stackoom
  简体   繁体   中英

Verificiation of a Signature HMAC

 原文  2018-04-18 03:09:45       java/ hash/ signature/ sha256

Question

I am trying to create a signature then verify for a message of 40 bytes using the SHA-256 algorithm. I thought I did everything correctly, but it is giving me false for verification, and I cannot find out what I did wrong. I double and triple and quadruple checked, but couldn't find out. Any help would be appreciated. here are the two functions I have created to sign and verify signature for a message. 

   public static byte[] sigAuth(byte[] message, File file, PrivateKey privateKey) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException, IOException{
            SecretKeySpec secretKey = new SecretKeySpec(sharedKey, "hmacSHA256");
            Mac macHMAC = Mac.getInstance("HmacSHA256");
            macHMAC.init(secretKey);
            byte[] authMessageInHMACC = macHMAC.doFinal(message);

            Signature signature = Signature.getInstance("SHA256withRSA");
            signature.initSign(privateKey);
            signature.update(authMessageInHMACC);
            byte[] finalSignature = signature.sign();

            FileOutputStream fos = new FileOutputStream(file);
            fos.write(message);
            fos.write(finalSignature);
            fos.close(); 

            return finalSignature;
        }

        public static boolean verify(File file, PublicKey pubKey) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException, IOException{
            byte fileContent[] = new byte[(int)sharedKeyFile.length()];
            FileInputStream fos = new FileInputStream(file);
            fos.read(fileContent);
            fos.close();
            /Split message from signed hash 
            byte[] messageOnly = new byte[40];

            byte[] hash = new byte[256];

            //messageauthmessage
            int j = 0;
            int k = 0;
            for (int i = 0; i < fileContent.length;i++){
                if(i < 40){
                    messageOnly[i] = fileContent[i];
                    j++;
                } else {
                    hash[k] = fileContent[j+1];
                    k++;
                }
            }

            SecretKeySpec secretKey = new SecretKeySpec(sharedKey, "hmacSHA256");
            Mac macHMAC = Mac.getInstance("HmacSHA256");
            macHMAC.init(secretKey);
            byte[] authMessageInHMACC = macHMAC.doFinal(messageOnly);

            Signature pubSignature = Signature.getInstance("SHA256withRSA");
            pubSignature.initVerify(pubKey);
            pubSignature.update(authMessageInHMACC);
            boolean verified = pubSignature.verify(hash);
            return verified;
        }

1 answers

solution1
 0 ACCPTED  2018-04-18 03:14:57

 messageOnly[i] = fileContent[i];

should be 

 messageOnly[j] = fileContent[i];

and 

hash[k] = fileContent[j+1];

should be 

hash[k] = fileContent[i];

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question HMAC signature in java HMAC signature in Kotlin Converting PHP hmac signature to java HMAC SHA1 Signature in Java HMAC-SHA256 Algorithm for signature calculation Verifying hmac sha1 signature in Java Library for generating HMAC-SHA1 OAuth signature on Android? Signature with HMAC SHA-256 and Base64Encoder Creating signature with HMAC_SHA1 - Secret key expected exception Spring WebClient: Automatically compute HMAC signature for body and pass it as header
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM