[英]Verifying private and public RSA keys match
I've loaded two keys and I want to verify them after I've signed something with one of them, but I a having difficulties. 我已经加载了两个密钥,我想在与其中一个签名后进行验证,但是我遇到了困难。 I am getting "verified: false" at the end without any error. 最后我得到“验证:错误”,没有任何错误。 Can someone please point out the flaw? 有人可以指出缺陷吗?
package fliesigning;
import static fliesigning.FlieSigning.verifySig;
import java.io.*;
import java.nio.ByteBuffer;
import java.security.*;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.math.BigInteger;
import java.security.Provider;
import java.security.Security;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.RSAPrivateKeySpec;
import java.security.spec.RSAPublicKeySpec;
import javax.crypto.Cipher;
import org.apache.commons.codec.binary.Base64;
public class Signing {
private static final String BEGIN_RSA_PRIVATE_KEY = "<PRIVATE KEY>";
private static final String BEGIN_RSA_PUBLIC_KEY = "<PUBLIC KEY>";
public static void main(String[] args) throws Exception {
// Remove the first and last lines
String privKeyPEM = BEGIN_RSA_PRIVATE_KEY.replace("-----BEGIN RSA PRIVATE KEY-----\n", "");
privKeyPEM = privKeyPEM.replace("-----END RSA PRIVATE KEY-----", "");
System.out.println(privKeyPEM);
String publicKeyPEM = BEGIN_RSA_PUBLIC_KEY.replace("-----BEGIN PUBLIC KEY-----\n", "");
publicKeyPEM = publicKeyPEM.replace("-----END PUBLIC KEY-----", "");
System.out.println(publicKeyPEM);
// Base64 decode the data
Base64 b64 = new Base64();
byte [] encoded = b64.decode(privKeyPEM);
byte [] encoded_pub = b64.decode(publicKeyPEM);
// PKCS8 decode the encoded RSA private key
PKCS8EncodedKeySpec privateKeySpec = new PKCS8EncodedKeySpec(encoded);
KeyFactory kf = KeyFactory.getInstance("RSA");
PrivateKey privKey = kf.generatePrivate(privateKeySpec);
X509EncodedKeySpec publicKeySpec = new X509EncodedKeySpec(encoded_pub);
KeyFactory pk = KeyFactory.getInstance("RSA");
PublicKey publicKey = pk.generatePublic(publicKeySpec);
// Display the results
System.out.println(privKey);
String file = "qwerty";
byte[] fileBytes = file.getBytes();
byte[] digitalSignature = signData(fileBytes, privKey);
System.out.println("SIGNATURE MADE");
boolean verified;
verified = verifySig(fileBytes, publicKey, digitalSignature);
System.out.println("verified: " + verified) ;
}
public static byte[] signData(byte[] data, PrivateKey key) throws Exception {
Signature signer = Signature.getInstance("SHA256withRSA");
signer.initSign(key);
signer.update(data);
return (signer.sign());
}
public static boolean verifySig(byte[] data, PublicKey key, byte[] sig) throws Exception {
Signature signer = Signature.getInstance("SHA256withRSA");
signer.initVerify(key);
signer.update(data);
return (signer.verify(sig));
}
}
Your code appears to work fine, it must be that your keys actually don't match. 您的代码看起来可以正常工作,这必须是您的密钥实际上不匹配。 I created some test keys using: 我使用以下命令创建了一些测试键:
openssl genrsa -out priv.pem
(create basic RSA private key) (创建基本的RSA私钥)
openssl rsa -in priv.pem -pubout -out pub.pem
(extract public key) (提取公钥)
openssl pkcs8 -in priv.pem -out pk8.pem -topk8 -nocrypt
(convert private key to unencrypted PKCS#8 format) (将私钥转换为未加密的PKCS#8格式)
This gave me two files to test with: pk8.pem
and pub.pem
. 这给了我两个文件进行测试: pk8.pem
和pub.pem
。 I changed your code slightly so that the begin and end markers were -----BEGIN PRIVATE KEY-----
and -----END PRIVATE KEY-----
. 我稍稍更改了您的代码,以使开始和结束标记为-----BEGIN PRIVATE KEY-----
和-----END PRIVATE KEY-----
。
The verification passed successfully. 验证成功通过。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.