我有一个像这样创建的密钥对:
import java.io.File;
import java.io.IOException;
import java.util.Scanner;
public class LinkedList2 {
public static class Node {
public String value;
public Node next;
}
static File dataInpt;
static Scanner inFile;
public static void main(String[] args) throws IOException {
inFile = new Scanner("20\r\n" + "38\r\n" + "5c\r\n" + "2b\r\n" + "54\r\n" + "63\r\n" + "53\r\n" + "43\r\n" + "40\r\n"
+ "14\r\n" + "2a\r\n" + "42\r\n" + "63\r\n" + "63\r\n" + "5c\r\n" + "4c\r\n");
Node first = insertInOrder();
printList(first);
}
public static Node getNode(String element) {
Node temp = new Node();
temp.value = element;
temp.next = null;
return temp;
}
public static void printList(Node head) {
Node ptr; // not pointing anywhere
for (ptr = head; ptr != null; ptr = ptr.next) {
System.out.println(ptr.value);
}
System.out.println();
}
public static Node insertInOrder() {
Node current = getNode(inFile.next());
Node first = current, last = current;
while (inFile.hasNext()) {
if (first != null && current.value.compareTo(first.value) < 0) {
current.next = first;
first = current;
} else if (last != null && current.value.compareTo(last.value) > 0) {
last.next = current;
last = current;
} else {
Node temp = first;
while (current.value.compareTo(temp.value) < 0) {
temp = temp.next;
}
current.next = temp.next;
temp.next = current;
}
current = getNode(inFile.next());
}
return first;
}
接下来,我使用foll签署一个文本文件。命令:
openssl req -x509 -out public_key.der -outform der -new -newkey rsa:1024 -keyout private_key.pem -days 3650
现在,我想在iOS上验证它:
openssl dgst -sha256 some_text.txt > hash256
openssl rsautl -sign -inkey private_key.pem -keyform PEM -in hash256 > signature256.txt
一切看起来都不错,直到我调用 + (BOOL)verifySignature {
NSData* publicKeyData = [NSData dataWithContentsOfURL:[[NSBundle mainBundle] URLForResource:@"public_key" withExtension:@"der"]];
SecCertificateRef pubCertificate = SecCertificateCreateWithData(kCFAllocatorDefault, ( __bridge CFDataRef) publicKeyData);
if (pubCertificate == nil) {
NSLog(@"Can not read certificate from data");
return NO;
}
SecTrustRef trust;
SecPolicyRef policy = SecPolicyCreateBasicX509();
OSStatus returnCode = SecTrustCreateWithCertificates(pubCertificate, policy, &trust);
if (returnCode != errSecSuccess) {
NSLog(@"SecTrustCreateWithCertificates fail. Error Code: %d", (int)returnCode);
return NO;
}
SecTrustResultType trustResultType;
returnCode = SecTrustEvaluate(trust, &trustResultType);
if (returnCode != errSecSuccess) {
return NO;
}
SecKeyRef publicKey = SecTrustCopyPublicKey(trust);
NSURL* textFileUrl = [[NSBundle mainBundle] URLForResource:@"some_text" withExtension:@"txt"];
NSData* signedData = [NSData dataWithContentsOfURL:textFileUrl];
size_t signedDataLen = [signedData length];
void *signedDataBuffer = malloc(signedDataLen);
[signedData getBytes:signedDataBuffer length:signedDataLen];
void* hashBuffer = malloc(CC_SHA256_DIGEST_LENGTH);
CC_SHA256(signedDataBuffer, (CC_LONG)signedDataLen, hashBuffer);
NSURL* signatureFileUrl = [[NSBundle mainBundle] URLForResource:@"signature256" withExtension:@"txt"];
NSData* signatureData = [NSData dataWithContentsOfURL:signatureFileUrl];
size_t signatureLen = [signatureData length];
void* signatureBuffer = malloc(signatureLen);
[signatureData getBytes:signatureBuffer length:signatureLen];
returnCode = SecKeyRawVerify(publicKey, kSecPaddingPKCS1SHA256, hashBuffer, CC_SHA256_DIGEST_LENGTH, signatureBuffer, signatureLen);
if (returnCode != errSecSuccess) {
NSLog(@"SecKeyRawVerify fail. Error Code: %d", (int)returnCode);
}
free(signedDataBuffer);
free(signatureBuffer);
free(hashBuffer);
CFRelease(pubCertificate);
CFRelease(policy);
CFRelease(trust);
CFRelease(publicKey);
,这会返回错误代码-9809。
我做错了什么?