初始化KMS執行個體SDK用戶端後,您可以通過用戶端調用Sign和Verify介面進行簽名驗簽。本文介紹簽名驗簽的程式碼範例。
完整程式碼範例
調用Sign介面使用非對稱金鑰進行數位簽章,調用Verify介面使用非對稱金鑰驗證數位簽章。
Github源碼地址:AsymmetricSignVerifySample.cs
using System;
using System.Collections;
using System.Collections.Generic;
using System.IO;
using System.Threading.Tasks;
using Tea;
using Tea.Utils;
namespace AlibabaCloud.Dkms.Gcs.Sdk.Example
{
public class AsymmetricSignVerifySample
{
public static AlibabaCloud.Dkms.Gcs.OpenApi.Models.Config CreateKmsInstanceConfig(string clientKeyFile, string password, string endpoint, string caFilePath)
{
AlibabaCloud.Dkms.Gcs.OpenApi.Models.Config config = new AlibabaCloud.Dkms.Gcs.OpenApi.Models.Config();
config.ClientKeyFile = clientKeyFile;
config.Password = password;
config.Endpoint = endpoint;
config.CaFilePath = caFilePath;
return config;
}
public static async Task<AlibabaCloud.Dkms.Gcs.OpenApi.Models.Config> CreateKmsInstanceConfigAsync(string clientKeyFile, string password, string endpoint, string caFilePath)
{
AlibabaCloud.Dkms.Gcs.OpenApi.Models.Config config = new AlibabaCloud.Dkms.Gcs.OpenApi.Models.Config();
config.ClientKeyFile = clientKeyFile;
config.Password = password;
config.Endpoint = endpoint;
config.CaFilePath = caFilePath;
return config;
}
public static AlibabaCloud.Dkms.Gcs.Sdk.Client CreateClient(AlibabaCloud.Dkms.Gcs.OpenApi.Models.Config kmsInstanceConfig)
{
return new AlibabaCloud.Dkms.Gcs.Sdk.Client(kmsInstanceConfig);
}
public static async Task<AlibabaCloud.Dkms.Gcs.Sdk.Client> CreateClientAsync(AlibabaCloud.Dkms.Gcs.OpenApi.Models.Config kmsInstanceConfig)
{
return new AlibabaCloud.Dkms.Gcs.Sdk.Client(kmsInstanceConfig);
}
public static AlibabaCloud.Dkms.Gcs.Sdk.Models.SignResponse Sign(AlibabaCloud.Dkms.Gcs.Sdk.Client client, string keyId, string algorithm, byte[] message, string messageType)
{
AlibabaCloud.Dkms.Gcs.Sdk.Models.SignRequest request = new AlibabaCloud.Dkms.Gcs.Sdk.Models.SignRequest
{
KeyId = keyId,
Algorithm = algorithm,
Message = message,
MessageType = messageType,
};
//忽略ca認證認證
//AlibabaCloud.Dkms.Gcs.OpenApiUtil.Models.RuntimeOptions runtime = new AlibabaCloud.Dkms.Gcs.OpenApiUtil.Models.RuntimeOptions();
//runtime.IgnoreSSL = true;
//return client.SigntWithOptions(request,runtime);
return client.Sign(request);
}
public static async Task<AlibabaCloud.Dkms.Gcs.Sdk.Models.SignResponse> SignAsync(AlibabaCloud.Dkms.Gcs.Sdk.Client client, string keyId, string algorithm, byte[] message, string messageType)
{
AlibabaCloud.Dkms.Gcs.Sdk.Models.SignRequest request = new AlibabaCloud.Dkms.Gcs.Sdk.Models.SignRequest
{
KeyId = keyId,
Algorithm = algorithm,
Message = message,
MessageType = messageType,
};
//忽略ca認證認證
//AlibabaCloud.Dkms.Gcs.OpenApiUtil.Models.RuntimeOptions runtime = new AlibabaCloud.Dkms.Gcs.OpenApiUtil.Models.RuntimeOptions();
//runtime.IgnoreSSL = true;
//return await client.SignWithOptionsAsync(request,runtime);
return await client.SignAsync(request);
}
public static AlibabaCloud.Dkms.Gcs.Sdk.Models.VerifyResponse Verify(AlibabaCloud.Dkms.Gcs.Sdk.Client client, string keyId, string algorithm, byte[] message, string messageType, byte[] signature)
{
AlibabaCloud.Dkms.Gcs.Sdk.Models.VerifyRequest request = new AlibabaCloud.Dkms.Gcs.Sdk.Models.VerifyRequest
{
KeyId = keyId,
Algorithm = algorithm,
Message = message,
MessageType = messageType,
Signature = signature,
};
//忽略ca認證認證
//AlibabaCloud.Dkms.Gcs.OpenApiUtil.Models.RuntimeOptions runtime = new AlibabaCloud.Dkms.Gcs.OpenApiUtil.Models.RuntimeOptions();
//runtime.IgnoreSSL = true;
//return client.VerifyWithOptions(request,runtime);
return client.Verify(request);
}
public static async Task<AlibabaCloud.Dkms.Gcs.Sdk.Models.VerifyResponse> VerifyAsync(AlibabaCloud.Dkms.Gcs.Sdk.Client client, string keyId, string algorithm, byte[] message, string messageType, byte[] signature)
{
AlibabaCloud.Dkms.Gcs.Sdk.Models.VerifyRequest request = new AlibabaCloud.Dkms.Gcs.Sdk.Models.VerifyRequest
{
KeyId = keyId,
Algorithm = algorithm,
Message = message,
MessageType = messageType,
Signature = signature,
};
//忽略ca認證認證
//AlibabaCloud.Dkms.Gcs.OpenApiUtil.Models.RuntimeOptions runtime = new AlibabaCloud.Dkms.Gcs.OpenApiUtil.Models.RuntimeOptions();
//runtime.IgnoreSSL = true;
//return await client.VerifWithOptionsAsync(request,runtime);
return await client.VerifyAsync(request);
}
public static void Main(string[] args)
{
string regionId = "your-regionId";
// KMS執行個體的CA認證
string caFilePath = "your-caFilePath";
// 設定endpoint為<your KMS Instance Id>.cryptoservice.kms.aliyuncs.com。
string endpoint = "your-endpoint";
// 設定Client Key以及Client Key口令。
AlibabaCloud.Dkms.Gcs.OpenApi.Models.Config kmsInstanceConfig = CreateKmsInstanceConfig(AlibabaCloud.DarabonbaEnv.Client.GetEnv("ClientKeyFile"), AlibabaCloud.DarabonbaEnv.Client.GetEnv("Password"), endpoint, caFilePath);
AlibabaCloud.Dkms.Gcs.Sdk.Client client = CreateClient(kmsInstanceConfig);
//sign
string keyId = "your-keyId";
string algorithm = "your-algorithm";
byte[] message = AlibabaCloud.DarabonbaEncodeUtil.Encoder.Base64Decode("your-message-base64");
string messageType = "your-messageType";
AlibabaCloud.Dkms.Gcs.Sdk.Models.SignResponse signRes = Sign(client, keyId, algorithm, message, messageType);
//verify
AlibabaCloud.Dkms.Gcs.Sdk.Models.VerifyResponse verifyRes = Verify(client, signRes.KeyId, signRes.Algorithm, message, signRes.MessageType, signRes.Signature);
string verifyResJson = AlibabaCloud.TeaUtil.Common.ToJSONString(AlibabaCloud.TeaUtil.Common.ToMap(verifyRes));
AlibabaCloud.TeaConsole.Client.Log("verifyRes:" + verifyResJson);
}
}
}程式碼範例解析
初始化用戶端
關於初始化用戶端的詳細介紹,請參見初始化用戶端。
using System;
string regionId = "your-regionId";
// KMS執行個體的CA認證
string caFilePath = "your-caFilePath";
// 設定endpoint為<your KMS Instance Id>.cryptoservice.kms.aliyuncs.com。
string endpoint = "your-endpoint";
// 設定Client Key以及Client Key口令。
AlibabaCloud.Dkms.Gcs.OpenApi.Models.Config kmsInstanceConfig = CreateKmsInstanceConfig(AlibabaCloud.DarabonbaEnv.Client.GetEnv("ClientKeyFile"), AlibabaCloud.DarabonbaEnv.Client.GetEnv("Password"), endpoint, caFilePath);
AlibabaCloud.Dkms.Gcs.Sdk.Client client = CreateClient(kmsInstanceConfig);調用Sign介面使用非對稱金鑰進行數位簽章
public static AlibabaCloud.Dkms.Gcs.Sdk.Models.SignResponse Sign(AlibabaCloud.Dkms.Gcs.Sdk.Client client, string keyId, string algorithm, byte[] message, string messageType)
{
AlibabaCloud.Dkms.Gcs.Sdk.Models.SignRequest request = new AlibabaCloud.Dkms.Gcs.Sdk.Models.SignRequest
{
KeyId = keyId,
Algorithm = algorithm,
Message = message,
MessageType = messageType,
};
//忽略ca認證認證
//AlibabaCloud.Dkms.Gcs.OpenApiUtil.Models.RuntimeOptions runtime = new AlibabaCloud.Dkms.Gcs.OpenApiUtil.Models.RuntimeOptions();
//runtime.IgnoreSSL = true;
//return client.SigntWithOptions(request,runtime);
return client.Sign(request);
}調用Verify介面使用非對稱金鑰驗證數位簽章
public static AlibabaCloud.Dkms.Gcs.Sdk.Models.VerifyResponse Verify(AlibabaCloud.Dkms.Gcs.Sdk.Client client, string keyId, string algorithm, byte[] message, string messageType, byte[] signature)
{
AlibabaCloud.Dkms.Gcs.Sdk.Models.VerifyRequest request = new AlibabaCloud.Dkms.Gcs.Sdk.Models.VerifyRequest
{
KeyId = keyId,
Algorithm = algorithm,
Message = message,
MessageType = messageType,
Signature = signature,
};
//忽略ca認證認證
//AlibabaCloud.Dkms.Gcs.OpenApiUtil.Models.RuntimeOptions runtime = new AlibabaCloud.Dkms.Gcs.OpenApiUtil.Models.RuntimeOptions();
//runtime.IgnoreSSL = true;
//return client.VerifyWithOptions(request,runtime);
return client.Verify(request);
}