堆栈内存溢出
  简体   繁体   English

无法验证在 Go 中创建的 Java 中的 DSA 签名,反之亦然

[英]Can't verify a DSA signature in Java that was created in Go, and vice versa

 原文  2016-04-05 19:59:02       java/ go/ dsa

问题描述

I'm trying to verify a signature in Java that was created in Go, and vice versa.我正在尝试验证在 Go 中创建的 Java 签名,反之亦然。 However, in each case I'm getting no error, but false on the verify function.但是,在每种情况下,我都没有收到错误,但在验证功能上却是错误的。

The public and private key being used are the same, as are the parameters, I have checked this by passing the Java key data to Go, and using it to sign and verify the data - this works.使用的公钥和私钥是相同的,参数也是如此,我通过将 Java 密钥数据传递给 Go 并使用它来签名和验证数据来检查这一点 - 这有效。

I have also checked that the data being passed in (which is then MD5 hashed) is the same in both Java and Go, and that the resulting hash is the same (just in case) - they are.我还检查了传入的数据(然后是 MD5 散列)在 Java 和 Go 中是否相同,并且生成的散列是否相同(以防万一) - 它们是。

I know that Java uses the ASN1 encoding for it's signature, and I found a function to rebuild this from the separate R and S values provided by Go, and I used that as a template to split the ASN1 byte[] generated by Java into R and S values for Go.我知道 Java 使用 ASN1 编码作为它的签名,我找到了一个函数来从 Go 提供的单独的 R 和 S 值重建它,我用它作为模板将 Java 生成的 ASN1 byte[] 拆分为 R和 S 值。 In Java, if I split, and rebuild the ASN1 byte[], I can verify the signature, but no matter what I do, Go won't, and Java won't verify a signature signed by Go.在Java中,如果我拆分并重建ASN1 byte[],我可以验证签名,但是无论我做什么,Go都不会,Java也不会验证Go签署的签名。

Is there a difference in the versions of the DSA algorithm they use?他们使用的 DSA 算法的版本有区别吗? I see that Java uses SHA1withDSA and go mentions that it conforms to the FIPS 186-3 specitication我看到 Java 使用SHA1withDSA并提到它符合 FIPS 186-3 规范

2 个解决方案

解决方案1
 0  2016-04-05 20:15:10

You shouldn't have to handle splitting the ASN1 []bytes by hand, you should be using functions from the crypto pkg.您不必手动拆分 ASN1 [] 字节,您应该使用来自 crypto pkg 的函数。

https://golang.org/pkg/crypto/x509/#Certificate.CheckSignature looks like it takes a SignatureAlgorithm as an arg (and DSAWithSHA1 is a valid value). https://golang.org/pkg/crypto/x509/#Certificate.CheckSignature看起来像是将 SignatureAlgorithm 作为参数(并且 DSAWithSHA1 是有效值)。

解决方案2
 -1  2016-04-05 22:42:21

Ok, DSA may be different, but for RSA at least the solution was that Java didn't want the value to be hashed first (I guess it hashes internally) while GO did, changing the functions to use RSA rather than DSA and considering the above, this worked.好的,DSA 可能有所不同,但对于 RSA 而言,至少解决方案是 Java 不希望首先对值进行哈希处理(我猜它在内部进行了哈希处理),而 GO 则这样做了,将函数更改为使用 RSA 而不是 DSA 并考虑以上,这工作。

Verify rsa.SignPKCS1v15 signature generated in golang in Java 在Java中验证在golang中生成的rsa.SignPKCS1v15签名

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 无法在JAVA中验证签名,但在.NET中成功 - Can't verify signature in JAVA but success in .NET Java,Boolean是否可以从boolean赋值,反之亦然? - Java, can Boolean be assignedFrom boolean, and vice versa? 在Java中,有没有一种方法可以使我从JSONObject转到JSONStringer,反之亦然? - In Java, is there a way I could go from JSONObject to JSONStringer, or vice versa? 在Java中为什么不能直接将int赋给char? 但是反之亦然吗? - In java why we can't assign int to char directly??? but vice-versa is true? 验证由 Windows Crypto API 创建的 Java 签名 - Verify a signature in Java that is created by Windows Crypto API 使用Java验证Golang创建的签名 - Using Java to verify signature created in Golang Java中的最终类不应该是最终的,反之亦然? - Final classes in Java which shouldn't be final or vice versa? Java generics 问题 - 需要 T,提供捕获,反之亦然 - Java generics problem - required T, provided capture or vice-versa 是否可以从本地代码访问Java对象,反之亦然? - Can a java object be accessed from native code and vice versa? Flash SWF可以以任何方式与Java applet通信,反之亦然吗? - Can Flash SWF communicate with Java applet, and vice versa, in any way?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM