如何解决使用公钥、签名和消息有效负载验证 post API 调用 (C#) 的发送者
更新
这是我的代码 - 当我期望为 true 时,对 ecdsaVerify.VerifyData 的调用返回 false。我错过了什么?
public static bool VerifyData(string signature,string payload,string publickey)
{
try
{
var decodedPublicKey = Convert.FromBase64String(publickey);
var decodedSignature = Convert.FromBase64String(signature);
var decodedPayLoad = Encoding.UTF8.GetBytes(payload);
ReadOnlySpan<byte> ebayPublicKeySpan = new ReadOnlySpan<byte>(decodedPublicKey);
var ecdsaVerify = ECDsa.Create();
ecdsaVerify.ImportSubjectPublicKeyInfo(ebayPublicKeySpan,out _);
var verified = ecdsaVerify.VerifyData(decodedPayLoad,decodedSignature,HashAlgorithmName.SHA1);
return verified;
}
catch (CryptographicException e)
{
Console.WriteLine(e.Message);
return false;
}
}
主要调用数据点。
static void Main(string[] args)
{
// string messagepayloadMaybe = "{metadata:{topic:MARKETPLACE_ACCOUNT_DELETION,schemaVersion:1.0,deprecated:false},notification:{notificationId:49feeaeb - 4982 - 42d9 - a377 - 9645b8479411_33f7e043 - fed8 - 442b - 9d44 - 791923bd9a6d,eventDate:2021 - 03 - 19T20: 43:59.462Z,publishDate:2021 - 03 - 19T20: 43:59.679Z,publishAttemptCount:1,data:{username:test_user,userId:ma8vp1jySJC,eiasToken:nY + sHZ2PrBmdj6wVnY + sEZ2PrA2dj6wJnY + gAZGEpwmdj6x9nY + seQ ==}}}";
string messagepayloadMaybe = "{metadata:{topic:MARKETPLACE_ACCOUNT_DELETION,notification:{notificationId:49feeaeb-4982-42d9-a377-9645b8479411_33f7e043-fed8-442b-9d44-791923bd9a6d,eventDate:2021-03-19T20:43:59.462Z,publishDate:2021-03-19T20:43:59.679Z,eiasToken:nY+sHZ2PrBmdj6wVnY+sEZ2PrA2dj6wJnY+gAZGEpwmdj6x9nY+seQ==}}}";
string publickey ="MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZhhxXKtR+TOvtDbgTPCkSof02qgBB7IsYOyf76ilExJ/upAa/vKIKheOoCyOpcLmi4t0b4uepb7LLjmMr90FUg==";
string signature = "MEYCIQCfxfIWuxmWcIBQJ9c5/X7iGDJqs2RCGsBEaAjinyrrfAIhAIV6wGcTiBuV5KJUif2hokyrL+Q9ssHkad+mx2nEE25w";
Class1.VerifyData(signature,messagepayloadMaybe,publickey);
}
本帖下方的原帖
我正在寻找这个的 C# 版本
EncodedKeySpec publicKeySpec = new X509EncodedKeySpec(Base64.getDecoder().decode{public key});
java.security.PublicKey publicKey = KeyFactory.getInstance("EC").generatePublic(publicKeySpec);
Signature sig = Signature.getInstance{SHA1 with ECDSA};
sig.initVerify{public key};
sig.update(messagePayload.getBytes());
sig.verify(Base64.getDecoder().decode{signature value from X-EBAY-SIGNATURE header});
我有字符串格式的公钥、签名和有效负载。但我不知道如何创建正确的 C# 对象来加载公钥(没有证书)来验证签名。我已经尝试了 RSACryptoServiceProvider 和 RSA,但是我找不到一个很好的例子来说明当密钥采用这种格式时如何将公钥加载到对象中 “MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZhhxXKtR+TOvtDbgTPCkSof02qgBB7IsYOyf76ilExJ/upAa/vKIKheOoCyOpcLmi4t0b4uepb7FUgmr==”
当我打电话
var bytes = Convert.FromBase64String(publicKey);
var rsa = RSA.Create();
rsa.ImportSubjectPublicKeyInfo(bytes,out _);
importsubjectpublicKeyinfo 调用失败,说我的公钥无效
我已经在谷歌和 stackoverflow 上搜索了好几天,我宁愿不使用 bouncycastle(我们是一家微软商店),但任何有用的提示都将不胜感激。
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。