte)0x81, (byte)0xCD, (byte)0xDE, (byte)0x42, (byte)0xDC, (byte)0x93,
(byte)0xC2, (byte)0x7A, (byte)0x62, (byte)0xAC, (byte)0x6C, (byte)0xAF,
(byte)0xDE, (byte)0x74, (byte)0xE3, (byte)0xCB, (byte)0x60, (byte)0x20,
(byte)0x38, (byte)0x9C, (byte)0x21, (byte)0xC3, (byte)0xDC, (byte)0xC8,
(byte)0xA2, (byte)0x4D, (byte)0xC6, (byte)0x2A, (byte)0x35, (byte)0x7F,
(byte)0xF3, (byte)0xA9, (byte)0xE8, (byte)0x1D, (byte)0x7B, (byte)0x2C,
(byte)0x78, (byte)0xFA, (byte)0xB8, (byte)0x02, (byte)0x55, (byte)0x80,
(byte)0x9B, (byte)0xC2, (byte)0xA5, (byte)0xCB,
};
BigInteger bi_p = new BigInteger(pseudoPrime1);
BigInteger bi_q = new BigInteger(pseudoPrime2);
BigInteger bi_pq = (bi_p - 1) * (bi_q - 1);
BigInteger bi_n = bi_p * bi_q;
Random rand = new Random();
BigInteger bi_e = bi_pq.genCoPrime(512, rand);
BigInteger bi_d = bi_e.modInverse(bi_pq);
n = bi_n.ToHexString();
e = bi_e.ToHexString();
d = bi_d.ToHexString();
}
二、加密处理(分别对应两种密钥取得方式)
公钥加密
///
/// 通过公钥加密
///
/// 待加密字符串
///
public byte[] EncryptByPublicKey(string dataStr)
{
//取得公钥参数
RSAParameters rsaparameters = RSA.ExportParameters(false);
byte[] keyN = rsaparameters.Modulus;
byte[] keyE = rsaparameters.Exponent;
//大整数N
BigInteger biN = new BigInteger(keyN);
//公钥大素数
BigInteger biE = new BigInteger(keyE);
//加密
return EncryptString(dataStr, biE, biN);
}
///
/// 通过公钥加密
///
/// 待加密字符串
/// 大整数n
/// 公钥
///
public byte[] EncryptByPublicKey(string dataStr,string n,string e)
{
//大整数N
BigInteger biN = new BigInteger(n,16);
//公钥大素数
BigInteger biE = new BigInteger(e,16);
//加密
return EncryptString(dataStr, biE, biN);
}
私钥解密
///
/// 通过私钥解密
///
/// 待解密字符数组
///
public string DecryptByPrivateKey(byte[] dataBytes)
{
//取得私钥参数
RSAParameters rsaparameters = RSA.ExportParameters(true);
byte[] keyN = rsaparameters.Modulus;
byte[] keyD = rsaparameters.D;
//大整数N
BigInteger biN = new BigInteger(keyN);
//私钥大素数
BigInteger biD = new BigInteger(keyD);
//解密
return DecryptBytes(dataBytes, biD, biN);
}
///
/// 通过私钥解密
///
/// 待解密字符数组
/// 大整数n
/// 私钥
///
public string DecryptByPrivateKey(byte[] dataBytes,string n,string d)
{
//大整数N
BigInteger biN = new BigInteger(n,16);
//私钥大素数
BigInteger biD = new BigInteger(d,16);
//解密
return DecryptBytes(dataBytes, biD, biN);
}
私钥加密
///
/// 通过私钥加密
///
/// 待加密字符串
///
public byte[] EncryptByPrivateKey(string dataStr)
{
//取得私钥参数
RSAParameters rsaparameters = RSA.ExportParameters(true);
byte[] keyN = rsaparameters.Modulus;
byte[] keyD = rsaparameters.D;
//大整数N
BigInteger biN = new BigInteger(keyN);
//私钥大素数
BigInteger biD = new BigInteger(keyD);
//加密
return EncryptString(dataStr, biD, biN);
}
///
/// 通过私钥加密
///
/// 待加密字符串
/// 大整数n
/// 私钥
///
public byte[] EncryptByPrivateKey(string dataStr,string n,string d)
{
//大整数N
BigInteger biN = new BigInteger(n, 16);
//私钥大素数
BigInteger biD = new BigInteger(d, 16);
//加密
return EncryptString(dataStr, biD, biN);
}
公钥解密
///
/// 通过公钥解密
///
/// 待解密字符数组
///
public string DecryptByPublicKey(byte[] dataBytes)
{
//取得公钥参数
RSAParameters rsaparameters = RSA.ExportParameters(false);
byte[] keyN = rsaparameters.Modulus;
byte[] keyE = rsaparameters.Exponent;
//大整数N
BigInteger biN = new BigInteger(keyN);
//公钥大素数
BigInteger biE = new BigInteger(keyE);
//解密
return DecryptBytes(dataBytes, biE, biN);
}
///
/// 通过公钥解密
///
/// 待加密字符串
/// 大整数n
/// 公钥
///
public string DecryptByPublicKey(byte[] dataBytes,string n,string e)
{
//大整数N
BigInteger biN = new BigInteger(n,16);
//公钥大素数
BigInteger biE = new BigInteger(e,16);
//解密
return DecryptBytes(dataBytes, biE, biN);
}
三、算法实现
加密
///
/// 加密字符串
///
/// 待加密字符串
/// 密钥大素数
/// 大整数N
///
private byte[] EncryptString(string dataStr, BigInteger keyNum, BigInteger nNum)
{
byte[] bytes = System.Text.Encoding.UTF8.GetBytes(dataStr);
int len = bytes.Length;
int len1 = 0;
int blockLen = 0;
if ((len % 120) == 0)
len1 = len / 120;
else
len1 = len / 120 + 1;
List
for (int i = 0; i < len1; i++)
{
if (len >= 120)
{
blockLen = 120;
}
else
{
blockLen = len;
}
byte[] oText = new byte[blockLen];
Array.Copy(bytes, i * 120, oText, 0, blockLen);
string res = Encoding.UTF8.GetString(oText);
BigInteger biText = new BigInteger(oText);
BigInteger biEnText = biText.modPow(keyNum, nNum);
//补位
byte[] testbyte = null;
string resultStr = biEnText.ToHexString();
if (resultStr.Length < 256)
{
while (resultStr.Length != 256)
{
resultStr = "0" + resultStr;
}
}
byte[] returnBytes = new byte[128];
for (int j = 0; j < returnBytes.Length; j++)
returnBytes[j] = Convert.ToByte(resultStr.Substring(j * 2, 2), 16);
tempbytes.AddRange(returnBytes);
len -= blockLen;
}
return tempbytes.ToArray();
}
注:分块大小最大理论值是128位。但是考虑到实际使用中可能会有位溢出的情况,所以此处使用120
将biginteger对象转为byte数组时,原本采用的是BigIneger类提供的GetBytes()方法,但是实际使用中发现,此方法取得的byte数组有一定的几率会出现偏差。所以改成使用ToHexString()方法取得16进制字符串再转成byte数组。
为了解密时byte数组块长度固定,补位操作必须执行。
解密
///
/// 解密字符数组
///
/// 待解密字符数组
/// 密钥大素数
/// 大整数N
///
private string DecryptBytes(byte[] dataBytes, BigInteger KeyNum, BigInteger nNum)
{
int len = dataBytes.Length;
int len1 = 0;
int blockLen = 0;
if (len % 128 == 0)
{
len1 = len / 128;
}
else
{
len1 = len / 128 + 1;
}
List
for (int i = 0; i < len1; i++)
{
if (len >= 128)
{
blockLen = 128;
}
else
{
blockLen = len;
}
byte[] oText = new byte[blockLen];
Array.Copy(dataBytes, i * 128, oText, 0, blockLen);
BigInteger biText = new BigInteger(oText);
BigInteger biEnText = biText.modPow(KeyNum, nNum);
byte[] testbyte= biEnText.getBytes();
string str = Encoding.UTF8.GetString(testbyte);
tempbytes.AddRange(testbyte);
len -= blockLen;
}
return System.Text.Encoding.UTF8.GetString(tempbytes.ToArray());
}
基本算法就是这样,经过10000次测试,没有误差出现。下面是算法实现的类和在网上找到的大整数类。