使用 Java 的 SHA256withDSA 的 X509Certificate 中错误的验证签名算法
[英]Wrong vertificate signature algorithm in X509Certificate for SHA256withDSA using Java
问题描述
I am having certificate with key type DSA, bit length 1024, Signature algorithm SHA256:
我有密钥类型为 DSA、位长为 1024、签名算法为 SHA256 的证书:
I am converting it to X509Certificate in java.我正在将其转换为 Java 中的 X509Certificate。 When I am trying to get signature algorithm from X509Certificate I am getting something like 2.16.840.1.101.3.4.3.2.当我试图从 X509Certificate 获取签名算法时,我得到了类似2.16.840.1.101.3.4.3.2 的东西。
CertificateFactory factory=CertificateFactory.getInstance("X.509");
X509Certificate cert=(X509Certificate) factory.generateCertificate(inputStream);
System.out.println(cert.getSigAlgName());
Above method working for all other type (getting name correctly as SHA256withRSA ).以上方法适用于所有其他类型(正确获取名称为SHA256withRSA )。 Not working for SHA256withDSA (getting 2.16.840.1.101.3.4.3.2 Expecting SHA256withDSA ).不适用于 SHA256withDSA(获得 2.16.840.1.101.3.4.3.2 预期SHA256withDSA )。 How can I get correct signature algorithm from certificate?如何从证书中获取正确的签名算法? Is there any other way to do it?有没有其他方法可以做到?
2 个解决方案
解决方案1
0 2018-10-08 13:15:31
According X.509 specification Section 4.1.2.3根据X.509 规范第 4.1.2.3 节
This field contains the algorithm identifier for the algorithm used by the CA to sign the certificate.
This field MUST contain the same algorithm identifier as the signatureAlgorithm field in the sequence Certificate (Section 4.1.1.2).
It's means X509Certificate#getSigAlgName returned algorithm used by the CA to sign the certificate, not algorithm used by end user (from current certificate) to sign data/document .这意味着X509Certificate#getSigAlgName返回 CA 用于签署证书的算法,而不是最终用户(来自当前证书)用于签署 data/document 的算法。
If you need take end-user algorithm, you must using another way.如果您需要采取最终用户算法,则必须使用另一种方式。
Eventually you can use one certificate for differents compatible signature algorithms.最终,您可以为不同的兼容签名算法使用一个证书。 Example: RSA certificate for SHA1withRSA and SHA256withRSA示例: SHA1withRSA和SHA256withRSA RSA证书
解决方案2
-1 2015-06-10 08:48:28
Here is the code I tried in Eclipse:这是我在 Eclipse 中尝试的代码:
InputStream inStream = null;
try {
inStream = new FileInputStream("<cert-file-name-with-path>");
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509Certificate cert = (X509Certificate)cf.generateCertificate(inStream);
System.out.println("##"+cert.getSigAlgName()+"##"+cert.getSigAlgOID()+"##"+cert.getType());
} finally {
if (inStream != null) {
inStream.close();
}
}
Output:输出:
SHA256withDSA##2.16.840.1.101.3.4.3.2##X.509 SHA256withDSA##2.16.840.1.101.3.4.3.2##X.509
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.