代码拉取完成,页面将自动刷新
Currently, SDK in CSharp supports all framework and key combination applications on the official website
The details are as follows:
| framework | public key upload mode | key trust mode | ||||
|---|---|---|---|---|---|---|
| secp256r1 | secp256k1 | SM2 | secp256r1 | secp256k1 | SM2 | |
| Fabric | √ | √ | √ | √ | ||
| FISCO-BCOS | √ | √ | √ | √ | ||
| XuperChain | √ | |||||
| Cita | √ | |||||
Fabric framework application uses two modes: secret key escrow and secret key upload of secp256r1 and SM2;
Fisco-bcos framework uses two modes: secret key hosting and secret key uploading of secp256k1 and SM2;
Xuperchain framework application only supports SM2 key escrow mode;
CITA framework application only supports SM2 key escrow mode;
DApp parameters are obtained from Service Detail Page after the user participates in the application, or some parameters are set locally, including
Introduce the following package
using bsn_sdk_csharp;
Certs:used for storing certs;
Csr:used to store the public library of generated CSR request files.
Ecdsa:used to store the tools of ecdsa ECC;
ETH:used to store eth tools;
Enum:used to store parameter enumeration;
Lib:used to store random number algorithm and AES and RSA encryption and decryption tools.
Models:used to define the message data structure of request and response of PCN gateway
NodeExtends:includes the off-BSN system codes calling the PCN gateway API and the definition of HTTPS public request method.
Protos:used to store assembly object in the transaction under Public-Key-Upload Mode.
Trans: used to store key assembled information of the transaction under Public-Key-Upload Mode.
AppSetting.cs:used to define the parameters calling PCN gateway.
Config.cs:used to configure the parameters calling PCN gateway.
An object can be initialized to store all the configuration information, which should be passed in at the time of invocation after being configured or read by the caller according to their respective project. In Config's 'Init' , the basic information of DApp is retrieved. Please do not call this operation frequently, because this interface will occupy your TPS and traffic. You can use a static object to store 'Config' in the project when you need it. It is important to note that when configuring the certificate, the certificate applied (that is, the certificate used for signing and verifying) is the direct transmission of the certificate content, while the certificate for Https is the certificate to the project root.
reqUrl="" //PCN gateway address
userCode="" //user code
appCode ="" //DApp code
AppPublicCert ="" //public key path
UserAppPrivate ="" //private key path
mspDir="" //cert directory
var config = Config.NewMockConfig();
Each gateway interface has encapsulated the parameter object of the request and response, which can be directly called just by assigning the value, and the operation of signing and checking the signature has been realized in the method.The following is the call operation for the registered child user, and others are similar.
var config = Config.NewMockConfig();
var res = NodeServer.RegisterUser(config, new bsn_sdk_csharp.Models.RegisterUserReqBody()
{
name = "test",
secret = "123456"
});
Since the user certificate needed by DApp under Public-Key-Upload Mode when calling the PCN gateway for transaction needs to be generated by the user himself locally, the process is: registered user -> registered user certificate.
In the operation of registering a user certificate, a pair of keys are generated locally, the certificate's CSR file (certificate or DApp file) is exported through the key, and the user certificate is invoked. The registration interface gets a valid certificate that can be used to normally initiate a transaction through the processing interface of DApp under the Key-Trust Mode.
When setting CN in the CSR file, do not register Name directly, the Name is assembled by by Name and AppCode in the format of 'nam@appcode'.
This operation is in the function of NodeServer cs EnrollUser.
__The storage of certificates is implemented by CertStore in Csr and ECDSAStore in Ecdsa. This function only stores certificates in the format of local files if required. Other forms of certificate storage. To implement the specific interface, please refer to the specific code for details.
In order to facilitate data encryption and decryption in the chain operation of data transaction, a symmetric encryption 'AES' and an asymmetric encryption 'RSA' algorithm are implemented in the SDK
Symmetric encryption for 'AES' is specifically called as follows.
/// <summary>
/// AES encryption
/// </summary>
/// <param name="plainStr">Plaintext string</param>
/// <param name="key">secret key</param>
/// <returns>cipher</returns>
public static string AESEncrypt(string encryptStr, string key)
{
try
{
byte[] keyArray = Encoding.UTF8.GetBytes(key);
byte[] toEncryptArray = Encoding.UTF8.GetBytes(encryptStr);
RijndaelManaged rDel = new RijndaelManaged();
rDel.Key = keyArray;
rDel.Mode = CipherMode.ECB;
rDel.Padding = PaddingMode.PKCS7;
ICryptoTransform cTransform = rDel.CreateEncryptor();
byte[] resultArray = cTransform.TransformFinalBlock(toEncryptArray, 0, toEncryptArray.Length);
return Convert.ToBase64String(resultArray, 0, resultArray.Length);
}
catch (Exception ex)
{
return null;
}
}
//// <summary>
/// AES decryption
/// </summary>
/// <param name="plainStr">Ciphertext string</param>
/// <param name="key">secret key</param>
/// <returns>plaintext</returns>
public static string AESDEncrypt(string encryptStr, string key)
{
try
{
byte[] keyArray = Encoding.UTF8.GetBytes(key);
byte[] toEncryptArray = Convert.FromBase64String(encryptStr);
RijndaelManaged rDel = new RijndaelManaged();
rDel.Key = keyArray;
rDel.Mode = CipherMode.ECB;
rDel.Padding = PaddingMode.PKCS7;
ICryptoTransform cTransform = rDel.CreateDecryptor();
byte[] resultArray = cTransform.TransformFinalBlock(toEncryptArray, 0, toEncryptArray.Length);
return Encoding.UTF8.GetString(resultArray);
}
catch (Exception ex)
{
return null;
}
}
Asymmetric encryption 'RSA', the details are as follows. In this function, both SM2 signature and verified signature are made.
Asymmetric encryption is encrypted by the public key and decrypted by the private key.
/// <summary>
/// rsa encryption
/// </summary>
/// <param name="xmlPublicKey"></param>
/// <param name="content"></param>
/// <returns></returns>
public static string RSAEncrypt(string xmlPublicKey, string content)
{
string encryptedContent = string.Empty;
using (RSACryptoServiceProvider rsa = new RSACryptoServiceProvider())
{
rsa.FromXmlString(xmlPublicKey);
byte[] encryptedData = rsa.Encrypt(Encoding.Default.GetBytes(content), false);
encryptedContent = Convert.ToBase64String(encryptedData);
}
return encryptedContent;
}
/// <summary>
/// rsa decryption
/// </summary>
/// <param name="xmlPrivateKey"></param>
/// <param name="content"></param>
/// <returns></returns>
public static string RSADecrypt(string xmlPrivateKey, string content)
{
string decryptedContent = string.Empty;
using (RSACryptoServiceProvider rsa = new RSACryptoServiceProvider())
{
rsa.FromXmlString(xmlPrivateKey);
byte[] decryptedData = rsa.Decrypt(Convert.FromBase64String(content), false);
decryptedContent = Encoding.UTF8.GetString(decryptedData);
}
return decryptedContent;
}
In BSN, the encryption algorithm of 'fabric' framework is ECDSAsecp256r1, while encryption algorithm of 'fisco-bcos' framework is' SM2'. When a user participates in the DApp under Public-Key-Upload Mode, a key of the corresponding encryption algorithm needs to be generated and uploaded.The generation of these two keys is described below. Keys are generated using 'openssl', where the generation of 'SM2' key requires the version 1.1.1 of 'openssl' or above.
Note: the following commands are executed in a Linux environment.
openssl ecparam -name prime256v1 -genkey -out key.pem
openssl ec -in key.pem -pubout -out pub.pem
Since it is convenient to use the key of pkcs8 format in some languages, you can export the pkcs8 format private key using the following command The private key used in this SDK is in the form of pkcs8
openssl pkcs8 -topk8 -inform PEM -in key.pem -outform PEM -nocrypt -out key_pkcs8.pem
Three files can be generated from the command above.
key.pem :Private key
pub.pem :Public key
key_pkcs8.pem :Private key pkcs8 format
SM2 formatFirst you need to check whether the version of 'openssl' supports' SM2 'format secret key generation using the following command
openssl ecparam -list_curves | grep SM2
Support if you output the following,
SM2 : SM2 curve over a 256 bit prime field
Otherwise, you need to download version 1.1.1 or above. This is the version 1.1.1d. Download address:https://www.openssl.org/source/openssl-1.1.1d.tar.gz
openssl ecparam -genkey -name SM2 -out sm2PriKey.pem
openssl ec -in sm2PriKey.pem -pubout -out sm2PubKey.pem
Since it is convenient to use the pkcs8 format key in some languages, you can export the pkcs8 format private key using the following command.
The private key used in this SDK is in the form of pkcs8
openssl pkcs8 -topk8 -inform PEM -in sm2PriKey.pem -outform pem -nocrypt -out sm2PriKeyPkcs8.pem
Three files can be generated from the above command
sm2PriKey.pem :Private key
sm2PubKey.pem :Public key
sm2PriKeyPkcs8.pem :pkcs8 format private key
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。