将 ASN.1 数据转换为公钥需要什么?例如如何确定

问题描述

此代码与反垃圾邮件工作中使用的 DKIM 签名验证有关.

This code relates to DKIM signature verification used in anti-spam efforts.

我有一个来自 s1024._domainkey.yahoo.com 的 byte[] 是 ASN.1 编码的，但我不知道仅此一项是否包含足够的信息实现公钥.

I have a byte[] from s1024._domainkey.yahoo.com that is ASN.1 encoded, but I don't know if that alone contains enough information to materialize a public key.

基于这个类，看来我可以将 ASN.1 密钥转换为 X509Certificate 公钥，但我需要提供 OID 和一些 ASN.1 编码的参数.

Based on this class, it appears I can convert an ASN.1 key into a X509Certificate Public key, but I need to supply an OID and some ASN.1-encoded parameters.

在此示例中，我有 ASN1 密钥为的元数据:

In this example I have metadata that the ASN1 key is:

1. RSA 编码的密钥(ASN.1 DER 编码的 [ITU-X660-1997] RSAPublicKey 每 RFC3447)
2. 与任一 sha1 sha256 哈希算法一起使用
3. 使用 RFC3447 的 A.2 节中与下表相关的 OID(尽管我不知道如何将此信息转换为完整的 OID)

/*
 * 1.2.840.113549.1
 * 
    MD2 md2WithRSAEncryption    ::= {pkcs-1 2}
    MD5 md5WithRSAEncryption    ::= {pkcs-1 4}
    SHA-1 sha1WithRSAEncryption   ::= {pkcs-1 5}
    SHA-256 sha256WithRSAEncryption ::= {pkcs-1 11}
    SHA-384 sha384WithRSAEncryption ::= {pkcs-1 12}
    SHA-512 sha512WithRSAEncryption ::= {pkcs-1 13}
 */

代码示例

<代码>串PUBKEY = MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDrEee0Ri4Juz + QfiWYui/E9UGSXau/2P8LjnTD8V4Unn + 2FAZVGE3kL23bzeoULYv4PeleB3gfmJiDJOKU3Ns5L4KJAUUHjFwDebt0NP + sBK0VKeTATL2Yr/S3bT/XHY + 1xtj4RkdV7fVxTn56Lb4udUnwuxK4V5b5PdOKj/+ XcwIDAQAB";byte[] pubkeyByteArray = Convert.FromBase64String(pubkey);AsnEncodedData aData = new AsnEncodedData(pubkeyByteArray);//OID 不能为空，但它就在这里.它是什么?System.Security.Cryptography.X509Certificates.PublicKey pubKeyRdr = new System.Security.Cryptography.X509Certificates.PublicKey(aData.Oid, null, aData);

问题

• 我应该使用什么 OID?
• 有哪些 ASN.1 参数示例?

推荐答案

更新

这是您在使用 链接 @erickson 提供的解析时提供的数据:

This is the data you have provided when it is parsed using the link @erickson provided:

SEQUENCE (2 elem)
    SEQUENCE (2 elem)
        OBJECT IDENTIFIER 1.2.840.113549.1.1.1
        NULL
    BIT STRING (1 elem)
        SEQUENCE (2 elem)
            INTEGER(1024 bit)
            INTEGER 65537

前面代码之所以抛出ASN1 bad tag value met.异常是因为aData包含不​​正确的数据(包含以上所有数据).据我所知，System.Security.Cryptography.X509Certificates.PublicKey 的 3 个参数是如何分解的.

The reason the previous code throws a ASN1 bad tag value met. exception is because aData contains incorrect data (contains all the data above). From what I've seen, the is how the 3 arguments to System.Security.Cryptography.X509Certificates.PublicKey are broken down.

1. 第一个参数是OID，也就是上面的OBJECT IDENTIFIER.
2. 第二个参数是公钥参数.在上面的解析中，你可以看到它是NULL.
3. 第三个参数是实际的公钥值.这由上面的第三个序列组成.该序列有 2 个整数，一个 1024 位模数，后跟公共指数.

我使用下面的代码对其进行了测试.如果不编写 DER 解析器，我找不到解析数据的内置方法.

I tested it using the code below. I couldn't find a built-in method to parse the data without writing a DER parser.

Oid oid = new Oid("1.2.840.113549.1.1.1");
AsnEncodedData keyValue = new AsnEncodedData(getBytes("30818902818100EB11E7B4462E09BB3F907E2598BA2FC4F541925DABBFD8FF0B8E74C3F15E149E7FB6140655184DE42F6DDBCDEA142D8BF83DE95E07781F98988324E294DCDB392F82890145078C5C0379BB7434FFAC04AD1529E4C04CBD98AFF4B76D3FF1872FB5C6D8F8464755EDF5714E7E7A2DBE2E7549F0BB12B85796F93DD38A8FFF97730203010001"));
AsnEncodedData keyParam = new AsnEncodedData(new byte[] {05, 00});
PublicKey pubKeyRdr = new System.Security.Cryptography.X509Certificates.PublicKey(oid, keyParam, keyValue);
System.Diagnostics.Debug.WriteLine(pubKeyRdr.Key.KeyExchangeAlgorithm);
System.Diagnostics.Debug.WriteLine(pubKeyRdr.Key.KeySize);

它输出RSA-PKCS1-KeyEx和1024.

这篇关于将 ASN.1 数据转换为公钥需要什么?例如如何确定 OID?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持html5模板网！