[英]how to make c openssl generate the same signed text as JAVA SHA256withRSA/PSS Signature?
I am working on rpc call signing, and to make server accept our API calls, we need to use RSAPrivateKey to sign http mime headers. 我正在研究rpc调用签名,为了使服务器接受我们的API调用,我们需要使用RSAPrivateKey来签名http mime标头。 Server side code is written in JAVA and use "SHA256withRSA/PSS" to verify signature.
服务器端代码用JAVA编写,并使用“ SHA256withRSA / PSS”来验证签名。
My problem is I got different signing hashes from JAVA and c openssl code. 我的问题是我从JAVA和c openssl代码中获得了不同的签名哈希。 So the question is, is it possible for openssl to generate the same signing hash as JAVA?
所以问题是,openssl是否有可能生成与JAVA相同的签名哈希?
JAVA code: JAVA代码:
public static String getSignedString(PrivateKey privateKey, String text) throws Exception {
Signature sig = Signature.getInstance("SHA256withRSA/PSS", "BC");
sig.initSign(privateK);
sig.update(text.getBytes(StandardCharsets.UTF_8));
byte[] signed = sig.sign();
String result = Base64.getEncoder().encodeToString(signed);
System.out.println("signed : " + result);
/// signed result works perfect.
}
c code: C代码:
bool RSASign(RSA* rsa, const unsigned char* Msg, size_t MsgLen,unsigned char** EncMsg,size_t* MsgLenEnc) {
EVP_MD_CTX* m_RSASignCtx = EVP_MD_CTX_create();
EVP_PKEY* priKey = EVP_PKEY_new();
EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new(priKey, NULL);
EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING);
// tried RSA_PKCS1_PADDING w/o success.
EVP_PKEY_assign_RSA(priKey, rsa);
if (EVP_DigestSignInit(m_RSASignCtx,&pctx, EVP_sha256(), NULL,priKey)<=0) {
return false;
}
if (EVP_DigestSignUpdate(m_RSASignCtx, Msg, MsgLen) <= 0) {
return false;
}
if (EVP_DigestSignFinal(m_RSASignCtx, NULL, MsgLenEnc) <=0) {
return false;
}
*EncMsg = (unsigned char*)malloc(*MsgLenEnc);
if (EVP_DigestSignFinal(m_RSASignCtx, *EncMsg, MsgLenEnc) <= 0) {
return false;
}
// here EncMsg is different from JAVA output, server validation failed. need to make it the same as JAVA output.
}
The "PSS" in "RSA-PSS" stands for probabilistic signature scheme -- it's a randomized algorithm. “ RSA-PSS”中的“ PSS”代表概率签名方案 -这是一种随机算法。 You aren't supposed to get the same signature every time.
您不应该每次都获得相同的签名。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.