带有 ASP.NET 和 Bouncy Castle 的 CRYSTALS-DILITHIUM 数字签名

问题描述 投票:0回答:1

我正在写一个点对点的文件共享系统

ASP.NET
。客户需要能够验证他们的文件是否来自可信赖的作者。客户端拥有他们信任的作者的公钥,作者应该对他们共享的文件进行数字签名。

我想使用 CRYSTALS-DILITHIUM 来生成和验证这些签名,并且我正在使用 Bouncy Castle 的 .NET 库 v2.2.0 来实现我的算法。

我怎么能:

  1. 生成新的密钥对
  2. 使用私钥签名消息
  3. 使用公钥验证消息

到目前为止,这是我的示例代码:

请注意,有些项目,例如

new DilithiumPrivateKeyParameters(...)
的参数丢失,因为我不知道那里应该放什么。

public static void Generate ()
{
    DilithiumKeyPairGenerator generator = new DilithiumKeyPairGenerator();
    generator.Init(new DilithiumKeyGenerationParameters(
        new SecureRandom(),
        DilithiumParameters.Dilithium5Aes
        ));

    AsymmetricCipherKeyPair keyPair = generator.GenerateKeyPair();

    // All the later methods need bytes of these key - how do I get them?
    AsymmetricKeyParameter publicKey = keyPair.Public;
    AsymmetricKeyParameter privateKey = keyPair.Private;
}

public static void Sign ()
{
    DilithiumSigner signer = new DilithiumSigner();

    // What do I put in all these parameters?
    signer.Init(true, new DilithiumPrivateKeyParameters(
        DilithiumParameters.Dilithium5Aes,
                // byte[] rho,
                // byte[] K,
                // byte[] tr,
                // byte[] s1,
                // byte[] s2,
                // byte[] t1,
                // byte[] t2,
        ));

    string messageText = "Important Message!";

    // Send the message and signature
    byte[] message = Encoding.UTF8.GetBytes(messageText);
    byte[] signature = signer.GenerateSignature(message);
}

public void Verify (byte[] publicKey, byte[] message, byte[] signature)
{
    DilithiumSigner verifier = new DilithiumSigner();

    // The constructor asks for "pkEncoded" - how should the bytes be encoded?
    verifier.Init(false, new DilithiumPublicKeyParameters(publicKey));

    bool good = verifier.VerifySignature(message, signature);
}
c# asp.net cryptography digital-signature bouncycastle
1个回答
0
投票

这里是签名和验证的工作示例——没有什么是一点点类型转换无法解决的!

我需要将键保持为

Dilithium...KeyParameters
,而不是
byte[]
s或
ICypherKeyParameters
。这使我能够访问正确的 
Rho, K, etc.
属性和 
GetEncoded()
方法。

public static void Test ()
{
    AsymmetricCipherKeyPair keyPair1 = Generate();
    AsymmetricCipherKeyPair keyPair2 = Generate();

    byte[] message = Encoding.UTF8.GetBytes("Important Message!");
    byte[] signature = Sign((DilithiumPrivateKeyParameters) keyPair1.Private, message);

    // Returns TRUE
    bool check1 = Verify((DilithiumPublicKeyParameters) keyPair1.Public, message, signature);
    // Returns FALSE (as expected)
    bool check2 = Verify((DilithiumPublicKeyParameters) keyPair2.Public, message, signature);
}

public static AsymmetricCipherKeyPair Generate ()
{
    DilithiumKeyPairGenerator generator = new DilithiumKeyPairGenerator();
    generator.Init(new DilithiumKeyGenerationParameters(
        new SecureRandom(),
        DilithiumParameters.Dilithium5Aes
        ));

    AsymmetricCipherKeyPair keyPair = generator.GenerateKeyPair();

    return keyPair;
}

public static byte[] Sign (DilithiumPrivateKeyParameters privateKey, byte[] message)
{
    DilithiumSigner signer = new DilithiumSigner();

    // What do I put in all these parameters?
    signer.Init(true, new DilithiumPrivateKeyParameters(
        DilithiumParameters.Dilithium5Aes,
                privateKey.Rho,
                privateKey.K,
                privateKey.Tr,
                privateKey.S1,
                privateKey.S2,
                privateKey.T0,
                privateKey.T1
        ));

    byte[] signature = signer.GenerateSignature(message);
    return signature;
}

public static bool Verify (DilithiumPublicKeyParameters publicKey, byte[] message, byte[] signature)
{
    DilithiumSigner verifier = new DilithiumSigner();

    // The constructor asks for "pkEncoded" - how should the bytes be encoded?
    verifier.Init(false, new DilithiumPublicKeyParameters(
        DilithiumParameters.Dilithium5Aes,
        publicKey.GetEncoded()
        ));

    return verifier.VerifySignature(message, signature);
}
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.