如何解密X509证书签名
[英]How do I decrypt X509 Certificate Signature
问题描述
Given a certificate and CA's public key, I want to decrypt the signature part only to use it for verification. 
给定证书和CA的公钥,我只想将签名部分解密才能用于验证。 The RSA signature decryption is defined as: H'=s^e mod n where s is the signature. RSA签名解密定义为: H'=s^e mod n其中s是签名。 I did this decryption manually using BigInteger as the following code but it doesn't seem alright because the result doesn't look the same when I generate the SHA1 hash value of the certificate (using getTBSCertificate() method). 我使用BigInteger作为以下代码手动进行了解密,但它似乎并不正确,因为当生成证书的SHA1哈希值(使用getTBSCertificate()方法)时,结果看起来并不相同。 Is there a java class that takes (a certificate + CA's public key) and produce the decrypted signature. 是否有一个Java类接收(证书+ CA的公钥)并产生解密的签名。
File f= new File("/Users/AA/Desktop/InCommonServerCA"); // path for CA certificate
CertificateFactory cf = CertificateFactory.getInstance("X.509");
BufferedInputStream in = new BufferedInputStream(new FileInputStream(f));
Certificate certCA = cf.generateCertificate(in);
RSAPublicKey pub = (RSAPublicKey) certCA.getPublicKey();
BigInteger n= pub.getModulus(); // to get the CA's modulus (n)
BigInteger e=pub.getPublicExponent(); // to get the CA's exponent (e)
in.close();
// implement `H'=s^e mod n`
BigInteger h1, signature;
signature= new BigInteger(x509cert.getSignature());
h1=signature.modPow(e, n);
1 个解决方案
解决方案1
1 已采纳 2014-02-21 21:27:13
You only have to call Certificate.verify(). 您只需要调用Certificate.verify()。
There is no such thing as decrypting a digital signature. 没有解密数字签名这样的事情。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.