签名为什么总是给我假?

时间:2014-04-26 22:35:57

标签: java rsa digital-signature verify

我尝试使用此代码验证我的代码,我有公钥,我的数据和signature。我从文件中读取了我的签名并将我的字符串转换为public key然后获取我的数据并验证签名。 

 public static boolean verify () {
            String publickey = "MIGfMA0GCSqGSIb3DQE";
            byte[] encKey = Base64.decodeBase64(publickey.getBytes());
            try {
                byte[] MACaddress = GetData();
                BufferedReader in = new BufferedReader(new FileReader(
                        "EndSignatuer.txt"));
                FileInputStream keyfis = new FileInputStream("EndSignatuer.txt");
                byte[] Signen = new byte[keyfis.available()];
                keyfis.read(Signen);
                keyfis.close();

                X509EncodedKeySpec pubKeySpec = new X509EncodedKeySpec(encKey);
                KeyFactory keyFactory = KeyFactory.getInstance("RSA");
                PublicKey pubKey = keyFactory.generatePublic(pubKeySpec);

                Cipher cipher = Cipher.getInstance("RSA");
                cipher.init(Cipher.DECRYPT_MODE, pubKey);
                byte[] deSignen = Base64.decodeBase64(Signen);
                byte[] decrypted_digest = cipher.doFinal(deSignen);

                MessageDigest md5_digest = MessageDigest.getInstance("MD5");
                md5_digest.update(MACaddress);
                byte[] digest = md5_digest.digest();

                   if (decrypted_digest == digest) {
                        return true;
                    }else {
                        return false;//her why give me false 
                    }

代码加密:

public static void GenarationKEY(byte[] data) {

        try {
            File fileEndSignatuer = new File("EndSignatuer.txt");
            FileOutputStream fopEndSignatuer = new FileOutputStream(
                    fileEndSignatuer);
            // /Read private key from file
            FileInputStream keyfis = new FileInputStream("PiveteKey.txt");
            byte[] PrivateKeyB = new byte[keyfis.available()];
            keyfis.read(PrivateKeyB);
            keyfis.close();
            byte[] decodePrivetekey = Base64.decodeBase64(PrivateKeyB);
            // /get private key
            PKCS8EncodedKeySpec pubKeySpec = new PKCS8EncodedKeySpec(
                    decodePrivetekey);
            KeyFactory keyFactory = KeyFactory.getInstance("RSA");
            PrivateKey privKey = keyFactory.generatePrivate(pubKeySpec);
            // / make hash
            Cipher cipher = Cipher.getInstance("RSA");
            cipher.init(Cipher.ENCRYPT_MODE, privKey);
            // /make encoding
            MessageDigest md5_digest = MessageDigest.getInstance("MD5");
            byte[] digest = md5_digest.digest(data);
            byte[] cipherText = cipher.doFinal(digest);
            byte[] degnatureencode = Base64.encodeBase64(cipherText);
            fopEndSignatuer.write(degnatureencode);
            fopEndSignatuer.flush();
            fopEndSignatuer.close();
}

1 个答案:

答案 0 :(得分:1)

首先,你做的不是RSA数字签名。使用Signature类而不是CipherMessageDigest组合。或者,如果你坚持在低级别上进行,请参考specification,特别是第9.2节。

其次,字符串MIGfMA0GCSqGSIb3DQE不代表RSA公钥,也不是正确的Base64编码数据。

你也想使用Arrays.equals(byte[], byte[])而不是相等运算符,因为后者只是确保数组对象是相同的,而前者比较数组的实际内容。

相关问题
最新问题