我运行一个java程序来验证数字签名
package com.cryptography;
import java.io.BufferedInputStream;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
public class VerifyDkimSignature {
public static void main(String[] args) {
FileInputStream fis;
try {
//Read encoded public key bytes
fis = new FileInputStream
("/home/src/com/cryptography/DkimPublicKey");
byte[] encKey = new byte[fis.available()];
fis.read(encKey);
fis.close();
//Generate public key
X509EncodedKeySpec pubKeySpec = new X509EncodedKeySpec(encKey);
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
PublicKey pubKey = keyFactory.generatePublic(pubKeySpec);
//Read signature bytes from file
BufferedInputStream bis = new BufferedInputStream
(new FileInputStream
("/home/src/com/cryptography/Signature"));
byte[] signatureBytes = new byte[bis.available()];
bis.read(signatureBytes);
//Initialise signature instance
Signature sig = Signature.getInstance("SHA256withRSA");
sig.initVerify(pubKey);
//Supply signature object with the data for verification
bis = new BufferedInputStream
(new FileInputStream
("/home/src/com/cryptography/SampleFile.txt"));
byte[] origFile = new byte[1024];
int len = 0;
while(bis.available() != 0) {
len = bis.read(origFile);
sig.update(origFile, 0, len);
}
boolean isVerifies = sig.verify(signatureBytes);
System.out.println("Signature verifies::"+isVerifies);
} catch (FileNotFoundException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (InvalidKeySpecException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (InvalidKeyException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (SignatureException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
}
当我执行它时,我得到以下异常
java.security.SignatureException: Signature encoding error
at sun.security.rsa.RSASignature.engineVerify(Unknown Source)
at java.security.Signature$Delegate.engineVerify(Unknown Source)
at java.security.Signature.verify(Unknown Source)
at com.cryptography.VerifyDkimSignature.main(VerifyDkimSignature.java:54)
Caused by: java.io.IOException: ObjectIdentifier mismatch: 1.3.14.3.2.26
at sun.security.rsa.RSASignature.decodeSignature(Unknown Source)
... 4 more
有人可以解释错误的原因吗?
答案 0 :(得分:2)
事实证明,“1.3.14.3.2.26”(来自IOException)是SHA-1算法的OID。所以我在这里做的错误是使用不同的算法进行验证和签名,即我使用SHA1withRSA进行签名,使用SHA256和RSA进行验证。一旦我将验证端的算法更改为SHA1WithRSA
,这就解决了