我已经加载了两把钥匙,我想在与其中一把钥匙签了之后验证它们,但我遇到了困难。我最后得到“验证:错误”,没有任何错误。有人可以指出这个漏洞吗?
package fliesigning;
import static fliesigning.FlieSigning.verifySig;
import java.io.*;
import java.nio.ByteBuffer;
import java.security.*;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.math.BigInteger;
import java.security.Provider;
import java.security.Security;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.RSAPrivateKeySpec;
import java.security.spec.RSAPublicKeySpec;
import javax.crypto.Cipher;
import org.apache.commons.codec.binary.Base64;
public class Signing {
private static final String BEGIN_RSA_PRIVATE_KEY = "<PRIVATE KEY>";
private static final String BEGIN_RSA_PUBLIC_KEY = "<PUBLIC KEY>";
public static void main(String[] args) throws Exception {
// Remove the first and last lines
String privKeyPEM = BEGIN_RSA_PRIVATE_KEY.replace("-----BEGIN RSA PRIVATE KEY-----\n", "");
privKeyPEM = privKeyPEM.replace("-----END RSA PRIVATE KEY-----", "");
System.out.println(privKeyPEM);
String publicKeyPEM = BEGIN_RSA_PUBLIC_KEY.replace("-----BEGIN PUBLIC KEY-----\n", "");
publicKeyPEM = publicKeyPEM.replace("-----END PUBLIC KEY-----", "");
System.out.println(publicKeyPEM);
// Base64 decode the data
Base64 b64 = new Base64();
byte [] encoded = b64.decode(privKeyPEM);
byte [] encoded_pub = b64.decode(publicKeyPEM);
// PKCS8 decode the encoded RSA private key
PKCS8EncodedKeySpec privateKeySpec = new PKCS8EncodedKeySpec(encoded);
KeyFactory kf = KeyFactory.getInstance("RSA");
PrivateKey privKey = kf.generatePrivate(privateKeySpec);
X509EncodedKeySpec publicKeySpec = new X509EncodedKeySpec(encoded_pub);
KeyFactory pk = KeyFactory.getInstance("RSA");
PublicKey publicKey = pk.generatePublic(publicKeySpec);
// Display the results
System.out.println(privKey);
String file = "qwerty";
byte[] fileBytes = file.getBytes();
byte[] digitalSignature = signData(fileBytes, privKey);
System.out.println("SIGNATURE MADE");
boolean verified;
verified = verifySig(fileBytes, publicKey, digitalSignature);
System.out.println("verified: " + verified) ;
}
public static byte[] signData(byte[] data, PrivateKey key) throws Exception {
Signature signer = Signature.getInstance("SHA256withRSA");
signer.initSign(key);
signer.update(data);
return (signer.sign());
}
public static boolean verifySig(byte[] data, PublicKey key, byte[] sig) throws Exception {
Signature signer = Signature.getInstance("SHA256withRSA");
signer.initVerify(key);
signer.update(data);
return (signer.verify(sig));
}
}
答案 0 :(得分:1)
您的代码似乎工作正常,必须是您的密钥实际上不匹配。我使用以下方法创建了一些测试密钥:
openssl genrsa -out priv.pem
(创建基本RSA私钥)
openssl rsa -in priv.pem -pubout -out pub.pem
(提取公钥)
openssl pkcs8 -in priv.pem -out pk8.pem -topk8 -nocrypt
(将私钥转换为未加密的PKCS#8格式)
这给了我两个要测试的文件:pk8.pem和pub.pem。我稍微更改了代码,以便开始和结束标记为-----BEGIN PRIVATE KEY-----和-----END PRIVATE KEY-----。
验证顺利通过。