Given a certificate and CA's public key, I want to decrypt the signature part only to use it for verification. The RSA signature decryption is defined as: H'=s^e mod n
where s
is the signature. I did this decryption manually using BigInteger as the following code but it doesn't seem alright because the result doesn't look the same when I generate the SHA1 hash value of the certificate (using getTBSCertificate() method). Is there a java class that takes (a certificate + CA's public key) and produce the decrypted signature.
File f= new File("/Users/AA/Desktop/InCommonServerCA"); // path for CA certificate
CertificateFactory cf = CertificateFactory.getInstance("X.509");
BufferedInputStream in = new BufferedInputStream(new FileInputStream(f));
Certificate certCA = cf.generateCertificate(in);
RSAPublicKey pub = (RSAPublicKey) certCA.getPublicKey();
BigInteger n= pub.getModulus(); // to get the CA's modulus (n)
BigInteger e=pub.getPublicExponent(); // to get the CA's exponent (e)
in.close();
// implement `H'=s^e mod n`
BigInteger h1, signature;
signature= new BigInteger(x509cert.getSignature());
h1=signature.modPow(e, n);
You only have to call Certificate.verify().
There is no such thing as decrypting a digital signature.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.