1 Star 0 Fork 0

大雨大大 / PCNGateway-CSharp-SDK

Create your Gitee Account
Explore and code with more than 8 million developers,Free private repositories !:)
Sign up
Clone or Download
Cancel
Notice: Creating folder will generate an empty file .keep, because not support in Git
Loading...
readme.md

SDK Direction for calling

SDK in csharp

framework and key support

Currently, SDK in CSharp supports all framework and key combination applications on the official website

The details are as follows:

framework public key upload mode key trust mode
secp256r1 secp256k1 SM2 secp256r1 secp256k1 SM2
Fabric
FISCO-BCOS
XuperChain
Cita
  • Fabric framework application uses two modes: secret key escrow and secret key upload of secp256r1 and SM2;

  • Fisco-bcos framework uses two modes: secret key hosting and secret key uploading of secp256k1 and SM2;

  • Xuperchain framework application only supports SM2 key escrow mode;

  • CITA framework application only supports SM2 key escrow mode;

1. Before calling

DApp parameter

DApp parameters are obtained from Service Detail Page after the user participates in the application, or some parameters are set locally, including

  • __PCN gateway interface address: the calling address of PCN (public city node) gateway
  • User number: the number of the user
  • App number: number of participating applications
  • Public key: the public key of PCN gateway downloaded when user participates in the DApp
  • Private key: the public key generated by BSN DApps under Key-Trust Mode connects to the BSN successfully, and a private key will be generated corresponding to the public key uploaded for DApps under Public-Key-Upload Mode
  • __Https cert:__the Https certificate used when the Https gateway interface is invoked

Local parameters

  • cert directory: the directory used to store the user's private key and certificate generated by DApps under Public-Key-Upload Mode when the user's certificate registration is invoked

2. Preparation

Import the SDK package

Introduce the following package

using bsn_sdk_csharp;

Description of architechture

Certs:used for storing certs;
Csr:used to store the public library of generated CSR request files. Ecdsa:used to store the tools of ecdsa ECC; ETH:used to store eth tools;
Enum:used to store parameter enumeration;
Lib:used to store random number algorithm and AES and RSA encryption and decryption tools.
Models:used to define the message data structure of request and response of PCN gateway NodeExtends:includes the off-BSN system codes calling the PCN gateway API and the definition of HTTPS public request method. Protos:used to store assembly object in the transaction under Public-Key-Upload Mode.
Trans: used to store key assembled information of the transaction under Public-Key-Upload Mode. AppSetting.cs:used to define the parameters calling PCN gateway. Config.cs:used to configure the parameters calling PCN gateway.

Initialize config

An object can be initialized to store all the configuration information, which should be passed in at the time of invocation after being configured or read by the caller according to their respective project. In Config's 'Init' , the basic information of DApp is retrieved. Please do not call this operation frequently, because this interface will occupy your TPS and traffic. You can use a static object to store 'Config' in the project when you need it. It is important to note that when configuring the certificate, the certificate applied (that is, the certificate used for signing and verifying) is the direct transmission of the certificate content, while the certificate for Https is the certificate to the project root.

	reqUrl="" //PCN gateway address
	userCode="" //user code
	appCode ="" //DApp code
	AppPublicCert ="" //public key path
	UserAppPrivate ="" //private key path
	mspDir="" //cert directory
	var config = Config.NewMockConfig();

Call interface

Each gateway interface has encapsulated the parameter object of the request and response, which can be directly called just by assigning the value, and the operation of signing and checking the signature has been realized in the method.The following is the call operation for the registered child user, and others are similar.

	var config = Config.NewMockConfig();
            var res = NodeServer.RegisterUser(config, new bsn_sdk_csharp.Models.RegisterUserReqBody()
            {
                name = "test",
                secret = "123456"
            });

3.Other instructions

Description of the user identity certificate for DApp under Public-Key-Upload Mode

Since the user certificate needed by DApp under Public-Key-Upload Mode when calling the PCN gateway for transaction needs to be generated by the user himself locally, the process is: registered user -> registered user certificate. In the operation of registering a user certificate, a pair of keys are generated locally, the certificate's CSR file (certificate or DApp file) is exported through the key, and the user certificate is invoked. The registration interface gets a valid certificate that can be used to normally initiate a transaction through the processing interface of DApp under the Key-Trust Mode. When setting CN in the CSR file, do not register Name directly, the Name is assembled by by Name and AppCode in the format of 'nam@appcode'. This operation is in the function of NodeServer cs EnrollUser.

__The storage of certificates is implemented by CertStore in Csr and ECDSAStore in Ecdsa. This function only stores certificates in the format of local files if required. Other forms of certificate storage. To implement the specific interface, please refer to the specific code for details.

About encryption

In order to facilitate data encryption and decryption in the chain operation of data transaction, a symmetric encryption 'AES' and an asymmetric encryption 'RSA' algorithm are implemented in the SDK
Symmetric encryption for 'AES' is specifically called as follows.

	    /// <summary>
        /// AES encryption
        /// </summary>
        /// <param name="plainStr">Plaintext string</param>
        /// <param name="key">secret key</param>
        /// <returns>cipher</returns>
        public static string AESEncrypt(string encryptStr, string key)
        {
            try
            {
                byte[] keyArray = Encoding.UTF8.GetBytes(key);
                byte[] toEncryptArray = Encoding.UTF8.GetBytes(encryptStr);
                RijndaelManaged rDel = new RijndaelManaged();
                rDel.Key = keyArray;
                rDel.Mode = CipherMode.ECB;
                rDel.Padding = PaddingMode.PKCS7;
                ICryptoTransform cTransform = rDel.CreateEncryptor();
                byte[] resultArray = cTransform.TransformFinalBlock(toEncryptArray, 0, toEncryptArray.Length);
                return Convert.ToBase64String(resultArray, 0, resultArray.Length);
            }
            catch (Exception ex)
            {
                return null;
            }
        }
	    //// <summary>
        /// AES decryption
        /// </summary>
        /// <param name="plainStr">Ciphertext string</param>
        /// <param name="key">secret key</param>
        /// <returns>plaintext</returns>
        public static string AESDEncrypt(string encryptStr, string key)
        {
            try
            {
                byte[] keyArray = Encoding.UTF8.GetBytes(key);
                byte[] toEncryptArray = Convert.FromBase64String(encryptStr);
                RijndaelManaged rDel = new RijndaelManaged();
                rDel.Key = keyArray;
                rDel.Mode = CipherMode.ECB;
                rDel.Padding = PaddingMode.PKCS7;
                ICryptoTransform cTransform = rDel.CreateDecryptor();
                byte[] resultArray = cTransform.TransformFinalBlock(toEncryptArray, 0, toEncryptArray.Length);
                return Encoding.UTF8.GetString(resultArray);
            }
            catch (Exception ex)
            {
                return null;
            }
        }

Asymmetric encryption 'RSA', the details are as follows. In this function, both SM2 signature and verified signature are made.

Asymmetric encryption is encrypted by the public key and decrypted by the private key.

	/// <summary>
        /// rsa encryption
        /// </summary>
        /// <param name="xmlPublicKey"></param>
        /// <param name="content"></param>
        /// <returns></returns>
        public static string RSAEncrypt(string xmlPublicKey, string content)
        {
            string encryptedContent = string.Empty;
            using (RSACryptoServiceProvider rsa = new RSACryptoServiceProvider())
            {
                rsa.FromXmlString(xmlPublicKey);
                byte[] encryptedData = rsa.Encrypt(Encoding.Default.GetBytes(content), false);
                encryptedContent = Convert.ToBase64String(encryptedData);
            }
            return encryptedContent;
        }
		/// <summary>
        /// rsa decryption
        /// </summary>
        /// <param name="xmlPrivateKey"></param>
        /// <param name="content"></param>
        /// <returns></returns>
        public static string RSADecrypt(string xmlPrivateKey, string content)

        {
            string decryptedContent = string.Empty;

            using (RSACryptoServiceProvider rsa = new RSACryptoServiceProvider())

            {
                rsa.FromXmlString(xmlPrivateKey);

                byte[] decryptedData = rsa.Decrypt(Convert.FromBase64String(content), false);

                decryptedContent = Encoding.UTF8.GetString(decryptedData);
            }

            return decryptedContent;
        }

About key generation

In BSN, the encryption algorithm of 'fabric' framework is ECDSAsecp256r1, while encryption algorithm of 'fisco-bcos' framework is' SM2'. When a user participates in the DApp under Public-Key-Upload Mode, a key of the corresponding encryption algorithm needs to be generated and uploaded.The generation of these two keys is described below. Keys are generated using 'openssl', where the generation of 'SM2' key requires the version 1.1.1 of 'openssl' or above.

Note: the following commands are executed in a Linux environment.

1. How the keys of ECDSA(secp256r1) are generated
  • Generate a private key
openssl ecparam -name prime256v1 -genkey -out key.pem
  • Export the public key
openssl ec -in key.pem -pubout -out pub.pem
  • Export the private key in pkcs8 format

Since it is convenient to use the key of pkcs8 format in some languages, you can export the pkcs8 format private key using the following command The private key used in this SDK is in the form of pkcs8

openssl pkcs8 -topk8 -inform PEM -in key.pem -outform PEM -nocrypt -out key_pkcs8.pem

Three files can be generated from the command above. key.pem :Private key pub.pem :Public key
key_pkcs8.pem :Private key pkcs8 format

2.Generate a key of SM2 format

First you need to check whether the version of 'openssl' supports' SM2 'format secret key generation using the following command

openssl ecparam -list_curves | grep SM2

Support if you output the following,

SM2       : SM2 curve over a 256 bit prime field

Otherwise, you need to download version 1.1.1 or above. This is the version 1.1.1d. Download address:https://www.openssl.org/source/openssl-1.1.1d.tar.gz

  • Generate a private key
openssl ecparam -genkey -name SM2 -out sm2PriKey.pem
  • Export the public key
openssl ec -in sm2PriKey.pem -pubout -out sm2PubKey.pem
  • Export the private key in pkcs8 format

Since it is convenient to use the pkcs8 format key in some languages, you can export the pkcs8 format private key using the following command.
The private key used in this SDK is in the form of pkcs8

openssl pkcs8 -topk8 -inform PEM -in sm2PriKey.pem -outform pem -nocrypt -out sm2PriKeyPkcs8.pem

Three files can be generated from the above command sm2PriKey.pem :Private key
sm2PubKey.pem :Public key
sm2PriKeyPkcs8.pem :pkcs8 format private key

Repository Comments ( 0 )

Sign in to post a comment

About

BSN c# sdk Github 镜像 PCNGateway-CSharp-SDK https://github.com/BSNDA/PCNGateway-CSharp-SDK expand collapse
C#
Apache-2.0
Cancel

Releases

No release

Contributors

All

Activities

Load More
can not load any more
1
https://git.oschina.net/dayudada/pcngateway-csharp-sdk.git
git@git.oschina.net:dayudada/pcngateway-csharp-sdk.git
dayudada
pcngateway-csharp-sdk
PCNGateway-CSharp-SDK
master

Search