堆栈内存溢出
  简体   繁体   English

数字签名验证失败-Java

[英]Digital signature verification failing - Java

 原文  2018-05-16 08:04:50       java/ digital-signature/ verification

问题描述

I am generating digital signature using below methods with payload as "hello world" 我正在使用有效载荷为“ hello world”的以下方法生成数字签名 

public String generateSignature(String payload) throws Exception{
        Signature rsa = null;
        rsa = Signature.getInstance("SHA256WithRSA/PSS", new BouncyCastleProvider());
        rsa.initSign(getPrivateKey("Keys/private_key"));
        rsa.update(payload.getBytes(StandardCharsets.UTF_8));
        byte[] signatureBytes = Base64.encodeBase64(rsa.sign());
        String signature = DatatypeConverter.printHexBinary(signatureBytes);
        return signature;
    }

I am validating the signature with payload "hello world" and signature that I got from generateSignatue method. 我正在使用有效负载“ hello world”和从generateSignatue方法获得的签名来验证签名。 

public boolean validateSignature(String payload, String signature) throws Exception {
    Signature sig = Signature.getInstance("SHA256WithRSA/PSS", new BouncyCastleProvider());
    boolean isValid = false;
    sig.initVerify(getPublicKey("Keys/public_key"));                
    sig.update(payload.getBytes(StandardCharsets.UTF_8));
    isValid = sig.verify(Base64.decodeBase64(signature.getBytes("UTF-8")));
    return isValid;
}

This is always returning isValid as false, what is the mistake? 这总是返回isValid为false,这是什么错误?

Retrieving Public key & private key with below functions (for reference): 通过以下功能检索公钥和私钥(以供参考): 

public static PublicKey getPublicKey(String filename) throws Exception {
        byte[] keyBytes = Files.readAllBytes(Paths.get(filename));
        X509EncodedKeySpec spec = new X509EncodedKeySpec(keyBytes);
        KeyFactory kf = KeyFactory.getInstance("RSA");
        return kf.generatePublic(spec);
    }

public static PrivateKey getPrivateKey(String filename) throws Exception {
    byte[] keyBytes = Files.readAllBytes(Paths.get(filename));
    PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(keyBytes);
    KeyFactory kf = KeyFactory.getInstance("RSA");
    return kf.generatePrivate(spec);
}

1 个解决方案

解决方案1
 0  2018-05-16 08:44:43

I can see some errors at a glance: 我一眼就能看到一些错误:

  • A DER file contains certificates, not private keys. DER文件包含证书,而不是私钥。 Do you have a typo at "Keys/private_key.der" ? 您在"Keys/private_key.der"有错字吗?

  • Your signing code encodes the signature bytes to base64 and hex, but your verification code only decodes from base64. 您的签名代码将签名字节编码为base64和hex,但是您的验证码仅从base64解码。 Remove this String signature = DatatypeConverter.printHexBinary(signatureBytes); 删除此String signature = DatatypeConverter.printHexBinary(signatureBytes); You can also remove the base64 conversion and work in both methods with byte[] directly 您也可以删除base64转换,并直接使用byte[]在这两种方法中使用

  • Within the edited code the hexadecimals is gone, but you need to use base 64 decoding of the signature. 在已编辑的代码中,十六进制已消失,但是您需要对签名使用base 64解码。 Furthermore you must make sure you use a known good base 64 codec, such as Base64.getEncoder() and Base64.getDecoder() . 此外,您必须确保使用已知良好的base 64编解码器,例如Base64.getEncoder()Base64.getDecoder()

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 使用Java中的GPG和GnuPG进行数字签名验证 - Digital Signature Verification using GPG and GnuPG in Java 在C#中创建的数字签名在Java验证中不匹配 - Digital Signature created in C# doesn't match in Java verification RSA数字签名失败 - RSA digital signature failing Java,带有BouncyCastle的数字签名 - Java, Digital Signature with BouncyCastle Java文档的数字签名 - Digital signature of document java XML数字签名Java - XML Digital Signature Java Java数字签名 - Digital signature in java 为什么 JWS 签名验证失败? - Why is verification failing for a JWS signature? 访问Web服务的数字签名验证错误 - Digital signature verification error for accessing webservice 超过256长度的数字签名验证 - Digital Signature Verification for more than 256 length
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM