[英]Digital signature verification failing - Java
I am generating digital signature using below methods with payload as "hello world" 我正在使用有效载荷为“ hello world”的以下方法生成数字签名
public String generateSignature(String payload) throws Exception{
Signature rsa = null;
rsa = Signature.getInstance("SHA256WithRSA/PSS", new BouncyCastleProvider());
rsa.initSign(getPrivateKey("Keys/private_key"));
rsa.update(payload.getBytes(StandardCharsets.UTF_8));
byte[] signatureBytes = Base64.encodeBase64(rsa.sign());
String signature = DatatypeConverter.printHexBinary(signatureBytes);
return signature;
}
I am validating the signature with payload "hello world" and signature that I got from generateSignatue method. 我正在使用有效负载“ hello world”和从generateSignatue方法获得的签名来验证签名。
public boolean validateSignature(String payload, String signature) throws Exception {
Signature sig = Signature.getInstance("SHA256WithRSA/PSS", new BouncyCastleProvider());
boolean isValid = false;
sig.initVerify(getPublicKey("Keys/public_key"));
sig.update(payload.getBytes(StandardCharsets.UTF_8));
isValid = sig.verify(Base64.decodeBase64(signature.getBytes("UTF-8")));
return isValid;
}
This is always returning isValid as false, what is the mistake? 这总是返回isValid为false,这是什么错误?
Retrieving Public key & private key with below functions (for reference): 通过以下功能检索公钥和私钥(以供参考):
public static PublicKey getPublicKey(String filename) throws Exception {
byte[] keyBytes = Files.readAllBytes(Paths.get(filename));
X509EncodedKeySpec spec = new X509EncodedKeySpec(keyBytes);
KeyFactory kf = KeyFactory.getInstance("RSA");
return kf.generatePublic(spec);
}
public static PrivateKey getPrivateKey(String filename) throws Exception {
byte[] keyBytes = Files.readAllBytes(Paths.get(filename));
PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(keyBytes);
KeyFactory kf = KeyFactory.getInstance("RSA");
return kf.generatePrivate(spec);
}
I can see some errors at a glance: 我一眼就能看到一些错误:
A DER file contains certificates, not private keys. DER文件包含证书,而不是私钥。 Do you have a typo at
"Keys/private_key.der"
? 您在
"Keys/private_key.der"
有错字吗?
Your signing code encodes the signature bytes to base64 and hex, but your verification code only decodes from base64. 您的签名代码将签名字节编码为base64和hex,但是您的验证码仅从base64解码。 Remove this
String signature = DatatypeConverter.printHexBinary(signatureBytes);
删除此
String signature = DatatypeConverter.printHexBinary(signatureBytes);
You can also remove the base64 conversion and work in both methods with byte[]
directly 您也可以删除base64转换,并直接使用
byte[]
在这两种方法中使用
Within the edited code the hexadecimals is gone, but you need to use base 64 decoding of the signature. 在已编辑的代码中,十六进制已消失,但是您需要对签名使用base 64解码。 Furthermore you must make sure you use a known good base 64 codec, such as
Base64.getEncoder()
and Base64.getDecoder()
. 此外,您必须确保使用已知良好的base 64编解码器,例如
Base64.getEncoder()
和Base64.getDecoder()
。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.