由网友(xx坠入梦境)分享简介：这可能是 http://crypto.stackexchange.com 的一个问题，但我想我会尝试在这里第一次作为答案可能涉及到.NET，而不是加密算法本身。在的RSACryptoServiceProvider类，有一个方法 SignHash ，其中：通过使用私钥加密来计算指定的散列值的签名。第一个参数是数据的哈希值...

这可能是 http://crypto.stackexchange.com 的一个问题，但我想我会尝试在这里第一次作为答案可能涉及到.NET，而不是加密算法本身。

在的RSACryptoServiceProvider类，有一个方法 SignHash ，其中：

  

通过使用私钥加密来计算指定的散列值的签名。

第一个参数是数据的哈希值（这似乎是公平的），但第二个是一个字符串，说明用于创建散列值的算法。

现在的问题是为什么散列算法有关系吗？当然，所有的方法需要做的是给定的值用其私有密钥加密，并返回结果？如果它确实需要知道，为什么不的RSACryptoServiceProvider有一个方法，就是这样做的（以及相应的检验方法）？

解决方案

由于铱星是他们让我在这里沿着正确的思路思考。

收件人得到两件事情：

的消息 的签名（加密的发件人的私钥）

要验证邮件，收件人需要使用发送者的公钥对签名进行解密，并检查对邮件的哈希值。

如果散列算法是不指定收件人，他们没有办法知道如何散列消息，所以他们无法验证它。

所以算法必须指定收件人。

为了对于要由发送方（谁知道签名是如何被创建的），而不是由任何人修改指定的散列算法，它需要被包括在签名的内部，和加密一起散列

因此，为了创建一个有用的签名，散列算法需要指定加密散列时。

This may be a question for http://crypto.stackexchange.com, but I thought I'd try it here first as the answer may relate to .NET rather than the encryption algorithm itself.

In the RSACryptoServiceProvider class, there's a method SignHash, which:

Computes the signature for the specified hash value by encrypting it with the private key.

The first argument is the hash value of the data (which seems fair), but the second is a string stating the algorithm used to create the hash value.

The question is why does the hash algorithm matter? Surely all the method needs to do is encrypt the given value using its private key and return the result? And if it really does need to know, why doesn't RSACryptoServiceProvider have a method which does just that (Along with an appropriate Verify method)?

解决方案

Thanks to Iridium for getting me thinking along the right lines here.

The recipient gets two things:

The message The signature (encrypted by sender's private key)

To verify the message, the recipient is required to decrypt the signature using the sender's public key, and check that against the hash of the message.

If the hash algorithm isn't specified to the recipient, they have no way of knowing how to hash the message, so they can't verify it.

So the algorithm must be specified to the recipient.

In order for the hash algorithm to be specified by the sender (who knows how the signature was created), and not modifiable by anyone else, it needs to be included inside the signature, and encrypted alongside the hash.

So in order to create a useful signature, the hashing algorithm needs to be specified when encrypting the hash.