[英]Signing data in Android and Verifying it in python
我已经编写了以下代码来在android中签名数据:
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.spec.RSAPublicKeySpec;
import android.app.Activity;
import android.os.Bundle;
public class TestActivity extends Activity {
/** Called when the activity is first created. */
@Override
public void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.main);
try{
String m ="This is my message";
System.out.println(m);
KeyPairGenerator keyPairGen = KeyPairGenerator.getInstance("RSA");
keyPairGen.initialize(1024);
KeyPair kp = keyPairGen.generateKeyPair();
PrivateKey priKey = kp.getPrivate();
PublicKey pubKey = kp.getPublic();
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
RSAPublicKeySpec publicKeySpec = keyFactory.getKeySpec(pubKey, RSAPublicKeySpec.class);
System.out.println("WITH toString: ");
System.out.println("Mod :" + publicKeySpec.getModulus().toString());
System.out.println("Exp :" + publicKeySpec.getPublicExponent().toString());
System.out.println("PublicKey:" + pubKey.toString());
System.out.println("PublicKey:" + pubKey);
System.out.println("PublicKey Base64:" +MyBase64.encode(pubKey.getEncoded()));
Signature instance = Signature.getInstance("SHA1withRSA");
instance.initSign(priKey);
instance.update(m.getBytes());
byte[] signature = instance.sign();
System.out.println("Signature: " + MyBase64.encode(signature));
}catch(Exception e){
e.printStackTrace();
}
}
}
我将adb logcat的粘贴值复制到python中,并使用以下命令在python中进行验证:
mod=#I paste mod here
exp=#I paste exp here
signature=#I paste signature here
message="This is my message"
publicKey = RSA.construct((mod,exp))
print 'PublicKey Base64: ' + publicKey.exportKey()
print str(publicKey)
test = SHA.new(message)
verifier = PKCS1_v1_5.new(publicKey)
signature_base = base64.b64decode(signature)
print "Verification: " + str(verifier.verify(test, signature_base))
我发现MyBase64.encode(pubKey.getEncoded())(在Java中)与publicKey.exportKey()(在python中)相同
但是,验证结果始终为假。
如果我使用javac运行它,那么Java代码似乎可以正常工作。
任何帮助,可能出什么问题了?
通常,这样的错误与多余的空格潜入数据字符串有关。 在计算散列之前尝试剥离它。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.