"WIN10 Application Development" signature and verification

Source: Internet
Author: User

The data is signed and verified to prevent the data from being "pirated". It is a common practice to verify with the public key.

The algorithm uses SAH_XXXX, which is the hashing algorithm. Since MD5 was later found to be "non-unique", you will find that many of the downloaded file validations are now using the SHA1 algorithm. For example, we download a system. ISO image, after download, you can check the hash value to determine whether the file is complete and correct.

Signature and validation operations are not complex. Support is provided under the Windows.Security.Cryptography.Core namespace, such as Asymmetrickeyalgorithmprovider, Macalgorithmprovider, which can be used to generate a signed key.

This time I take asymmetrickeyalgorithmprovider as an example, because this can generate a public/private key pair, and support the operation of importing keys. After signing, you can export the key as a public key, which can be imported when validating.

The first step is to get a asymmetrickeyalgorithmprovider instance, without instantiation, directly from the static Openalgorithm method, and the parameter is the algorithm to be used.

            Asymmetrickeyalgorithmprovider asymt = Asymmetrickeyalgorithmprovider.openalgorithm ( ASYMMETRICALGORITHMNAMES.DSASHA1);

The second step, call the Createkeypair method to generate a key pair, the parameter is the number of bits, the general value is 512, 1024, 2048, 4096, here I use 512, normal no exception.

            Cryptographickey key = Asymt. Createkeypair (+);

Alternatively, you can export it as a public key, so that it is easy to store.

            PublicKey = key. Exportpublickey ();


In the third step, you can sign the data.

            IBuffer data = cryptographicbuffer.convertstringtobinary (TxtInput.Text.Trim (), Binarystringencoding.utf8);             = Cryptographicengine.sign (key, data);

The Cryptographicengine class exposes a series of methods that are used to complete encryption and decryption, to be signed, to invoke the Sign method, or to wait asynchronously for the Signasync method. After signing, the signature data is returned and stored in ibuffer form.

The data is signed and can be verified.

The first step, again, is to get a asymmetrickeyalgorithmprovider instance.

            Asymmetrickeyalgorithmprovider asmt = Asymmetrickeyalgorithmprovider.openalgorithm ( ASYMMETRICALGORITHMNAMES.DSASHA1);


The second step is to import the public key. Call the Importpublickey method to import the public key we just exported.

            Cryptographickey key = Asmt. Importpublickey (PublicKey);

After the import is successful, you can directly return a Cryptographickey object, which you can use to verify it directly. note the public key must be the same as the public key that was exported when the signature was signed , otherwise it cannot be verified.

The third step, can be verified.

            IBuffer data = cryptographicbuffer.convertstringtobinary (TxtVerifyInput.Text.Trim (), Binarystringencoding.utf8 );             // Note that the third parameter is the data            that you have just signed bool b = cryptographicengine.verifysignature (key, data, signeddata);

The VerifySignature method is used for signature verification, the first parameter is the public key, must be consistent before and after, the second parameter is the data to be validated, and the third parameter is the data obtained from the previous signature. Returns true if the validation succeeds;

===================================================

Look at the results of the operation.

If the content is entered in the same way, the validation succeeds and the validation fails if the contents of the input are different from front to back.

Sample code Download

"WIN10 Application Development" signature and verification

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.