Currently, SDK in CSharp supports all framework and key combination applications on the official website
The details are as follows:
| framework | public key upload mode | key trust mode | ||||
|---|---|---|---|---|---|---|
| secp256r1 | secp256k1 | SM2 | secp256r1 | secp256k1 | SM2 | |
| Fabric | √ | √ | √ | √ | ||
| FISCO-BCOS | √ | √ | √ | √ | ||
| XuperChain | √ | |||||
| Cita | √ | |||||
-
Fabric framework application uses two modes: secret key escrow and secret key upload of secp256r1 and SM2;
-
Fisco-bcos framework uses two modes: secret key hosting and secret key uploading of secp256k1 and SM2;
-
Xuperchain framework application only supports SM2 key escrow mode;
-
CITA framework application only supports SM2 key escrow mode;
DApp parameters are obtained from Service Detail Page after the user participates in the application, or some parameters are set locally, including
- __PCN gateway interface address: the calling address of PCN (public city node) gateway
- User number: the number of the user
- App number: number of participating applications
- Public key: the public key of PCN gateway downloaded when user participates in the DApp
- Private key: the public key generated by BSN DApps under Key-Trust Mode connects to the BSN successfully, and a private key will be generated corresponding to the public key uploaded for DApps under Public-Key-Upload Mode
- __Https cert:__the Https certificate used when the Https gateway interface is invoked
- cert directory: the directory used to store the user's private key and certificate generated by DApps under Public-Key-Upload Mode when the user's certificate registration is invoked
Introduce the following package
using bsn_sdk_csharp;
Certs:used for storing certs;
Csr:used to store the public library of generated CSR request files.
Ecdsa:used to store the tools of ecdsa ECC;
ETH:used to store eth tools;
Enum:used to store parameter enumeration;
Lib:used to store random number algorithm and AES and RSA encryption and decryption tools.
Models:used to define the message data structure of request and response of PCN gateway
NodeExtends:includes the off-BSN system codes calling the PCN gateway API and the definition of HTTPS public request method.
Protos:used to store assembly object in the transaction under Public-Key-Upload Mode.
Trans: used to store key assembled information of the transaction under Public-Key-Upload Mode.
AppSetting.cs:used to define the parameters calling PCN gateway.
Config.cs:used to configure the parameters calling PCN gateway.
An object can be initialized to store all the configuration information, which should be passed in at the time of invocation after being configured or read by the caller according to their respective project. In Config's 'Init' , the basic information of DApp is retrieved. Please do not call this operation frequently, because this interface will occupy your TPS and traffic. You can use a static object to store 'Config' in the project when you need it. It is important to note that when configuring the certificate, the certificate applied (that is, the certificate used for signing and verifying) is the direct transmission of the certificate content, while the certificate for Https is the certificate to the project root.
reqUrl="" //PCN gateway address
userCode="" //user code
appCode ="" //DApp code
AppPublicCert ="" //public key path
UserAppPrivate ="" //private key path
mspDir="" //cert directory
var config = Config.NewMockConfig();
Each gateway interface has encapsulated the parameter object of the request and response, which can be directly called just by assigning the value, and the operation of signing and checking the signature has been realized in the method.The following is the call operation for the registered child user, and others are similar.
var config = Config.NewMockConfig();
var res = NodeServer.RegisterUser(config, new bsn_sdk_csharp.Models.RegisterUserReqBody()
{
name = "test",
secret = "123456"
});
Since the user certificate needed by DApp under Public-Key-Upload Mode when calling the PCN gateway for transaction needs to be generated by the user himself locally, the process is: registered user -> registered user certificate.
In the operation of registering a user certificate, a pair of keys are generated locally, the certificate's CSR file (certificate or DApp file) is exported through the key, and the user certificate is invoked. The registration interface gets a valid certificate that can be used to normally initiate a transaction through the processing interface of DApp under the Key-Trust Mode.
When setting CN in the CSR file, do not register Name directly, the Name is assembled by by Name and AppCode in the format of 'nam@appcode'.
This operation is in the function of NodeServer cs EnrollUser.
__The storage of certificates is implemented by CertStore in Csr and ECDSAStore in Ecdsa. This function only stores certificates in the format of local files if required. Other forms of certificate storage. To implement the specific interface, please refer to the specific code for details.
In order to facilitate data encryption and decryption in the chain operation of data transaction, a symmetric encryption 'AES' and an asymmetric encryption 'RSA' algorithm are implemented in the SDK
Symmetric encryption for 'AES' is specifically called as follows.
/// <summary>
/// AES encryption
/// </summary>
/// <param name="plainStr">Plaintext string</param>
/// <param name="key">secret key</param>
/// <returns>cipher</returns>
public static string AESEncrypt(string encryptStr, string key)
{
try
{
byte[] keyArray = Encoding.UTF8.GetBytes(key);
byte[] toEncryptArray = Encoding.UTF8.GetBytes(encryptStr);
RijndaelManaged rDel = new RijndaelManaged();
rDel.Key = keyArray;
rDel.Mode = CipherMode.ECB;
rDel.Padding = PaddingMode.PKCS7;
ICryptoTransform cTransform = rDel.CreateEncryptor();
byte[] resultArray = cTransform.TransformFinalBlock(toEncryptArray, 0, toEncryptArray.Length);
return Convert.ToBase64String(resultArray, 0, resultArray.Length);
}
catch (Exception ex)
{
return null;
}
}
//// <summary>
/// AES decryption
/// </summary>
/// <param name="plainStr">Ciphertext string</param>
/// <param name="key">secret key</param>
/// <returns>plaintext</returns>
public static string AESDEncrypt(string encryptStr, string key)
{
try
{
byte[] keyArray = Encoding.UTF8.GetBytes(key);
byte[] toEncryptArray = Convert.FromBase64String(encryptStr);
RijndaelManaged rDel = new RijndaelManaged();
rDel.Key = keyArray;
rDel.Mode = CipherMode.ECB;
rDel.Padding = PaddingMode.PKCS7;
ICryptoTransform cTransform = rDel.CreateDecryptor();
byte[] resultArray = cTransform.TransformFinalBlock(toEncryptArray, 0, toEncryptArray.Length);
return Encoding.UTF8.GetString(resultArray);
}
catch (Exception ex)
{
return null;
}
}
Asymmetric encryption 'RSA', the details are as follows. In this function, both SM2 signature and verified signature are made.
Asymmetric encryption is encrypted by the public key and decrypted by the private key.
/// <summary>
/// rsa encryption
/// </summary>
/// <param name="xmlPublicKey"></param>
/// <param name="content"></param>
/// <returns></returns>
public static string RSAEncrypt(string xmlPublicKey, string content)
{
string encryptedContent = string.Empty;
using (RSACryptoServiceProvider rsa = new RSACryptoServiceProvider())
{
rsa.FromXmlString(xmlPublicKey);
byte[] encryptedData = rsa.Encrypt(Encoding.Default.GetBytes(content), false);
encryptedContent = Convert.ToBase64String(encryptedData);
}
return encryptedContent;
}
/// <summary>
/// rsa decryption
/// </summary>
/// <param name="xmlPrivateKey"></param>
/// <param name="content"></param>
/// <returns></returns>
public static string RSADecrypt(string xmlPrivateKey, string content)
{
string decryptedContent = string.Empty;
using (RSACryptoServiceProvider rsa = new RSACryptoServiceProvider())
{
rsa.FromXmlString(xmlPrivateKey);
byte[] decryptedData = rsa.Decrypt(Convert.FromBase64String(content), false);
decryptedContent = Encoding.UTF8.GetString(decryptedData);
}
return decryptedContent;
}
In BSN, the encryption algorithm of 'fabric' framework is ECDSAsecp256r1, while encryption algorithm of 'fisco-bcos' framework is' SM2'. When a user participates in the DApp under Public-Key-Upload Mode, a key of the corresponding encryption algorithm needs to be generated and uploaded.The generation of these two keys is described below. Keys are generated using 'openssl', where the generation of 'SM2' key requires the version 1.1.1 of 'openssl' or above.
Note: the following commands are executed in a Linux environment.
- Generate a private key
openssl ecparam -name prime256v1 -genkey -out key.pem
- Export the public key
openssl ec -in key.pem -pubout -out pub.pem
- Export the private key in pkcs8 format
Since it is convenient to use the key of pkcs8 format in some languages, you can export the pkcs8 format private key using the following command The private key used in this SDK is in the form of pkcs8
openssl pkcs8 -topk8 -inform PEM -in key.pem -outform PEM -nocrypt -out key_pkcs8.pem
Three files can be generated from the command above.
key.pem :Private key
pub.pem :Public key
key_pkcs8.pem :Private key pkcs8 format
First you need to check whether the version of 'openssl' supports' SM2 'format secret key generation using the following command
openssl ecparam -list_curves | grep SM2
Support if you output the following,
SM2 : SM2 curve over a 256 bit prime field
Otherwise, you need to download version 1.1.1 or above. This is the version 1.1.1d. Download address:https://www.openssl.org/source/openssl-1.1.1d.tar.gz
- Generate a private key
openssl ecparam -genkey -name SM2 -out sm2PriKey.pem
- Export the public key
openssl ec -in sm2PriKey.pem -pubout -out sm2PubKey.pem
- Export the private key in pkcs8 format
Since it is convenient to use the pkcs8 format key in some languages, you can export the pkcs8 format private key using the following command.
The private key used in this SDK is in the form of pkcs8
openssl pkcs8 -topk8 -inform PEM -in sm2PriKey.pem -outform pem -nocrypt -out sm2PriKeyPkcs8.pem
Three files can be generated from the above command
sm2PriKey.pem :Private key
sm2PubKey.pem :Public key
sm2PriKeyPkcs8.pem :pkcs8 format private key