RSA SignatureException:签名长度不正确
[英]RSA SignatureException: Signature length not correct
问题描述
I am having issues signing an rsa signature. 
我在签署rsa签名时遇到问题。 I have a signature that has been encrypted with a private key. 我有一个用私钥加密的签名。 I have an issue when trying to validate it with the public key however. 但是,在尝试使用公钥验证时遇到问题。 I get the following exception: 我得到以下异常:
java.security.SignatureException: Signature length not correct: got 336 but was expecting 128
at sun.security.rsa.RSASignature.engineVerify(RSASignature.java:189)
at java.security.Signature$Delegate.engineVerify(Signature.java:1219)
at java.security.Signature.verify(Signature.java:652)
at XmlReader.main(XmlReader.java:65)
I have retrieved my signature and public key the following way: 我通过以下方式检索了我的签名和公钥:
BigInteger modulus = new BigInteger(Base64.getDecoder().decode(publicKeyString));
BigInteger exponent = new BigInteger(Base64.getDecoder().decode("AQAB"));
RSAPublicKeySpec keySpec = new RSAPublicKeySpec(modulus, exponent);
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
PublicKey pubKey = keyFactory.generatePublic(keySpec);
byte[] sigToVerify = Base64.getDecoder().decode(signatureString);
Signature sig = Signature.getInstance("MD5WithRSA");
sig.initVerify(pubKey);
boolean verifies = sig.verify(sigToVerify);
The application fails at the last line. 应用程序在最后一行失败。 Any thoughts as to where this exception is caused? 有关此异常的原因的任何想法?
UPDATE: 更新:
Added data for signature to be verified: 添加了要验证的签名数据:
String data = "...." //hidden since sensitive data
byte[] dataBytes = Base64.getEncoder().encode(data.getBytes());
dataBytes = Base64.getDecoder().decode(dataBytes);
2 个解决方案
解决方案1
2 已采纳 2017-09-14 18:40:15
Before calling sig.verify(sigToVerify) you should call 在调用sig.verify(sigToVerify)之前,你应该打电话
sig.update(data);
passing the data you're verifying signature for. 传递您正在验证签名的数据。
And make sure that calling verify in your argument you have signature bytes only. 并确保在您的参数中调用verify只有签名字节。
解决方案2
1 2017-09-14 21:15:11
Well, the signature size is obviously not correct. 那么,签名大小显然是不正确的。 This means that at least the signature is not formatted correctly; 这意味着至少签名格式不正确; an RSA signature by itself is always the size of the modulus in bytes (identical to the key size, in your case a short 1024 bit key). RSA签名本身始终是以字节为单位的模数大小(与密钥大小相同,在您的情况下是短1024位密钥)。
algrid is right that usually you'd have to update the signature first. algrid是对的 ,通常你必须先更新签名。 So it would be logical that the input of the signature is prefixed with the data that was signed. 因此,签名的输入以已签名的数据为前缀是合乎逻辑的。 In that case the last 128 bytes are probably the signature, and the bytes before that are the data. 在这种情况下,最后128个字节可能是签名,之前的字节是数据。
It is also possible that the signature is not a "raw" signature but a formatted signature, eg using the PKCS#7 / CMS syntax or PGP syntax. 签名也可能不是“原始”签名而是格式化签名,例如使用PKCS#7 / CMS语法或PGP语法。 In that case you would need an library to decode it. 在这种情况下,您需要一个库来解码它。
Note that you cannot verify a signature without the data that was signed, or at least the hash over the data. 请注意,如果没有签名的数据,或者至少是数据的哈希,则无法验证签名。 You can only check the correctness of the signature in that case (by validating the padding performed before modular exponentiation for RSA, in case we need to go into details). 在这种情况下,您只能检查签名的正确性(通过验证RSA模幂运算之前执行的填充,以防我们需要详细说明)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.