堆栈内存溢出
  简体   繁体   English

验证RSA SHA256签名无法从证书获取私钥

[英]Verifying RSA SHA256 signature fails getting private key from certificate

 原文  2016-05-28 18:44:51       java/ cryptography/ certificate/ rsa/ private-key

问题描述

I'm trying to verify a data string and its RSA-SHA256 signature received from a webservice and I'm completely stuck loading the private/public key from the certificate. 我正在尝试验证从Web服务接收到的数据字符串及其RSA-SHA256签名,并且完全无法从证书中加载私钥/公钥。

I have the following code to retrieve info from the cer file, I think that is in a DER format because it's not in the typical base64 encoded: 我有以下代码从cer文件中检索信息,我认为它是DER格式的,因为它不是典型的base64编码的: 

InputStream in = new FileInputStream(path1);
CertificateFactory factory = CertificateFactory.getInstance("X.509");
X509Certificate cert = (X509Certificate) factory.generateCertificate(in);
System.out.println(cert.toString());

It outputs the whole info of the certificate: 它输出证书的全部信息: 

Version: V3
Subject: EMAILADDRESS=...
...
Algorithm: [SHA256withRSA]
...

but if a try to load and retrieve the private key with the following code: 但是如果尝试使用以下代码加载和检索私钥: 

KeyFactory kf = KeyFactory.getInstance("RSA");        
X509EncodedKeySpec bobPubKeySpec = new X509EncodedKeySpec(encodedKey);
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
PublicKey bobPubKey = keyFactory.generatePublic(bobPubKeySpec);
Signature sig = Signature.getInstance("SHA256withRSA");
sig.initVerify(bobPubKey);
sig.update(data_received);
sig.verify(signature_received);

I get the following exception 我得到以下异常 

 java.security.spec.InvalidKeySpecException: java.security.InvalidKeyException: invalid key format

in the keyFactory.generatePublic method. 在keyFactory.generatePublic方法中。 Same result if a change it to generatePrivate. 如果将其更改为generatePrivate,则结果相同。

2 个解决方案

解决方案1
 1  2016-05-29 06:54:43

Thanks James, following your advise I made it with the following: 感谢James,根据您的建议,我做到了以下几点: 

        InputStream in = new FileInputStream(System.getProperty("user.dir") + "\\" + certificateName);
        CertificateFactory factory = CertificateFactory.getInstance("X.509");
        X509Certificate cert = (X509Certificate) factory.generateCertificate(in);
        PublicKey pubKey = cert.getPublicKey();


        Signature sig = Signature.getInstance("SHA256withRSA");
        sig.initVerify(pubKey);
        sig.update(xmlContent);

        return sig.verify(headerSignature);

解决方案2
 0  2016-05-29 20:02:04

There is an initVerify that simply takes a certificate . 有一个initVerify只需要一个证书 Internaly it will of course just get the public key, but there is generally no reason for you to do so. Internaly它当然会刚刚得到的公开密钥,但一般没有理由对这样做。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 带有RSA签名的Java存储过程SHA256不可用 - Java stored procedure SHA256 with RSA Signature not available 验证 C# 中的 RSA SHA256 签名 - Verify RSA SHA256 signature in C# 来自公钥的sha256哈希 - sha256 hash from public key 匹配RSA SHA256的SignatureAlgorithm - SignatureAlgorithm to match RSA SHA256 来自 X509Certificate 的 SHA256 指纹 - SHA256 fingerprint from X509Certificate SHA256withRSA和SHA256然后RSA之间的区别 - Difference between SHA256withRSA and SHA256 then RSA 带有RSA签名的SHA256在各种Android设备上返回不同的输出 - SHA256 with RSA signature returns different outputs on various Android devices 生成密钥库但仅获得SHA1证书,我想要SHA256证书吗? - Generating keystore but only getting SHA1 certificate, I want SHA256 certificate? 在Java中实现RSA-SHA1签名算法(创建用于OAuth RSA-SHA1签名的私钥) - Implementing RSA-SHA1 signature algorithm in Java (creating a private key for use with OAuth RSA-SHA1 signature) 试图将 Java RSA-PSS 签名验证码(带有 SHA256 hash,SHA1 MGF 哈希)转换为 Python - trying to convert Java RSA-PSS signature verification code (with SHA256 hash, SHA1 MGF hash) to Python
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM