我正在写一个点对点的文件共享系统
ASP.NET
。客户需要能够验证他们的文件是否来自可信赖的作者。客户端拥有他们信任的作者的公钥,作者应该对他们共享的文件进行数字签名。
我想使用 CRYSTALS-DILITHIUM 来生成和验证这些签名,并且我正在使用 Bouncy Castle 的 .NET 库 v2.2.0 来实现我的算法。
我怎么能:
到目前为止,这是我的示例代码:
请注意,有些项目,例如
new DilithiumPrivateKeyParameters(...)
的参数丢失,因为我不知道那里应该放什么。
public static void Generate ()
{
DilithiumKeyPairGenerator generator = new DilithiumKeyPairGenerator();
generator.Init(new DilithiumKeyGenerationParameters(
new SecureRandom(),
DilithiumParameters.Dilithium5Aes
));
AsymmetricCipherKeyPair keyPair = generator.GenerateKeyPair();
// All the later methods need bytes of these key - how do I get them?
AsymmetricKeyParameter publicKey = keyPair.Public;
AsymmetricKeyParameter privateKey = keyPair.Private;
}
public static void Sign ()
{
DilithiumSigner signer = new DilithiumSigner();
// What do I put in all these parameters?
signer.Init(true, new DilithiumPrivateKeyParameters(
DilithiumParameters.Dilithium5Aes,
// byte[] rho,
// byte[] K,
// byte[] tr,
// byte[] s1,
// byte[] s2,
// byte[] t1,
// byte[] t2,
));
string messageText = "Important Message!";
// Send the message and signature
byte[] message = Encoding.UTF8.GetBytes(messageText);
byte[] signature = signer.GenerateSignature(message);
}
public void Verify (byte[] publicKey, byte[] message, byte[] signature)
{
DilithiumSigner verifier = new DilithiumSigner();
// The constructor asks for "pkEncoded" - how should the bytes be encoded?
verifier.Init(false, new DilithiumPublicKeyParameters(publicKey));
bool good = verifier.VerifySignature(message, signature);
}
这里是签名和验证的工作示例——没有什么是一点点类型转换无法解决的!
我需要将键保持为
Dilithium...KeyParameters
,而不是byte[]
s或ICypherKeyParameters
。这使我能够访问正确的 Rho, K, etc.
属性和 GetEncoded()
方法。
public static void Test ()
{
AsymmetricCipherKeyPair keyPair1 = Generate();
AsymmetricCipherKeyPair keyPair2 = Generate();
byte[] message = Encoding.UTF8.GetBytes("Important Message!");
byte[] signature = Sign((DilithiumPrivateKeyParameters) keyPair1.Private, message);
// Returns TRUE
bool check1 = Verify((DilithiumPublicKeyParameters) keyPair1.Public, message, signature);
// Returns FALSE (as expected)
bool check2 = Verify((DilithiumPublicKeyParameters) keyPair2.Public, message, signature);
}
public static AsymmetricCipherKeyPair Generate ()
{
DilithiumKeyPairGenerator generator = new DilithiumKeyPairGenerator();
generator.Init(new DilithiumKeyGenerationParameters(
new SecureRandom(),
DilithiumParameters.Dilithium5Aes
));
AsymmetricCipherKeyPair keyPair = generator.GenerateKeyPair();
return keyPair;
}
public static byte[] Sign (DilithiumPrivateKeyParameters privateKey, byte[] message)
{
DilithiumSigner signer = new DilithiumSigner();
// What do I put in all these parameters?
signer.Init(true, new DilithiumPrivateKeyParameters(
DilithiumParameters.Dilithium5Aes,
privateKey.Rho,
privateKey.K,
privateKey.Tr,
privateKey.S1,
privateKey.S2,
privateKey.T0,
privateKey.T1
));
byte[] signature = signer.GenerateSignature(message);
return signature;
}
public static bool Verify (DilithiumPublicKeyParameters publicKey, byte[] message, byte[] signature)
{
DilithiumSigner verifier = new DilithiumSigner();
// The constructor asks for "pkEncoded" - how should the bytes be encoded?
verifier.Init(false, new DilithiumPublicKeyParameters(
DilithiumParameters.Dilithium5Aes,
publicKey.GetEncoded()
));
return verifier.VerifySignature(message, signature);
}