stackoom
  简体   繁体   中英

Hashing using md5 and sign using private certificate

 原文  2016-06-28 12:54:33       java/ cryptography/ md5/ string-hashing/ pkcs#1

Question

I have a requirement wherein I have to generate a URL where one of the parameter is signature and signature has to be generated using below requirement in a Java Application:

The other 4 URL parameter values should be hashed (in the order specified below) using MD5 and sign using the private certificate. (The signature will be DER-encoded PKCS #1 block as defined in RSA Laboratory's Public Key Cryptography Standards Note #1.) The resulting digest should be converted to ASCII character set using base64 and then encoded to comply with HTTP URL character set limitations. 

Order                   Parameter
1                       [queryparameter1]
2..                     [queryparameter …] *
3                       Expiration

The final url should look something like 

https://<ServerName>:<Port>/imageRet/pod?ID=123456789&build=XHB&date=201102151326&expiration=20110218155523&signature=H767dhghjKJ#23mxi

I have never worked on Cryptography before and hence don't know how to start. Can somebody help how can this be achived.

1 answers

solution1
 0  2016-06-29 20:00:29

This will be the signature code 

Signature sig = Signature.getInstance("MD5withRSA");
sig.initSign(privateKey);
sig.update(canonicalize(params));
byte signature[] = sig.sign();
String signatureB64UrlEncoded = Base64.getUrlEncoder().encodeToString(signature);

Where canonicalize(params) means converting the String parameters of the url to byte[] the way your service specified. You have not given details. This step is not trivial at all because equivalent urls may generate different signatures.

For example 

 q=hello%20world   --> Qazz_tVB-guYai5oW0Eef6BbVP ...
 q=hello world     --> JJWDEPMQDmffcsjR0dP3vnrkFT ...

An example implementation, but surely not valid... 

//Convert params[] to byte[] converting each String to byte with default charset and concatenating results
public byte[] canonicalize(String params[] ) throws IOException{
    final ByteArrayOutputStream out = new ByteArrayOutputStream();

    for (String param: params){
        out.write(param.getBytes());
    }
    return out.toByteArray();
}

Take a look at Amazon AWS to see an example of how canonicalize a URL

If you finally decide to use a more secure algorithm, simply replace MD5withRSA with for example SHA256withRSA

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Using keytool to get the MD5 signature of a certificate MD5 Hashing for Android is using the java.util.UUID after hashing it with md5 a good option? JavaScript MD5 hashing vs Java Applet MD5 hashing? Java MD5 hashing not matching C# MD5 hashing MD5 hashing different values Hashing password and comparing with MD5 Using an MD5 Hash as an index Sign PDF Document using certificate and private key with iText 5 MD5 password hashing in Java ME
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM