1

假设 XMLDSig 文档 SignedInfo 如下:

<SignedInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
  <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></CanonicalizationMethod>
  <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></SignatureMethod>
  <Reference URI="#object">
    <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod>
    <DigestValue>OPnpF/ZNLDxJ/I+1F3iHhlmSwgo=</DigestValue>
  </Reference>
</SignedInfo>

上述 SignedInfo 节点的 SHA1 为

5a c8 ef ab 04 5a 9a 46 fe 00 1a c5 8c 25 36 46 ff 88 dc 6a

要在 Windows CryptoAPI 中生成 SignatureValue,我运行以下命令:

var hProv: HCRYPTPROV;
    hHash: HCRYPTHASH;
    hKey: HCRYPTKEY;
    s: string;
    B, bSign: TBytes;
    bPrefix, bPubKeyModulus, bExp: TBytes;
    iFFLen, iPos, iSize, iHashSize: Cardinal;
    PubKey: TRsaPubKey;
begin
  s := '<SignedInfo xmlns="http://www.w3.org/2000/09/xmldsig#">' + #$0A +
       '  <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></CanonicalizationMethod>' + #$0A +
       '  <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></SignatureMethod>' + #$0A +
       '  <Reference URI="#object">' + #$0A +
       '    <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod>' + #$0A +
       '    <DigestValue>OPnpF/ZNLDxJ/I+1F3iHhlmSwgo=</DigestValue>' + #$0A +
       '  </Reference>' + #$0A +
       '</SignedInfo>';

  B := TEncoding.ANSI.GetBytes(s);

  {get context for crypt default provider}
  Win32Check(CryptAcquireContext(hProv, nil, nil, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT));
  try
    Win32Check(CryptGenKey(hProv, AT_SIGNATURE, RSA1024BIT_KEY or CRYPT_EXPORTABLE or ALG_SID_RSA_PKCS, hKey));

    {create hash-object (SHA algorithm)}
    Win32Check(CryptCreateHash(hProv, CALG_SHA1, 0, 0, hHash));

    Win32Check(CryptHashData(hHash, @B[0], Length(B), 0));

    // Obtain hash size
    iSize := SizeOf(iSize);
    SetLength(B, iSize);
    Win32Check(CryptGetHashParam(hHash, HP_HASHSIZE, @B[0], iSize, 0));
    Move(B[0], iSize, iSize);

    // obtain hash value
    SetLength(B, iSize);
    Win32Check(CryptGetHashParam(hHash, HP_HASHVAL, @B[0], iSize, 0));

    Print('Hex: ' + ToHex(B));
    Print('Base64: ' + ToBase64(B));

    // Signature of Hash
    Win32Check(CryptSignHash(hHash, AT_SIGNATURE, nil, 0, nil, iSize));
    SetLength(bSign, iSize);
    Win32Check(CryptSignHash(hHash, AT_SIGNATURE, nil, 0, @bSign[0], iSize));

    Print;
    Print('Signature: ');
    Print(ToBase64(Reverse(bSign)));

    // Public key
    Win32Check(CryptExportKey(hKey, 0, PUBLICKEYBLOB, 0, nil, iSize));

    SetLength(B, iSize);
    Win32Check(CryptExportKey(hKey, 0, PUBLICKEYBLOB, 0, @B[0], iSize));

    Print;
    Print('Public Key: ');
    Print(ToHexASCII(B));

    Move(B[SizeOf(TPublicKeyStruc)], PubKey, SizeOf(PubKey));

    // Public key: Get Modulus
    SetLength(bPubKeyModulus, PubKey.bitlen div 8);
    Move(B[SizeOf(TPublicKeyStruc) + SizeOf(TRsaPubKey)], bPubKeyModulus[0], Length(bPubKeyModulus));
    Print;
    Print('Modulus: ');
    Print(ToHex(bPubKeyModulus));
    Print;
    Print(ToBase64(bPubKeyModulus));

    // Public key: Get Exponent
    Print;
    Print('Exponent: ');
    Print(IntToStr(PubKey.pubexp));
    SetLength(bExp, SizeOf(PubKey.pubexp));
    Move(PubKey.pubexp, bExp[0], Length(bExp));
    while bExp[Length(bExp) - 1] = 0 do
      SetLength(bExp, Length(bExp) - 1);
    Print('Base64: ' + ToBase64(bExp));

    Print;
    if CryptVerifySignature(hHash, @bSign[0], Length(bSign), hKey, nil, 0) then
      Print('signature verified')
    else
      RaiseLastOSError;

    Win32Check(CryptDestroyKey(hKey));

    {destroy hash-object}
    Win32Check(CryptDestroyHash(hHash));
  finally
    {release the context for crypt default provider}
    Win32Check(CryptReleaseContext(hProv, 0));
  end;
end;

我能够生成一个签名并使用我不确定我是否按照 XMLDSig 规范执行的 CryptoAPI 对其进行验证。

为了进一步验证我是否做得对,我尝试了在线验证器:http ://www.aleksey.com/xmlsec/xmldsig-verifier.html

我替换了以下 XMLDSig 文档的模数和 SignatureValue,并使用在线验证器对其进行了验证:

<?xml version="1.0" encoding="UTF-8"?>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
  <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></CanonicalizationMethod>
  <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></SignatureMethod>
  <Reference URI="#object">
    <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod>
    <DigestValue>OPnpF/ZNLDxJ/I+1F3iHhlmSwgo=</DigestValue>
  </Reference>
</SignedInfo>
<SignatureValue>nihUFQg4mDhLgecvhIcKb9Gz8VRTOlw+adiZOBBXgK4JodEe5aFfCqm8WcRIT8GLLXSk8PsUP4//SsKqUBQkpotcAqQAhtz2v9kCWdoUDnAOtFZkd/CnsZ1sge0ndha40wWDV+nOWyJxkYgicvB8POYtSmldLLepPGMz+J7/Uws=</SignatureValue>
<KeyInfo>
  <KeyValue>
    <RSAKeyValue><Modulus>4IlzOY3Y9fXoh3Y5f06wBbtTg94Pt6vcfcd1KQ0FLm0S36aGJtTSb6pYKfyX7PqCUQ8wgL6xUJ5GRPEsu9gyz8ZobwfZsGCsvu40CWoT9fcFBZPfXro1Vtlh/xl/yYHm+Gzqh0Bw76xtLHSfLfpVOrmZdwKmSFKMTvNXOFd0V18=</Modulus><Exponent>AQAB</Exponent></RSAKeyValue>
  </KeyValue>
</KeyInfo>
<Object xmlns="http://www.w3.org/2000/09/xmldsig#" Id="object">some text
  with spaces and CR-LF.</Object>
</Signature>

显然它失败了。

我想我没有正确生成签名值。

4

2 回答 2

2

我终于成功了。最后是字节序问题。Microsoft CryptoAPI 在 Little Endian 位串中显示模数和签名值。而 XMLDSIG 规范以 Big Endian 位串的形式呈现。

从 CryptoAPI 函数获取模数和签名值后,只需通过反转字节顺序将其转换为 Big Endian 位串:

function Reverse(A: TBytes): TBytes;
var B: Byte;
    i: integer;
begin
  SetLength(Result, Length(A));
  i := Length(A) - 1;
  for B in A do begin
    Result[i] := B;
    Dec(i);
  end;
end;

Print(ToBase64(reverse(bSign)));
Print(ToBase64(reverse(bPubKeyModulus)));
于 2012-03-16T03:20:21.810 回答
1

如果您确实需要在本机代码中而不是在 .NET 中验证 XMLDSig 文档,我建议您使用MSXML 5.0。请参阅代码示例以验证签名和另一个以创建签名。

于 2012-03-15T16:10:50.337 回答