我想在我的java / androID项目中使用存储在DB中的私钥(RSA)生成数字签名.
我的2个密钥是使用以下代码生成的(项目正在生产中,我无法更改):
// Get keys pair (RSA)KeyPair rsaKyePair = createKeyPair();// Get private/ public keys and store them in DBString pri = getPrivateKeyBase64Str(rsaKyePair);String pub = getPublicKeyBase64Str(rsaKyePair));public static KeyPair createKeyPair() { KeyPair keyPair = null; try { KeyPairGenerator keygen = KeyPairGenerator.getInstance("RSA"); keygen.initialize(KEY_LENGTH); keyPair = keygen.generateKeyPair(); } catch (NoSuchAlgorithmException e) { e.printstacktrace(); return null; } return keyPair;}public static String getPrivateKeyBase64Str(KeyPair keyPair){ if (keyPair == null) return null; return getBase64StrFromByte(keyPair.getPrivate().getEncoded());}public static String getPublicKeyBase64Str(KeyPair keyPair){ if (keyPair == null) return null; return getBase64StrFromByte(keyPair.getPublic().getEncoded());}public static String getBase64StrFromByte(byte[] key){ if (key == null || key.length == 0) return null; return new String(Base64.encode(key));}基于不同的站点(here和here),我将尝试编写用于生成签名的代码:
String mySignature = getDigitalSignature("my_string_", "my_private_string" );/* * Generated a signed String * @param text : string to sign * @param strPrivateKey : private key (String format) */public String getDigitalSignature(String text, String strPrivateKey) { try { // Get private key from String PrivateKey pk = loadPrivateKey(strPrivateKey); // text to bytes byte[] data = text.getBytes("UTF8"); // signature Signature sig = Signature.getInstance("MD5WithRSA"); sig.initSign(pk); sig.update(data); byte[] signatureBytes = sig.sign(); return javax.xml.bind.DatatypeConverter.printBase64Binary(signatureBytes); }catch(Exception e){ return null; }}private PrivateKey loadPrivateKey(String key64) throws GeneralSecurityException { byte[] clear = Base64.decode(key64, Base64.DEFAulT); PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(clear); KeyFactory fact = KeyFactory.getInstance("RSA"); PrivateKey priv = fact.generatePrivate(keySpec); Arrays.fill(clear, (byte) 0); return priv;}为验证签名,我在我的java API中使用此代码:
/* * Verify signature of a string * @param signature : signature * @param origina: original string to verify * @param publicKey: user public key */public static boolean verfiySignature(String signature, String original, String publicKey){ try{ // Get private key from String PublicKey pk = loadPublicKey(publicKey); // text to bytes byte[] originalBytes = original.getBytes("UTF8"); //signature to bytes //byte[] signatureBytes = signature.getBytes("UTF8"); byte[] signatureBytes =javax.xml.bind.DatatypeConverter.parseBase64Binary(signature); Signature sig = Signature.getInstance("MD5WithRSA"); sig.initVerify(pk); sig.update(originalBytes); return sig.verify(signatureBytes); }catch(Exception e){ e.printstacktrace(); Logger log = Logger.getLogger(RsaCipher.class); log.error("error for signature:" + e.getMessage()); return false; }}/* * Generate a PublicKey object from a string * @ key64 : public key in string format (BASE 64) */private static PublicKey loadPublicKey(String key64) throws GeneralSecurityException { byte[] data = javax.xml.bind.DatatypeConverter.parseBase64Binary(key64); X509EncodedKeySpec spec = new X509EncodedKeySpec(data); KeyFactory fact = KeyFactory.getInstance("RSA"); return fact.generatePublic(spec);}我用真实数据运行此代码,但“verifySignature”始终返回“False”.
我是加密世界的新手,原谅我的脏代码.
—编辑
调用verify方法时出现异常:
java.security.SignatureException: Signature enCoding error
解决方法:
签名时,您返回了签名base64编码:
return Base64.encodetoString(signatureBytes, Base64.DEFAulT);因此,在验证时您必须对签名字符串进行base64解码.但你做的是:
byte[] signatureBytes = signature.getBytes("UTF8");因此,您尝试验证的signatureBytes与签名后签名的signatureBytes完全不同.
你签字使用
Signature sig = Signature.getInstance("RSA");但你验证使用
Signature sig = Signature.getInstance("MD5WithRSA");显然你应该在两种情况下都使用相同的算法.
总结以上是内存溢出为你收集整理的java / android中的数字签名(RSA密钥)全部内容,希望文章能够帮你解决java / android中的数字签名(RSA密钥)所遇到的程序开发问题。
如果觉得内存溢出网站内容还不错,欢迎将内存溢出网站推荐给程序员好友。
欢迎分享,转载请注明来源:内存溢出
微信扫一扫
支付宝扫一扫
评论列表(0条)