Digital signature, digital signature certificate

Digital signature, digital signature certificate

Reprint please indicate the source: http://www.cnblogs.com/oumi/p/6680520.html

Recently, I encountered such A scenario in the project: tentatively set 2 persons A and B. Now A provides services and B through the interface. assume that AB is a cross-platform development environment. To smoothly implement data interaction and prevent unauthorized interception and tampering of data, a digital signature solution is proposed as follows:

Solution: The concept of digital signature is raised again. How is the so-called digital signature defined elsewhere not discussed at the moment, in this question, we define it as converting the data to a specific string, signature Key, and Unique Identification Code according to certain rules to generate a new string (in this case string is called the data to be signed ). After obtaining the data to be signed, calculate its Hash string value and convert it to an MD5 string. The string encrypted with MD5 is called the digital signature of the data to be signed. As the contact, you need to perform the same algorithm for the received data according to the same algorithm, and then compare it with the digital signature transmitted by the sender, in comparison, we believe that the data can be obtained smoothly and successfully, and the data is correct and valid. In contrast, we believe that the data is invalid. The specific implementation method is as follows:

/// <Summary> /// object extension /// </summary>

Public static class ObjectExtensions {# region data signature // <summary> // digital signature /// </summary> /// <param name = "input"> to be signed data </param> /// <param name = "encode"> with signature data encoding format, by default, the UTF-8 </param> // <returns> signature result </returns> public static String DigitalSign (this string input, Encoding encode) {if (encode = null) {encode = Encoding. UTF8;} byte [] inputBytes = encode. getBytes (input); return DigitalSignature (inputB Ytes );} /// <summary> /// digital signature /// </summary> /// <param name = "input"> data to be signed </param> /// <param name = "prefix"> prefix to be signed </param> /// <param name = "signKey"> signature encryption Key </param> /// <param name =" encode "> encoding format of the data to be signed, by default, the UTF-8 </param> /// <param name = "suffix"> suffix to sign </param> /// <returns> signature result </returns> public static String digitalSign (this string input, string signKey, Encoding encode, string prefix = "", string su Ffix = "") {var strNewUnSignStr = ""; if (encode = null) {encode = Encoding. UTF8;} strNewUnSignStr = string. format ("{0} {1} {2} {3}", prefix ?? String. Empty, signKey, input, suffix ?? String. empty); byte [] inputBytes = encode. getBytes (strNewUnSignStr); return DigitalSignature (inputBytes );} /// <summary> /// binary digital signature /// </summary> /// <param name = "objectAsBytes"> binary object </param> /// <returns> signature result </returns> /// <remarks> /// conversion method: md5 // principle: Convert the Hash value of the byte array to a hexadecimal string </remarks> public static string DigitalSignature (this byte [] objectAsBytes) {MD5 md5 = new MD5CryptoServiceProvider (); byte [] result = md5.ComputeHash (objectAsBytes); StringBuilder sb = new StringBuilder (); for (int I = 0; I <result. length; I ++) {sb. append (result [I]. toString ("X2");} return sb. toString () ;}# endregion}

Example:

/// <Summary> /// test case /// </summary> public void DigitalSignatureTest () {// Sender: string unDigSign = "I am the data to be signed "; // The Key here will be known to the digital signature provider and receiver only. It will remain unchanged and others will not know it. // to simplify the process, only a Guid string is used for representation. In fact, you can process string signKey = Guid as needed. new (). toString (); string prefix = "prefix"; string suffix = "suffix"; string signedStr = unDigSign. digitalSignature (signKey, Encoding. UTF8, prefix, suffix); // the docking party can implement all the other digital signature functions according to the source code algorithm. The calculated digital signature can be compared to determine whether it has been intercepted or tampered with. // for data security, the transmitted string can be frequently encrypted before being involved in the calculation, you can also perform the preceding calculation and then encrypt the data. // This practice can be adjusted based on your actual situation. This example is not described in detail. // If you are interested, please familiarize yourself}

Through the above Implementation of the principle code, the digital signature is achieved. The example shows the specific usage and describes the core idea.

Up to now, this can smoothly implement digital signatures and prevent data interception and tampering.

Question: This article is a reference. If you have a better way, you can leave a message. You are welcome to criticize and correct your suggestion.