个人中心
文章发布
退出
作者热门文章
- Java锁的逻辑(结合对象头和ObjectMonitor)
- 还在用饼状图?来瞧瞧这些炫酷的百分比可视化新图形(附代码实现)⛵
- 自动注册实体类到EntityFrameworkCore上下文,并适配ABP及ABPVNext
- 基于Sklearn机器学习代码实战
30
4
C#.NET 国密SM2 加密解密 与JAVA互通 ver:20230805 。
。
.NET 环境:.NET6 控制台程序(.net core).
JAVA 环境:JAVA8,带maven 的JAVA控制台程序.
。
简要解析: 1.最好要到对方源码(DEMO+JAR包也可以),可以用IDEA反编译(Ctrl+鼠标左键),看它过程逻辑和加密结果格式.
2.加密结果顺序:早期是 C1C2C3,后期是C1C3C2 ,双方得约定好.
3.加密结果:BASE64字符串或16进制字符串 ,双方得约定好.
4. .NET BC库SM2加密结果会带04,如果JAVA 那边报 Invalid point encoding 错误,删除加密结果前的04。如果对方要的是BASE64的加密结果,我们可以先转16进制字符串,裁掉04,再转BASE64。 string newCipherText = Hex.ToHexString(bysm2keyEncrypted); if (newCipherText.StartsWith("04")) { newCipherText = newCipherText.Substring(2); } 5. .NET BC库解密,密文前要加 “04”,否则会报 Invalid point encoding XX 。如果加密结果是BASE64的,先把BASE64转16进制字符串,再判断是否04开头。 如果JAVA源码,固定截取的头2位,那么就不用判断是否04开头了,直接写死:javaSM2 = "04" + javaSM2,
。
生成一组国密公私钥:
私钥:FAB8BBE670FAE338C9E9382B9FB6485225C11A3ECB84C938F10F20A93B6215F0 。
公钥:049EF573019D9A03B16B0BE44FC8A5B4E8E098F56034C97B312282DD0B4810AFC3CC759673ED0FC9B9DC7E6FA38F0E2B121E02654BF37EA6B63FAF2A0D6013EADF 。
本例是:C1C3C2.
//GmUtil.Sm2Encrypt 对应 C1C3C2 // GmUtil.Sm2EncryptOld :C1C2C3 。
。
.NET 代码:
GmUtil 工具类,需要nuget下载 Portable.BouncyCastle 1.9.0 版本:
using
Org.BouncyCastle.Asn1;
using
Org.BouncyCastle.Asn1.GM;
using
Org.BouncyCastle.Asn1.X9;
using
Org.BouncyCastle.Crypto;
using
Org.BouncyCastle.Crypto.Digests;
using
Org.BouncyCastle.Crypto.Engines;
using
Org.BouncyCastle.Crypto.Generators;
using
Org.BouncyCastle.Crypto.Parameters;
using
Org.BouncyCastle.Math;
using
Org.BouncyCastle.Security;
using
Org.BouncyCastle.Utilities;
using
Org.BouncyCastle.Utilities.Encoders;
using
Org.BouncyCastle.X509;
using
System;
using
System.Collections.Generic;
using
System.IO;
namespace
CommonUtils
{
/*
*
* need lib:
* BouncyCastle.Crypto.dll(
http://www.bouncycastle.org/csharp/index.html
)
* 用BC的注意点:
* 这个版本的BC对SM3withSM2的结果为asn1格式的r和s,如果需要直接拼接的r||s需要自己转换。下面rsAsn1ToPlainByteArray、rsPlainByteArrayToAsn1就在干这事。
* 这个版本的BC对SM2的结果为C1||C2||C3,据说为旧标准,新标准为C1||C3||C2,用新标准的需要自己转换。下面(被注释掉的)changeC1C2C3ToC1C3C2、changeC1C3C2ToC1C2C3就在干这事。java版的高版本有加上C1C3C2,csharp版没准以后也会加,但目前还没有,java版的目前可以初始化时“ SM2Engine sm2Engine = new SM2Engine(SM2Engine.Mode.C1C3C2);”。
*
* 按要求国密算法仅允许使用加密机,本demo国密算法仅供学习使用,请不要用于生产用途。
*/
public
class
GmUtil
{
//
private static readonly ILog log = LogManager.GetLogger(typeof(GmUtil));
private
static
X9ECParameters x9ECParameters = GMNamedCurves.GetByName(
"
sm2p256v1
"
);
private
static
ECDomainParameters ecDomainParameters =
new
ECDomainParameters(x9ECParameters.Curve, x9ECParameters.G, x9ECParameters.N);
/*
*
*
* @param msg
* @param userId
* @param privateKey
* @return r||s,直接拼接byte数组的rs
*/
public
static
byte
[] SignSm3WithSm2(
byte
[] msg,
byte
[] userId, AsymmetricKeyParameter privateKey)
{
return
RsAsn1ToPlainByteArray(SignSm3WithSm2Asn1Rs(msg, userId, privateKey));
}
/*
*
* @param msg
* @param userId
* @param privateKey
* @return rs in <b>asn1 format</b>
*/
public
static
byte
[] SignSm3WithSm2Asn1Rs(
byte
[] msg,
byte
[] userId, AsymmetricKeyParameter privateKey)
{
try
{
ISigner signer
= SignerUtilities.GetSigner(
"
SM3withSM2
"
);
signer.Init(
true
,
new
ParametersWithID(privateKey, userId));
signer.BlockUpdate(msg,
0
, msg.Length);
byte
[] sig =
signer.GenerateSignature();
return
sig;
}
catch
(Exception e)
{
//
log.Error("SignSm3WithSm2Asn1Rs error: " + e.Message, e);
return
null
;
}
}
/*
*
*
* @param msg
* @param userId
* @param rs r||s,直接拼接byte数组的rs
* @param publicKey
* @return
*/
public
static
bool
VerifySm3WithSm2(
byte
[] msg,
byte
[] userId,
byte
[] rs, AsymmetricKeyParameter publicKey)
{
if
(rs ==
null
|| msg ==
null
|| userId ==
null
)
return
false
;
if
(rs.Length != RS_LEN *
2
)
return
false
;
return
VerifySm3WithSm2Asn1Rs(msg, userId, RsPlainByteArrayToAsn1(rs), publicKey);
}
/*
*
*
* @param msg
* @param userId
* @param rs in <b>asn1 format</b>
* @param publicKey
* @return
*/
public
static
bool
VerifySm3WithSm2Asn1Rs(
byte
[] msg,
byte
[] userId,
byte
[] sign, AsymmetricKeyParameter publicKey)
{
try
{
ISigner signer
= SignerUtilities.GetSigner(
"
SM3withSM2
"
);
signer.Init(
false
,
new
ParametersWithID(publicKey, userId));
signer.BlockUpdate(msg,
0
, msg.Length);
return
signer.VerifySignature(sign);
}
catch
(Exception e)
{
//
log.Error("VerifySm3WithSm2Asn1Rs error: " + e.Message, e);
return
false
;
}
}
/*
*
* bc加解密使用旧标c1||c2||c3,此方法在加密后调用,将结果转化为c1||c3||c2
* @param c1c2c3
* @return
*/
private
static
byte
[] ChangeC1C2C3ToC1C3C2(
byte
[] c1c2c3)
{
int
c1Len = (x9ECParameters.Curve.FieldSize +
7
) /
8
*
2
+
1
;
//
sm2p256v1的这个固定65。可看GMNamedCurves、ECCurve代码。
const
int
c3Len =
32
;
//
new SM3Digest().getDigestSize();
byte
[] result =
new
byte
[c1c2c3.Length];
Buffer.BlockCopy(c1c2c3,
0
, result,
0
, c1Len);
//
c1
Buffer.BlockCopy(c1c2c3, c1c2c3.Length - c3Len, result, c1Len, c3Len);
//
c3
Buffer.BlockCopy(c1c2c3, c1Len, result, c1Len + c3Len, c1c2c3.Length - c1Len - c3Len);
//
c2
return
result;
}
/*
*
* bc加解密使用旧标c1||c3||c2,此方法在解密前调用,将密文转化为c1||c2||c3再去解密
* @param c1c3c2
* @return
*/
private
static
byte
[] ChangeC1C3C2ToC1C2C3(
byte
[] c1c3c2)
{
int
c1Len = (x9ECParameters.Curve.FieldSize +
7
) /
8
*
2
+
1
;
//
sm2p256v1的这个固定65。可看GMNamedCurves、ECCurve代码。
const
int
c3Len =
32
;
//
new SM3Digest().GetDigestSize();
byte
[] result =
new
byte
[c1c3c2.Length];
Buffer.BlockCopy(c1c3c2,
0
, result,
0
, c1Len);
//
c1: 0->65
Buffer.BlockCopy(c1c3c2, c1Len + c3Len, result, c1Len, c1c3c2.Length - c1Len - c3Len);
//
c2
Buffer.BlockCopy(c1c3c2, c1Len, result, c1c3c2.Length - c3Len, c3Len);
//
c3
return
result;
}
/*
*
* c1||c3||c2
* @param data
* @param key
* @return
*/
public
static
byte
[] Sm2Decrypt(
byte
[] data, AsymmetricKeyParameter key)
{
return
Sm2DecryptOld(ChangeC1C3C2ToC1C2C3(data), key);
}
/*
*
* c1||c3||c2
* @param data
* @param key
* @return
*/
public
static
byte
[] Sm2Encrypt(
byte
[] data, AsymmetricKeyParameter key)
{
return
ChangeC1C2C3ToC1C3C2(Sm2EncryptOld(data, key));
}
/*
*
* c1||c2||c3
* @param data
* @param key
* @return
*/
public
static
byte
[] Sm2EncryptOld(
byte
[] data, AsymmetricKeyParameter pubkey)
{
try
{
SM2Engine sm2Engine
=
new
SM2Engine();
sm2Engine.Init(
true
,
new
ParametersWithRandom(pubkey,
new
SecureRandom()));
return
sm2Engine.ProcessBlock(data,
0
, data.Length);
}
catch
(Exception e)
{
//
log.Error("Sm2EncryptOld error: " + e.Message, e);
return
null
;
}
}
/*
*
* c1||c2||c3
* @param data
* @param key
* @return
*/
public
static
byte
[] Sm2DecryptOld(
byte
[] data, AsymmetricKeyParameter key)
{
try
{
SM2Engine sm2Engine
=
new
SM2Engine();
sm2Engine.Init(
false
, key);
return
sm2Engine.ProcessBlock(data,
0
, data.Length);
}
catch
(Exception e)
{
//
log.Error("Sm2DecryptOld error: " + e.Message, e);
return
null
;
}
}
/*
*
* @param bytes
* @return
*/
public
static
byte
[] Sm3(
byte
[] bytes)
{
try
{
SM3Digest digest
=
new
SM3Digest();
digest.BlockUpdate(bytes,
0
, bytes.Length);
byte
[] result =
DigestUtilities.DoFinal(digest);
return
result;
}
catch
(Exception e)
{
//
log.Error("Sm3 error: " + e.Message, e);
return
null
;
}
}
private
const
int
RS_LEN =
32
;
private
static
byte
[] BigIntToFixexLengthBytes(BigInteger rOrS)
{
//
for sm2p256v1, n is 00fffffffeffffffffffffffffffffffff7203df6b21c6052b53bbf40939d54123,
//
r and s are the result of mod n, so they should be less than n and have length<=32
byte
[] rs =
rOrS.ToByteArray();
if
(rs.Length == RS_LEN)
return
rs;
else
if
(rs.Length == RS_LEN +
1
&& rs[
0
] ==
0
)
return
Arrays.CopyOfRange(rs,
1
, RS_LEN +
1
);
else
if
(rs.Length <
RS_LEN)
{
byte
[] result =
new
byte
[RS_LEN];
Arrays.Fill(result, (
byte
)
0
);
Buffer.BlockCopy(rs,
0
, result, RS_LEN -
rs.Length, rs.Length);
return
result;
}
else
{
throw
new
ArgumentException(
"
err rs:
"
+
Hex.ToHexString(rs));
}
}
/*
*
* BC的SM3withSM2签名得到的结果的rs是asn1格式的,这个方法转化成直接拼接r||s
* @param rsDer rs in asn1 format
* @return sign result in plain byte array
*/
private
static
byte
[] RsAsn1ToPlainByteArray(
byte
[] rsDer)
{
Asn1Sequence seq
=
Asn1Sequence.GetInstance(rsDer);
byte
[] r = BigIntToFixexLengthBytes(DerInteger.GetInstance(seq[
0
]).Value);
byte
[] s = BigIntToFixexLengthBytes(DerInteger.GetInstance(seq[
1
]).Value);
byte
[] result =
new
byte
[RS_LEN *
2
];
Buffer.BlockCopy(r,
0
, result,
0
, r.Length);
Buffer.BlockCopy(s,
0
, result, RS_LEN, s.Length);
return
result;
}
/*
*
* BC的SM3withSM2验签需要的rs是asn1格式的,这个方法将直接拼接r||s的字节数组转化成asn1格式
* @param sign in plain byte array
* @return rs result in asn1 format
*/
private
static
byte
[] RsPlainByteArrayToAsn1(
byte
[] sign)
{
if
(sign.Length != RS_LEN *
2
)
throw
new
ArgumentException(
"
err rs.
"
);
BigInteger r
=
new
BigInteger(
1
, Arrays.CopyOfRange(sign,
0
, RS_LEN));
BigInteger s
=
new
BigInteger(
1
, Arrays.CopyOfRange(sign, RS_LEN, RS_LEN *
2
));
Asn1EncodableVector v
=
new
Asn1EncodableVector();
v.Add(
new
DerInteger(r));
v.Add(
new
DerInteger(s));
try
{
return
new
DerSequence(v).GetEncoded(
"
DER
"
);
}
catch
(IOException e)
{
//
log.Error("RsPlainByteArrayToAsn1 error: " + e.Message, e);
return
null
;
}
}
public
static
AsymmetricCipherKeyPair GenerateKeyPair()
{
try
{
ECKeyPairGenerator kpGen
=
new
ECKeyPairGenerator();
kpGen.Init(
new
ECKeyGenerationParameters(ecDomainParameters,
new
SecureRandom()));
return
kpGen.GenerateKeyPair();
}
catch
(Exception e)
{
//
log.Error("generateKeyPair error: " + e.Message, e);
return
null
;
}
}
public
static
ECPrivateKeyParameters GetPrivatekeyFromD(BigInteger d)
{
return
new
ECPrivateKeyParameters(d, ecDomainParameters);
}
public
static
ECPublicKeyParameters GetPublickeyFromXY(BigInteger x, BigInteger y)
{
return
new
ECPublicKeyParameters(x9ECParameters.Curve.CreatePoint(x, y), ecDomainParameters);
}
public
static
AsymmetricKeyParameter GetPublickeyFromX509File(FileInfo file)
{
FileStream fileStream
=
null
;
try
{
//
file.DirectoryName + "\\" + file.Name
fileStream =
new
FileStream(file.FullName, FileMode.Open, FileAccess.Read);
X509Certificate certificate
=
new
X509CertificateParser().ReadCertificate(fileStream);
return
certificate.GetPublicKey();
}
catch
(Exception e)
{
//
log.Error(file.Name + "读取失败,异常:" + e);
}
finally
{
if
(fileStream !=
null
)
fileStream.Close();
}
return
null
;
}
public
class
Sm2Cert
{
public
AsymmetricKeyParameter privateKey;
public
AsymmetricKeyParameter publicKey;
public
String certId;
}
private
static
byte
[] ToByteArray(
int
i)
{
byte
[] byteArray =
new
byte
[
4
];
byteArray[
0
] = (
byte
)(i >>
24
);
byteArray[
1
] = (
byte
)((i &
0xFFFFFF
) >>
16
);
byteArray[
2
] = (
byte
)((i &
0xFFFF
) >>
8
);
byteArray[
3
] = (
byte
)(i &
0xFF
);
return
byteArray;
}
/*
*
* 字节数组拼接
*
* @param params
* @return
*/
private
static
byte
[] Join(
params
byte
[][] byteArrays)
{
List
<
byte
> byteSource =
new
List<
byte
>
();
for
(
int
i =
0
; i < byteArrays.Length; i++
)
{
byteSource.AddRange(byteArrays[i]);
}
byte
[] data =
byteSource.ToArray();
return
data;
}
/*
*
* 密钥派生函数
*
* @param Z
* @param klen
* 生成klen字节数长度的密钥
* @return
*/
private
static
byte
[] KDF(
byte
[] Z,
int
klen)
{
int
ct =
1
;
int
end = (
int
)Math.Ceiling(klen *
1.0
/
32
);
List
<
byte
> byteSource =
new
List<
byte
>
();
try
{
for
(
int
i =
1
; i < end; i++
)
{
byteSource.AddRange(GmUtil.Sm3(Join(Z, ToByteArray(ct))));
ct
++
;
}
byte
[] last =
GmUtil.Sm3(Join(Z, ToByteArray(ct)));
if
(klen %
32
==
0
)
{
byteSource.AddRange(last);
}
else
byteSource.AddRange(Arrays.CopyOfRange(last,
0
, klen %
32
));
return
byteSource.ToArray();
}
catch
(Exception e)
{
//
log.Error("KDF error: " + e.Message, e);
}
return
null
;
}
public
static
byte
[] Sm4DecryptCBC(
byte
[] keyBytes,
byte
[] cipher,
byte
[] iv, String algo)
{
if
(keyBytes.Length !=
16
)
throw
new
ArgumentException(
"
err key length
"
);
if
(cipher.Length %
16
!=
0
&& algo.Contains(
"
NoPadding
"
))
throw
new
ArgumentException(
"
err data length
"
);
try
{
KeyParameter key
= ParameterUtilities.CreateKeyParameter(
"
SM4
"
, keyBytes);
IBufferedCipher c
=
CipherUtilities.GetCipher(algo);
if
(iv ==
null
) iv =
ZeroIv(algo);
c.Init(
false
,
new
ParametersWithIV(key, iv));
return
c.DoFinal(cipher);
}
catch
(Exception e)
{
//
log.Error("Sm4DecryptCBC error: " + e.Message, e);
return
null
;
}
}
public
static
byte
[] Sm4EncryptCBC(
byte
[] keyBytes,
byte
[] plain,
byte
[] iv, String algo)
{
if
(keyBytes.Length !=
16
)
throw
new
ArgumentException(
"
err key length
"
);
if
(plain.Length %
16
!=
0
&& algo.Contains(
"
NoPadding
"
))
throw
new
ArgumentException(
"
err data length
"
);
try
{
KeyParameter key
= ParameterUtilities.CreateKeyParameter(
"
SM4
"
, keyBytes);
IBufferedCipher c
=
CipherUtilities.GetCipher(algo);
if
(iv ==
null
) iv =
ZeroIv(algo);
c.Init(
true
,
new
ParametersWithIV(key, iv));
return
c.DoFinal(plain);
}
catch
(Exception e)
{
//
log.Error("Sm4EncryptCBC error: " + e.Message, e);
return
null
;
}
}
public
static
byte
[] Sm4EncryptECB(
byte
[] keyBytes,
byte
[] plain,
string
algo)
{
if
(keyBytes.Length !=
16
)
throw
new
ArgumentException(
"
err key length
"
);
//
NoPadding 的情况下需要校验数据长度是16的倍数.
if
(plain.Length %
16
!=
0
&& algo.Contains(
"
NoPadding
"
))
throw
new
ArgumentException(
"
err data length
"
);
try
{
KeyParameter key
= ParameterUtilities.CreateKeyParameter(
"
SM4
"
, keyBytes);
IBufferedCipher c
=
CipherUtilities.GetCipher(algo);
c.Init(
true
, key);
return
c.DoFinal(plain);
}
catch
(Exception e)
{
//
log.Error("Sm4EncryptECB error: " + e.Message, e);
return
null
;
}
}
public
static
byte
[] Sm4DecryptECB(
byte
[] keyBytes,
byte
[] cipher,
string
algo)
{
if
(keyBytes.Length !=
16
)
throw
new
ArgumentException(
"
err key length
"
);
if
(cipher.Length %
16
!=
0
&& algo.Contains(
"
NoPadding
"
))
throw
new
ArgumentException(
"
err data length
"
);
try
{
KeyParameter key
= ParameterUtilities.CreateKeyParameter(
"
SM4
"
, keyBytes);
IBufferedCipher c
=
CipherUtilities.GetCipher(algo);
c.Init(
false
, key);
return
c.DoFinal(cipher);
}
catch
(Exception e)
{
//
log.Error("Sm4DecryptECB error: " + e.Message, e);
return
null
;
}
}
public
const
String SM4_ECB_NOPADDING =
"
SM4/ECB/NoPadding
"
;
public
const
String SM4_CBC_NOPADDING =
"
SM4/CBC/NoPadding
"
;
public
const
String SM4_CBC_PKCS7PADDING =
"
SM4/CBC/PKCS7Padding
"
;
/*
*
* cfca官网CSP沙箱导出的sm2文件
* @param pem 二进制原文
* @param pwd 密码
* @return
*/
public
static
Sm2Cert readSm2File(
byte
[] pem, String pwd)
{
Sm2Cert sm2Cert
=
new
Sm2Cert();
try
{
Asn1Sequence asn1Sequence
=
(Asn1Sequence)Asn1Object.FromByteArray(pem);
//
ASN1Integer asn1Integer = (ASN1Integer) asn1Sequence.getObjectAt(0);
//
version=1
Asn1Sequence priSeq = (Asn1Sequence)asn1Sequence[
1
];
//
private key
Asn1Sequence pubSeq = (Asn1Sequence)asn1Sequence[
2
];
//
public key and x509 cert
//
ASN1ObjectIdentifier sm2DataOid = (ASN1ObjectIdentifier) priSeq.getObjectAt(0);
//
ASN1ObjectIdentifier sm4AlgOid = (ASN1ObjectIdentifier) priSeq.getObjectAt(1);
Asn1OctetString priKeyAsn1 = (Asn1OctetString)priSeq[
2
];
byte
[] key = KDF(System.Text.Encoding.UTF8.GetBytes(pwd),
32
);
byte
[] priKeyD = Sm4DecryptCBC(Arrays.CopyOfRange(key,
16
,
32
),
priKeyAsn1.GetOctets(),
Arrays.CopyOfRange(key,
0
,
16
), SM4_CBC_PKCS7PADDING);
sm2Cert.privateKey
= GetPrivatekeyFromD(
new
BigInteger(
1
, priKeyD));
//
log.Info(Hex.toHexString(priKeyD));
//
ASN1ObjectIdentifier sm2DataOidPub = (ASN1ObjectIdentifier) pubSeq.getObjectAt(0);
Asn1OctetString pubKeyX509 = (Asn1OctetString)pubSeq[
1
];
X509Certificate x509
= (X509Certificate)
new
X509CertificateParser().ReadCertificate(pubKeyX509.GetOctets());
sm2Cert.publicKey
=
x509.GetPublicKey();
sm2Cert.certId
= x509.SerialNumber.ToString(
10
);
//
这里转10进账,有啥其他进制要求的自己改改
return
sm2Cert;
}
catch
(Exception e)
{
//
log.Error("readSm2File error: " + e.Message, e);
return
null
;
}
}
/*
*
*
* @param cert
* @return
*/
public
static
Sm2Cert ReadSm2X509Cert(
byte
[] cert)
{
Sm2Cert sm2Cert
=
new
Sm2Cert();
try
{
X509Certificate x509
=
new
X509CertificateParser().ReadCertificate(cert);
sm2Cert.publicKey
=
x509.GetPublicKey();
sm2Cert.certId
= x509.SerialNumber.ToString(
10
);
//
这里转10进账,有啥其他进制要求的自己改改
return
sm2Cert;
}
catch
(Exception e)
{
//
log.Error("ReadSm2X509Cert error: " + e.Message, e);
return
null
;
}
}
public
static
byte
[] ZeroIv(String algo)
{
try
{
IBufferedCipher cipher
=
CipherUtilities.GetCipher(algo);
int
blockSize =
cipher.GetBlockSize();
byte
[] iv =
new
byte
[blockSize];
Arrays.Fill(iv, (
byte
)
0
);
return
iv;
}
catch
(Exception e)
{
//
log.Error("ZeroIv error: " + e.Message, e);
return
null
;
}
}
public
static
void
Main2(
string
[] s)
{
//
随便看看
//
log.Info("GMNamedCurves: ");
foreach
(
string
e
in
GMNamedCurves.Names)
{
//
log.Info(e);
}
//
log.Info("sm2p256v1 n:" + x9ECParameters.N);
//
log.Info("sm2p256v1 nHex:" + Hex.ToHexString(x9ECParameters.N.ToByteArray()));
//
生成公私钥对 ---------------------
AsymmetricCipherKeyPair kp =
GmUtil.GenerateKeyPair();
//
log.Info("private key d: " + ((ECPrivateKeyParameters)kp.Private).D);
//
log.Info("public key q:" + ((ECPublicKeyParameters)kp.Public).Q);
//
{x, y, zs...}
//
签名验签
byte
[] msg = System.Text.Encoding.UTF8.GetBytes(
"
message digest
"
);
byte
[] userId = System.Text.Encoding.UTF8.GetBytes(
"
userId
"
);
byte
[] sig =
SignSm3WithSm2(msg, userId, kp.Private);
//
log.Info("testSignSm3WithSm2: " + Hex.ToHexString(sig));
//
log.Info("testVerifySm3WithSm2: " + VerifySm3WithSm2(msg, userId, sig, kp.Public));
//
由d生成私钥 ---------------------
BigInteger d =
new
BigInteger(
"
097b5230ef27c7df0fa768289d13ad4e8a96266f0fcb8de40d5942af4293a54a
"
,
16
);
ECPrivateKeyParameters bcecPrivateKey
=
GetPrivatekeyFromD(d);
//
log.Info("testGetFromD: " + bcecPrivateKey.D.ToString(16));
//
公钥X坐标PublicKeyXHex: 59cf9940ea0809a97b1cbffbb3e9d96d0fe842c1335418280bfc51dd4e08a5d4
//
公钥Y坐标PublicKeyYHex: 9a7f77c578644050e09a9adc4245d1e6eba97554bc8ffd4fe15a78f37f891ff8
AsymmetricKeyParameter publicKey = GetPublickeyFromX509File(
new
FileInfo(
"
d:/certs/69629141652.cer
"
));
//
log.Info(publicKey);
AsymmetricKeyParameter publicKey1 = GetPublickeyFromXY(
new
BigInteger(
"
59cf9940ea0809a97b1cbffbb3e9d96d0fe842c1335418280bfc51dd4e08a5d4
"
,
16
),
new
BigInteger(
"
9a7f77c578644050e09a9adc4245d1e6eba97554bc8ffd4fe15a78f37f891ff8
"
,
16
));
//
log.Info("testReadFromX509File: " + ((ECPublicKeyParameters)publicKey).Q);
//
log.Info("testGetFromXY: " + ((ECPublicKeyParameters)publicKey1).Q);
//
log.Info("testPubKey: " + publicKey.Equals(publicKey1));
//
log.Info("testPubKey: " + ((ECPublicKeyParameters)publicKey).Q.Equals(((ECPublicKeyParameters)publicKey1).Q));
//
sm2 encrypt and decrypt test ---------------------
AsymmetricCipherKeyPair kp2 =
GenerateKeyPair();
AsymmetricKeyParameter publicKey2
=
kp2.Public;
AsymmetricKeyParameter privateKey2
=
kp2.Private;
byte
[] bs = Sm2Encrypt(System.Text.Encoding.UTF8.GetBytes(
"
s
"
), publicKey2);
//
log.Info("testSm2Enc dec: " + Hex.ToHexString(bs));
bs =
Sm2Decrypt(bs, privateKey2);
//
log.Info("testSm2Enc dec: " + System.Text.Encoding.UTF8.GetString(bs));
//
sm4 encrypt and decrypt test ---------------------
//
0123456789abcdeffedcba9876543210 + 0123456789abcdeffedcba9876543210 -> 681edf34d206965e86b3e94f536e4246
byte
[] plain = Hex.Decode(
"
0123456789abcdeffedcba98765432100123456789abcdeffedcba98765432100123456789abcdeffedcba9876543210
"
);
byte
[] key = Hex.Decode(
"
0123456789abcdeffedcba9876543210
"
);
byte
[] cipher = Hex.Decode(
"
595298c7c6fd271f0402f804c33d3f66
"
);
bs
=
Sm4EncryptECB(key, plain, GmUtil.SM4_ECB_NOPADDING);
//
log.Info("testSm4EncEcb: " + Hex.ToHexString(bs)); ;
bs =
Sm4DecryptECB(key, bs, GmUtil.SM4_ECB_NOPADDING);
//
log.Info("testSm4DecEcb: " + Hex.ToHexString(bs));
//
读.sm2文件
String sm2 =
"
MIIDHQIBATBHBgoqgRzPVQYBBAIBBgcqgRzPVQFoBDDW5/I9kZhObxXE9Vh1CzHdZhIhxn+3byBU\nUrzmGRKbDRMgI3hJKdvpqWkM5G4LNcIwggLNBgoqgRzPVQYBBAIBBIICvTCCArkwggJdoAMCAQIC\nBRA2QSlgMAwGCCqBHM9VAYN1BQAwXDELMAkGA1UEBhMCQ04xMDAuBgNVBAoMJ0NoaW5hIEZpbmFu\nY2lhbCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEbMBkGA1UEAwwSQ0ZDQSBURVNUIFNNMiBPQ0Ex\nMB4XDTE4MTEyNjEwMTQxNVoXDTIwMTEyNjEwMTQxNVowcjELMAkGA1UEBhMCY24xEjAQBgNVBAoM\nCUNGQ0EgT0NBMTEOMAwGA1UECwwFQ1VQUkExFDASBgNVBAsMC0VudGVycHJpc2VzMSkwJwYDVQQD\nDCAwNDFAWnRlc3RAMDAwMTAwMDA6U0lHTkAwMDAwMDAwMTBZMBMGByqGSM49AgEGCCqBHM9VAYIt\nA0IABDRNKhvnjaMUShsM4MJ330WhyOwpZEHoAGfqxFGX+rcL9x069dyrmiF3+2ezwSNh1/6YqfFZ\nX9koM9zE5RG4USmjgfMwgfAwHwYDVR0jBBgwFoAUa/4Y2o9COqa4bbMuiIM6NKLBMOEwSAYDVR0g\nBEEwPzA9BghggRyG7yoBATAxMC8GCCsGAQUFBwIBFiNodHRwOi8vd3d3LmNmY2EuY29tLmNuL3Vz\nL3VzLTE0Lmh0bTA4BgNVHR8EMTAvMC2gK6AphidodHRwOi8vdWNybC5jZmNhLmNvbS5jbi9TTTIv\nY3JsNDI4NS5jcmwwCwYDVR0PBAQDAgPoMB0GA1UdDgQWBBREhx9VlDdMIdIbhAxKnGhPx8FcHDAd\nBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwDAYIKoEcz1UBg3UFAANIADBFAiEAgWvQi3h6\niW4jgF4huuXfhWInJmTTYr2EIAdG8V4M8fYCIBixygdmfPL9szcK2pzCYmIb6CBzo5SMv50Odycc\nVfY6
"
;
bs
=
Convert.FromBase64String(sm2);
String pwd
=
"
cfca1234
"
;
GmUtil.Sm2Cert sm2Cert
=
GmUtil.readSm2File(bs, pwd);
//
log.Info("testReadSm2File, pubkey: " + ((ECPublicKeyParameters)sm2Cert.publicKey).Q.ToString());
//
log.Info("testReadSm2File, prikey: " + Hex.ToHexString(((ECPrivateKeyParameters)sm2Cert.privateKey).D.ToByteArray()));
//
log.Info("testReadSm2File, certId: " + sm2Cert.certId);
bs
= Sm2Encrypt(System.Text.Encoding.UTF8.GetBytes(
"
s
"
), ((ECPublicKeyParameters)sm2Cert.publicKey));
//
log.Info("testSm2Enc dec: " + Hex.ToHexString(bs));
bs =
Sm2Decrypt(bs, ((ECPrivateKeyParameters)sm2Cert.privateKey));
//
log.Info("testSm2Enc dec: " + System.Text.Encoding.UTF8.GetString(bs));
msg
= System.Text.Encoding.UTF8.GetBytes(
"
message digest
"
);
userId
= System.Text.Encoding.UTF8.GetBytes(
"
userId
"
);
sig
=
SignSm3WithSm2(msg, userId, ((ECPrivateKeyParameters)sm2Cert.privateKey));
//
log.Info("testSignSm3WithSm2: " + Hex.ToHexString(sig));
//
log.Info("testVerifySm3WithSm2: " + VerifySm3WithSm2(msg, userId, sig, ((ECPublicKeyParameters)sm2Cert.publicKey)));
}
}
}
.NET使用:
using
CommonUtils;
using
Org.BouncyCastle.Crypto;
using
Org.BouncyCastle.Math;
using
Org.BouncyCastle.Utilities.Encoders;
using
System.Text;
void
TestSM2Enc()
{
String privateKeyHex
=
"
FAB8BBE670FAE338C9E9382B9FB6485225C11A3ECB84C938F10F20A93B6215F0
"
;
//
完整公钥128位“9EF573019D9A03B16B0BE44FC8A5B4E8E098F56034C97B312282DD0B4810AFC3CC759673ED0FC9B9DC7E6FA38F0E2B121E02654BF37EA6B63FAF2A0D6013EADF”
//
完整公钥130位,比128位开头多了04“049EF573019D9A03B16B0BE44FC8A5B4E8E098F56034C97B312282DD0B4810AFC3CC759673ED0FC9B9DC7E6FA38F0E2B121E02654BF37EA6B63FAF2A0D6013EADF”
string
pubKeyHex =
"
049EF573019D9A03B16B0BE44FC8A5B4E8E098F56034C97B312282DD0B4810AFC3CC759673ED0FC9B9DC7E6FA38F0E2B121E02654BF37EA6B63FAF2A0D6013EADF
"
;
//
如果是130位公钥,.NET 使用的话,把开头的04截取掉。
if
(pubKeyHex.Length ==
130
)
{
pubKeyHex
= pubKeyHex.Substring(
2
,
128
);
}
//
公钥X,前64位
String x = pubKeyHex.Substring(
0
,
64
);
//
公钥Y,后64位
String y = pubKeyHex.Substring(
64
);
//
获取公钥对象
AsymmetricKeyParameter publicKey1 = GmUtil.GetPublickeyFromXY(
new
BigInteger(x,
16
),
new
BigInteger(y,
16
));
String content
=
"
1234泰酷拉NET
"
;
Console.WriteLine(
"
待处理字符串:
"
+
content);
//
Sm2Encrypt 对应 C1C3C2
//
Sm2EncryptOld :C1C2C3
byte
[] digestByte =
GmUtil.Sm2Encrypt(Encoding.UTF8.GetBytes(content), publicKey1);
string
strSM2 =
Hex.ToHexString(digestByte);
Console.WriteLine(
"
SM2加密后:
"
+
strSM2);
//
4. .NET BC库SM2加密结果会带04,如果JAVA 那边报 Invalid point encoding 错误,删除加密结果前的04。如果对方要的是BASE64的加密结果,我们可以先转16进制字符串,裁掉04,再转BASE64。
string
newCipherText =
Hex.ToHexString(digestByte);
if
(newCipherText.StartsWith(
"
04
"
))
{
newCipherText
= newCipherText.Substring(
2
);
}
Console.WriteLine(
"
截取04后,加密结果:
"
+
newCipherText);
//
.NET 自加自解
BigInteger d =
new
BigInteger(privateKeyHex,
16
);
//
先拿到私钥对象,用ECPrivateKeyParameters 或 AsymmetricKeyParameter 都可以
//
ECPrivateKeyParameters bcecPrivateKey = CommonUtils.GmUtil.GetPrivatekeyFromD(d);
AsymmetricKeyParameter bcecPrivateKey =
CommonUtils.GmUtil.GetPrivatekeyFromD(d);
byte
[] byToDecrypt =
Hex.Decode(strSM2);
byte
[] byDecrypted =
GmUtil.Sm2Decrypt(byToDecrypt, bcecPrivateKey);
String strDecrypted
=
Encoding.UTF8.GetString(byDecrypted);
Console.WriteLine(
"
SM2解密后:
"
+
strDecrypted);
//
JAVA 结果,.NET来解
string
javaSM2 =
"
04a7aaa9fd91aea6f99787ef431e19cb9feecc5bfb97fb445ce529c78c04676f1792e06b3a2814d1bda80bd3f63e530c149fc03911f1b81007dc86cef2c03f30c7fecc8b256272f881a8f2f4e71351c45d5bb27e8531f1e2ea6d55150c88f5026b8783ccef867a510a313178cfd26177
"
;
//
.NET BC库解密,密文前要加 “04”,否则会报 Invalid point encoding XX
//
如果加密结果是BASE64的,把BASE64转16进制字符串,再判断是否04开头。
//
如果对方源码,固定截取的头2位,那么就不用判断是否04开头了,直接写死:javaSM2 = "04" + javaSM2;
if
(!javaSM2.StartsWith(
"
04
"
))
{
javaSM2
=
"
04
"
+
javaSM2;
}
Console.WriteLine(
"
javaSM2加密结果:
"
+
javaSM2);
byToDecrypt
=
Hex.Decode(javaSM2);
byDecrypted
=
GmUtil.Sm2Decrypt(byToDecrypt, bcecPrivateKey);
strDecrypted
=
Encoding.UTF8.GetString(byDecrypted);
Console.WriteLine(
"
java SM2解密后:
"
+
strDecrypted);
}
。
java代码:
maven 引用 :
<dependency>
<groupId>cn.hutool</groupId>
<artifactId>hutool-all</artifactId>
<version>
5.8
.
1
</version>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
<version>
1.70
</version>
</dependency>
JAVA调用:
package org.example;
import cn.hutool.crypto.SmUtil;
import cn.hutool.crypto.asymmetric.KeyType;
import cn.hutool.crypto.asymmetric.SM2;
import org.bouncycastle.crypto.engines.SM2Engine;
import org.bouncycastle.util.encoders.Hex;
static
void
testSM2Enc() {
//
sm2 加密模式:C1C3C2
//
私钥
String privateKeyHex =
"
FAB8BBE670FAE338C9E9382B9FB6485225C11A3ECB84C938F10F20A93B6215F0
"
;
//
完整公钥“9EF573019D9A03B16B0BE44FC8A5B4E8E098F56034C97B312282DD0B4810AFC3CC759673ED0FC9B9DC7E6FA38F0E2B121E02654BF37EA6B63FAF2A0D6013EADF”
//
公钥X
String x =
"
9EF573019D9A03B16B0BE44FC8A5B4E8E098F56034C97B312282DD0B4810AFC3
"
;
//
公钥Y
String y =
"
CC759673ED0FC9B9DC7E6FA38F0E2B121E02654BF37EA6B63FAF2A0D6013EADF
"
;
String content =
"
1234泰酷拉JJ
"
;
System.
out
.println(
"
待处理字符串:
"
+
content);
SM2 sm2
=
new
SM2(privateKeyHex, x, y);
//
默认是:C1C3C2
sm2.setMode(SM2Engine.Mode.C1C3C2);
//
公钥加密
byte
[] byRst =
sm2.encrypt(content.getBytes(), KeyType.PublicKey);
String strRst
=
Hex.toHexString(byRst);
System.
out
.println(
"
加密后:
"
+
strRst);
byte
[] byToDecrypt =
Hex.decode(strRst);
byte
[] byDecrypted =
sm2.decrypt(byToDecrypt, KeyType.PrivateKey);
String strDecrypted
=
new
String(byDecrypted);
System.
out
.println(
"
解密后:
"
+
strDecrypted);
}
。
end. 。
最后此篇关于C#.NET国密SM2加密解密与JAVA互通ver:20230805的文章就讲到这里了,如果你想了解更多关于C#.NET国密SM2加密解密与JAVA互通ver:20230805的内容请搜索CFSDN的文章或继续浏览相关文章,希望大家以后支持我的博客! 。
30
4
0
创建使用.NET框架的asp.net页面时,访问该页面的客户端是否需要在其计算机上安装.NET框架? IE。用户访问www.fakesite.com/default.aspx,如果他们没有安装框架,他
我阅读了很多不同的博客和 StackOverflow 问题,试图找到我的问题的答案,但最后我找不到任何东西,所以我想自己问这个问题。 我正在构建一个应用程序,其中有一个长时间运行的工作线程,它执行一些
已锁定。这个问题及其答案是locked因为这个问题是题外话,但却具有历史意义。目前不接受新的答案或互动。 我一直想知道为什么微软为这样一个伟大的平台选择了一个如此奇怪的、对搜索引擎不友好的名称。他们就
.Net Framework .Net .NET Standard的区别 1、.NET Framework 在未来.NET Framework或许成为过去时,目前还是有很多地方在使用的。这一套
如果有选择的话,您会走哪条路? ASP.NET Webforms + ASP.NET AJAX 或 ASP.NET MVC + JavaScript Framework of your Choice
我有一个 Web 服务,它通过专用连接通过 https 使用第三方 Web 服务,我应用了 ServicePointManager.ServerCertificateValidationCallbac
为什么我应该选择ASP.NET Web Application (.NET Framework)而不是ASP.NET Core Web Application (.NET Framework)? 我在
我在网络上没有找到任何关于包含 .NET Standard、.NET Core 和 .NET Framework 项目的 .NET 解决方案的公认命名约定。 就我而言,我们在 .NET 框架项目中有以
.NET Compact 是 .NET 的完美子集吗? 假设我考虑了屏幕大小和其他限制并避免了 .NET Compact 不支持的类和方法,或者 .NET Compact 是一个不同且不兼容的 GUI
我已经阅读了所有我能找到的关于 connectionManagement 中的 maxconnection 设置的文章:即 http://support.microsoft.com/kb/821268
我现在正在使用asp.net mvc,想知道使用内置的Json或 Json.Net哪个是更好的选择,但我不确定一个人是否比另一个人有优势。 另外,如果我确实选择沿用Json.Net的路线,那么我应该选
在 Visual Studio 中,您至少可以创建三种不同类型的类库: 类库(.NET Framework) 类库(.NET 标准) 类库(.NET Core) 虽然第一个是我们多年来一直使用的,但我
.NET 和 ASP.NET 之间有什么区别?它们有什么关系? 最佳答案 ASP.Net 基于 .Net 框架构建,提供有关 Web 开发的附加功能。 你可以去看看wikipedia article
在安装更高版本(3.0)之前,我需要安装.net框架1.1和2.0吗?或者单独安装 3.0 框架就足够了,并为在早期框架版本上编写的软件提供支持?谢谢 ,丽然 最佳答案 不,您不必安装以前的框架。 我
我正在开发一个项目,人们可以“更新”类别,例如更改类别的名称。我收到以下消息 This is called after clicking update 按钮 with the SQL statemen
.NET 类 System.Net.CookieContainer 线程安全吗? --更新:交 key 答复-- 是否有任何方法可以确保异步请求期间修改的变量(即 HttpWebRequest.Coo
我正在使用 JScript.NET 在我编写的 C# WinForms 应用程序中编写脚本。它工作得很好,但我只是尝试在脚本中放置一些异常处理,但我无法弄清楚如何判断我的 C# 代码抛出了哪种类型的异
我需要你的帮助, 比如我有一个小数类型的变量,我想这样取整。 例如 3.0 = 3 3.1 = 4 3.2 = 4 3.3 = 4 3.4 = 4 3.5 = 4 3.6 = 4 3.7 = 4 3.
我使用过这样的代码:http://msdn.microsoft.com/en-us/library/dw70f090.aspx在 ASP.NET 中工作之前访问数据库(2-3 年前)。我没有意识到我正
自 ConfigurationManager .NET Standard 中不存在,检索正在执行的程序集的应用程序设置的最佳方法是什么,无论是 web.config或 appSettings.{env
我是一名优秀的程序员,十分优秀!