堆栈内存溢出
  简体   繁体   English

使用md5散列并使用专用证书签名

[英]Hashing using md5 and sign using private certificate

 原文  2016-06-28 12:54:33       java/ cryptography/ md5/ string-hashing/ pkcs#1

问题描述

I have a requirement wherein I have to generate a URL where one of the parameter is signature and signature has to be generated using below requirement in a Java Application: 我有一个要求,我必须生成一个URL,其中参数之一是签名,并且必须使用Java应用程序中的以下要求来生成签名:

The other 4 URL parameter values should be hashed (in the order specified below) using MD5 and sign using the private certificate. 应该使用MD5对其他4个URL参数值进行哈希处理(按以下指定的顺序),并使用专用证书进行签名。 (The signature will be DER-encoded PKCS #1 block as defined in RSA Laboratory's Public Key Cryptography Standards Note #1.) The resulting digest should be converted to ASCII character set using base64 and then encoded to comply with HTTP URL character set limitations. (签名将是RSA实验室的公钥密码学标准注释#1中定义的DER编码的PKCS#1块。)结果摘要应使用base64转换为ASCII字符集,然后进行编码以符合HTTP URL字符集限制。 

Order                   Parameter
1                       [queryparameter1]
2..                     [queryparameter …] *
3                       Expiration

The final url should look something like 最终网址应类似于 

https://<ServerName>:<Port>/imageRet/pod?ID=123456789&build=XHB&date=201102151326&expiration=20110218155523&signature=H767dhghjKJ#23mxi

I have never worked on Cryptography before and hence don't know how to start. 我之前从未从事密码学方面的工作,因此不知道如何开始。 Can somebody help how can this be achived. 有人可以帮助实现这一目标。

1 个解决方案

解决方案1
 0  2016-06-29 20:00:29

This will be the signature code 这将是签名代码 

Signature sig = Signature.getInstance("MD5withRSA");
sig.initSign(privateKey);
sig.update(canonicalize(params));
byte signature[] = sig.sign();
String signatureB64UrlEncoded = Base64.getUrlEncoder().encodeToString(signature);

Where canonicalize(params) means converting the String parameters of the url to byte[] the way your service specified. canonicalize(params)意味着将url的String参数转换为服务指定的byte[] You have not given details. 您尚未提供详细信息。 This step is not trivial at all because equivalent urls may generate different signatures. 这一步并不容易,因为等效的URL可能生成不同的签名。

For example 例如 

 q=hello%20world   --> Qazz_tVB-guYai5oW0Eef6BbVP ...
 q=hello world     --> JJWDEPMQDmffcsjR0dP3vnrkFT ...

An example implementation, but surely not valid... 一个示例实现,但肯定无效... 

//Convert params[] to byte[] converting each String to byte with default charset and concatenating results
public byte[] canonicalize(String params[] ) throws IOException{
    final ByteArrayOutputStream out = new ByteArrayOutputStream();

    for (String param: params){
        out.write(param.getBytes());
    }
    return out.toByteArray();
}

Take a look at Amazon AWS to see an example of how canonicalize a URL 查看Amazon AWS,以了解如何规范化URL的示例

If you finally decide to use a more secure algorithm, simply replace MD5withRSA with for example SHA256withRSA 如果您最终决定使用更安全的算法,只需将MD5withRSA替换为例如SHA256withRSA

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 使用 keytool 获取证书的 MD5 签名 - Using keytool to get the MD5 signature of a certificate 适用于Android的MD5哈希 - MD5 Hashing for Android 在使用md5散列它之后使用java.util.UUID是一个不错的选择吗? - is using the java.util.UUID after hashing it with md5 a good option? JavaScript MD5哈希与Java Applet MD5哈希? - JavaScript MD5 hashing vs Java Applet MD5 hashing? Java MD5散列与C#MD5散列不匹配 - Java MD5 hashing not matching C# MD5 hashing MD5散列不同的值 - MD5 hashing different values 哈希密码并与MD5进行比较 - Hashing password and comparing with MD5 使用MD5哈希作为索引 - Using an MD5 Hash as an index 使用证书和私钥通过iText 5对PDF文档进行签名 - Sign PDF Document using certificate and private key with iText 5 Java ME中的MD5密码哈希 - MD5 password hashing in Java ME
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM