在Android中簽名數據並在python中進行驗證
[英]Signing data in Android and Verifying it in python
問題描述
我已經編寫了以下代碼來在android中簽名數據:
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.spec.RSAPublicKeySpec;
import android.app.Activity;
import android.os.Bundle;
public class TestActivity extends Activity {
/** Called when the activity is first created. */
@Override
public void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.main);
try{
String m ="This is my message";
System.out.println(m);
KeyPairGenerator keyPairGen = KeyPairGenerator.getInstance("RSA");
keyPairGen.initialize(1024);
KeyPair kp = keyPairGen.generateKeyPair();
PrivateKey priKey = kp.getPrivate();
PublicKey pubKey = kp.getPublic();
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
RSAPublicKeySpec publicKeySpec = keyFactory.getKeySpec(pubKey, RSAPublicKeySpec.class);
System.out.println("WITH toString: ");
System.out.println("Mod :" + publicKeySpec.getModulus().toString());
System.out.println("Exp :" + publicKeySpec.getPublicExponent().toString());
System.out.println("PublicKey:" + pubKey.toString());
System.out.println("PublicKey:" + pubKey);
System.out.println("PublicKey Base64:" +MyBase64.encode(pubKey.getEncoded()));
Signature instance = Signature.getInstance("SHA1withRSA");
instance.initSign(priKey);
instance.update(m.getBytes());
byte[] signature = instance.sign();
System.out.println("Signature: " + MyBase64.encode(signature));
}catch(Exception e){
e.printStackTrace();
}
}
}
我將adb logcat的粘貼值復制到python中,並使用以下命令在python中進行驗證:
mod=#I paste mod here
exp=#I paste exp here
signature=#I paste signature here
message="This is my message"
publicKey = RSA.construct((mod,exp))
print 'PublicKey Base64: ' + publicKey.exportKey()
print str(publicKey)
test = SHA.new(message)
verifier = PKCS1_v1_5.new(publicKey)
signature_base = base64.b64decode(signature)
print "Verification: " + str(verifier.verify(test, signature_base))
我發現MyBase64.encode(pubKey.getEncoded())(在Java中)與publicKey.exportKey()(在python中)相同
但是,驗證結果始終為假。
如果我使用javac運行它,那么Java代碼似乎可以正常工作。
任何幫助,可能出什么問題了?
1 個解決方案
解決方案1
1 2012-07-07 00:26:23
通常,這樣的錯誤與多余的空格潛入數據字符串有關。 在計算散列之前嘗試剝離它。
加密:使用Linux / gcrypt簽名,使用Android / Java驗證
[英]Crypto: Signing with Linux/gcrypt, Verifying with Android/Java
生成證書簽名請求,對其進行簽名和驗證有哪些選項?
[英]What options are there for generating certificate sign request, signing it and verifying it?
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.