弹力城堡:每次运行时都带有独立的信封标志变化
[英]Bouncy Castle : Detached Enveloped Signature Changes at Every Run
问题描述
I am following the post generating and verifying digital signature . 
我正在跟踪生成和验证数字签名的帖子。 The Signed Data remains constant at all runs but Detached Enveloped Signature varies at every run. 在所有运行中,签名数据均保持不变,但在每次运行中,分离式信封签名都会变化。 How the same text generates different Detached Enveloped Signature? 同一文本如何生成不同的分离式信封签名?
1 个解决方案
解决方案1
2 已采纳 2014-03-19 09:06:49
To make the comments an answer... 为了使评论成为答案...
There are two major reasons why signatures of the same data by the same private key may vary. 相同私钥对相同数据的签名可能有所不同的主要原因有两个。
Signature algorithm induced variations 签名算法引起的变化
Certain signature algorithms, foremost DSA and ECDSA , explicitly base the signature creation on a randomly chosen value k . 某些签名算法,最重要的是DSA和ECDSA ,将签名创建显式地基于随机选择的值k 。 This "randomness" is required, the entropy, secrecy, and uniqueness of the random signature value k is critical. 需要这种“随机性”, 随机签名值 k 的熵,保密性和唯一性 至关重要。 It is so critical that violating any one of those three requirements can reveal the entire private key to an attacker. 至关重要的是,违反这三个要求中的任何一个都可以向攻击者透露整个私钥。 Using the same value twice (even while keeping k secret), using a predictable value, or leaking even a few bits of k in each of several signatures, is enough to break the algorithm. 两次使用相同的值(甚至在保持k秘密的情况下),使用可预测的值或在几个签名的每一个中甚至泄漏k的几位,都足以破坏算法。 The requirement can be fulfilled by an actually random k or by a k built in a deterministic way which also guarantees entropy, secrecy, and uniqueness, cf. 可以通过实际随机的k或通过以确定性方式构建的k来满足该要求,这也保证了熵,保密性和唯一性,参见。 RFC 6967 . RFC 6967 。
The OP, though, refers to code which uses RSA . 但是,OP是指使用RSA的代码。 This algorithm does not require such a random parameter (even though padding schemes may include randomness). 该算法不需要这样的随机参数(即使填充方案可能包含随机性)。
Signature attribute induced variations 签名属性引起的变化
Another reason for variations is that the signed data include more than just the document data. 产生变化的另一个原因是,签名数据不仅仅包含文档数据。
When talking about "signatures", often people do not merely mean the signing process byte array output but instead a signature container according to the CMS standard. 在谈论“签名”时,通常人们不仅指签名过程字节数组输出,而是指根据CMS标准的签名容器。
There may be multiple individual signatures in such a container, and each of them may have a number of unsigned or signed attributes. 在这样的容器中可能有多个单独的签名,并且每个签名都可以具有许多未签名或签名的属性。 As the name "signed attributes" implies, the signature value calculation includes these attributes, too. 顾名思义,“签名属性”意味着签名值计算也包括这些属性。
Very often these signed attributes include the signing time. 这些签名属性通常包括签名时间。 As the signing time normally varies in different signing runs, the actual signature value varies, too. 由于签名时间通常在不同的签名运行中有所不同,因此实际签名值也有所不同。
The OP uses CMS signature containers. OP使用CMS签名容器。 Thus, most likely this is the cause why the OP's signatures vary. 因此,最有可能的原因就是OP签名发生变化的原因。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.