cryptointeropsign.aspx.htm

一个用C＋＋、JAVA、C#等编写的数字签名代码序列

					
<div class="SmallText" style="white-space: nowrap;">
<img src="CryptoInteropSign.aspx_files/print.gif" alt="print" style="vertical-align: middle;" width="16" height="16">
<a id="ctl00_ArticleHeaderLinks_PrintLnk" href="http://www.codeproject.com/KB/security/CryptoInteropSign.aspx?display=Print">Print</a> &nbsp;

<img src="CryptoInteropSign.aspx_files/report.gif" alt="Broken Article?" style="vertical-align: middle;" width="16" height="16">
<a id="ctl00_ArticleHeaderLinks_BrokenLnk" href="http://www.codeproject.com/script/Articles/Report.aspx?aid=25590">Report Article</a> &nbsp;

 &nbsp;

<img src="CryptoInteropSign.aspx_files/link.png" alt="Bookmark" style="vertical-align: middle;" width="16" height="16">

<a href="http://www.codeproject.com/script/Bookmarks/Add.aspx?&amp;obid=25590&amp;obtid=2&amp;bmaction=AddBookmark" name="ajaxBookmarkLink" id="bm_25590,2" class="" onclick="return bookmarkMe(25590, 2);">Bookmark Me </a><span class="TinyText" style="visibility: hidden;"></span>
<span id="ctl00_ArticleHeaderLinks_ArticleBmk_Message"></span>
 &nbsp;

<img src="CryptoInteropSign.aspx_files/discuss.gif" alt="Discuss" style="vertical-align: middle;" width="15" height="16">
<a href="#_comments">Discuss</a> &nbsp;

<img src="CryptoInteropSign.aspx_files/mail.gif" alt="Recommend Article" style="vertical-align: middle;" width="16" height="16">
<a id="ctl00_ArticleHeaderLinks_Recommend" href="http://www.codeproject.com/script/common/TellFriend.aspx?obtid=2&amp;obid=25590">Send to a friend</a>	
</div>
				</td>
				<td style="text-align: right; white-space: nowrap; width: 100px;">
				<table id="CurRat"><tbody><tr><td>            
<table><tbody><tr>
<td style="white-space: nowrap;" class="SmallText" align="right"> 
<span id="ctl00_ArticleRating_VoteLabel">13 votes for this Article.</span></td>
<td><table border="1" cellpadding="0" cellspacing="0">
			<tbody><tr>
				<td width="20" bgcolor="White" height="7"><img src="CryptoInteropSign.aspx_files/red.gif" width="20" align="center" border="0" height="7"></td>
				<td width="20" bgcolor="White" height="7"><img src="CryptoInteropSign.aspx_files/red.gif" width="20" align="center" border="0" height="7"></td>
				<td width="20" bgcolor="White" height="7"><img src="CryptoInteropSign.aspx_files/red.gif" width="20" align="center" border="0" height="7"></td>
				<td width="20" bgcolor="White" height="7"><img src="CryptoInteropSign.aspx_files/red.gif" width="20" align="center" border="0" height="7"></td>
				<td width="20" bgcolor="White" height="7" nowrap="nowrap"><img src="CryptoInteropSign.aspx_files/red.gif" width="16" align="center" border="0" height="7"></td>
			</tr>
		</tbody></table>
		</td>
</tr>
<tr id="ctl00_ArticleRating_PopularityRow">
			<td colspan="2" class="SmallText" align="right">
<a id="ctl00_ArticleRating_PopularityLnk" title="Calculated as rating x Log10(# votes)" href="http://www.codeproject.com/script/Articles/TopArticles.aspx?ta_so=1">Popularity: 5.33</a>
<span id="ctl00_ArticleRating_PopularityLbl"></span><span id="ratingVal">Rating: <b>4.78</b> out of 5</span></td>
		</tr>
		
</tbody></table>



</td>
				<td>            
<div>
<table class="HistTable" title="Voting Distribution. Recent data only"><tbody><tr><td><img src="CryptoInteropSign.aspx_files/t.htm" alt="0 votes, 0.0%" title="0 votes, 0.0%" width="10" border="0" height="1"><br>1</td>
<td><img src="CryptoInteropSign.aspx_files/pollcol.gif" alt="1 vote, 7.7%" title="1 vote, 7.7%" width="10" border="0" height="2"><br>2</td>
<td><img src="CryptoInteropSign.aspx_files/pollcol.gif" alt="2 votes, 15.4%" title="2 votes, 15.4%" width="10" border="0" height="4"><br>3</td>
<td><img src="CryptoInteropSign.aspx_files/t.htm" alt="0 votes, 0.0%" title="0 votes, 0.0%" width="10" border="0" height="1"><br>4</td>
<td><img src="CryptoInteropSign.aspx_files/pollcol.gif" alt="10 votes, 76.9%" title="10 votes, 76.9%" width="10" border="0" height="20"><br>5</td>
</tr></tbody></table>
</div>



</td></tr></tbody></table>
				</td>
			</tr>
			</tbody></table>
			
			
			
			
						
			
			
			
			
			
			
			
			
			<span id="intelliTXT">
			<div id="contentdiv">
			
			<!-- Main Page Contents Start -->
			

<!-- Article Starts -->


<ul class="download">
<li><a href="http://www.codeproject.com/KB/security/CryptoInteropSign/CryptoPPInteropSign.zip">Download C++ code - 5.09 KB</a> </li>

<li><a href="http://www.codeproject.com/KB/security/CryptoInteropSign/CSInteropSign.zip">Download C# code - 32.3 KB</a> </li>

<li><a href="http://www.codeproject.com/KB/security/CryptoInteropSign/JavaInteropSign.zip">Download Java code - 10.8 KB</a> 
<p><small>Checksums for the download files available <a href="#CS">here</a></small>.</p>
</li>
</ul>

<h2>Introduction</h2>

<p>The Crypto++ mailing list occasionally receives questions regarding
creating and verifying digital signatures among various libraries. This
article will examine signing and verifying messages between Crypto++,
C#, and Java. In addition, the C# sample presents <em>AsnKeyBuilder</em> and <em>AsnKeyParser</em>,
which allow us to serialize and reconstruct keys in PKCS#8 and X.509.
This frees us from the CLR's limitation of XML serialization.</p>

<p>The Digital Signature Algorithm will be used as the test case. There
are a few reasons for this choice. First is popularity. Second, as we
will see below, different signatures are created for the same key and
message due to a per-message random variable (which complicates
interoperability analysis). Finally, DSA signatures are represented in
at least three different formats, which causes necessary conversions
and, again, complicates analysis. We will also use strings and streams
rather than byte arrays, which adds more interoperability issues.</p>

<p>Below, we will see that a signed message is the tuple { message,
signature }. When we verify a message, we require the message, the
signature, and the signer's public key. This brings to light two
problem areas. The first issue is keys and their exchange. The second
is defining what exactly will be signed. The first issue was examined
in <em><a href="http://www.codeproject.com/KB/security/CryptoInteropKeys.aspx" target="_blank">Cryptographic Interoperability: Keys</a></em>
[1]. The key interoperability article discusses importing and exporting
public and private keys in Crypto++, Java, and C# in a portable manner
using PKCS#8 and X.509.</p>

<p>This article will examine the second issue - understanding what will
be (or has been) signed. As with the previous article, we examine the
details of the process so that when things go wrong, we can understand
why and then correct the issue. Topics to be visited in this article
are as follows. Though the impact of strings and streams appear early,
we visit the topic last.</p>

<ul>
<li>Digital Signatures 
<ul>
<li>Key Generation </li>

<li>Message Signing </li>

<li>Message Verification </li>
</ul>
</li>

<li>Signature Formats 
<ul>
<li>IEEE P1363 </li>

<li>DER Encoding </li>

<li>OpenPGP </li>
</ul>
</li>

<li>Generating Keys, Signing, and Verifying 
<ul>
<li>Crypto++ </li>

<li>Java </li>

<li>C# </li>
</ul>
</li>

<li>Strings and Streams 
<ul>
<li>Crypto++ </li>

<li>Java </li>

<li>C# </li>
</ul>
</li>
</ul>

<p>Our examples will use the Digital Signature Standard specified in
FIPS 186-2 [11]. The standard prescribes three approved signature
schemes. We will use the Digital Signature (DS) Algorithm as opposed to
the RSA digital signature algorithm (RSASS) or the Elliptic Curve
digital signature algorithm (ECDSA).</p>

<p>FIPS 186-2 specifies the use of a 160 bit <em>p</em>, a 1024 bit <em>q</em>, and SHA-1 as the hash. FIPS 186-3 [2] uses larger hashes (SHA-2), and uses larger values for <em>p</em> (up to 3072 bits) and <em>q</em> (up to 256 bits). FIPS 186-3 is currently in draft status.</p>

<p>DSA is a Signature Scheme with Appendix. This means that the message
must be presented to the verifier function. This is in contrast to a
Signature Scheme with Recovery. In a recovery system, the message is
folded into the signature. Recovery implies that the message does not
have to be sent with the signature - the verification routine will
extract the message from the signature.</p>

<h2>Downloads</h2>

<p>There are three downloads which are available at the start of the
article. Each archive is a project for creating and verifying
signatures. For those who only want the source code, Table 1 identifies
the download of interest.</p>

<table border="1">
<tbody>
<tr>
<td style="text-align: center;" width="200">Filename</td>

<td style="text-align: center;" width="125">Language</td>
</tr>

<tr>
<td><em>CryptoPPInteropSign.zip</em></td>

<td>C++/Crypto++</td>
</tr>

<tr>
<td><em>JavaInteropSign.zip</em></td>

<td>Java</td>
</tr>

<tr>
<td><em>CSInteropSign.zip</em></td>

<td>C#</td>
</tr>

<tr>
<td style="text-align: center;" colspan="2">Table 1: Source Code Archives</td>
</tr>
</tbody>
</table>

<h2>Digital Signatures</h2>

<p>A digital signature is the electronic equivalent of a hand written
signature. It uses a public and private key pair for its operations.
The signer signs the message using the private key, and the verifier
confirms the signature on the message using the public key.</p>

<p>The DSA is a special case of the ElGamal signature system [12]. The
security of DSA is derived from discrete logarithms. There are actually
two instance problems: the first is logarithms in the multiplicative
group Z<sub><em>p</em></sub>, for which the index-calculus method applies. The second is the logarithm problem in the cyclic subgroup <em>q</em>, where current methods run in square root time.</p>

<h3>Key Generation</h3>

<p>A DSA key is generated as follows [12]. Below, the size of <em>q</em> is fixed by FIPS 186 at 160 bits. Though the original FIPS 186 specification [7] specifies <em>p</em> between 512 to 1024 bits inclusive, FIPS 186-2 [11] fixes <em>p</em> at 1024. This usually means that some libraries enforce a bit size of 1024 at step three.</p>

<ol>
<li>Select a prime number <em>q</em> such that 2<sup>159</sup> &lt; <em>q</em> &lt; 2<sup>160</sup> </li>

<li>Choose <em>t</em> so that 0 鈮