无法使用dsa密钥

时间:2017-01-02 03:51:06

标签: java openssl bouncycastle public-key-encryption dsa

调整Creating a DSA Signature from the Linux command line处的路线我创建了一个DSA签名消息:

echo "foobar" > foo.txt
openssl dgst -dss1 -sign dsa_priv.pem foo.txt > sigfile.bin

实际使用的方向是foo.sha1而不是foo.txt,其中foo.sha1是由sha1sum生成的,但是签署哈希似乎有点多余,因为DSA本身应该进行散列。

所以,无论如何,我做到了。这是我使用的私钥(我专门为测试目的而生成它):

-----BEGIN DSA PRIVATE KEY-----
MIIBvAIBAAKBgQDsGAHAM16bsPlwl7jaec4QMynYa0YLiLiOZC4mvH4UW/tRJxTz
aV7eH1EtnP9D9J78x/07wKYs8zJEWCXmuq0UluQfjA47+pb68b/ucQTNeZHboNN9
5oEi+8BCSK0y8G3uf3Y89qHvqa9Si6rP374MinEMrbVFm+UpsGflFcd83wIVALtJ
ANi+lYG7xMKQ/bE4+bS8gemNAoGBAORowvirD7AB9x2SpdiME41+O4jVR8rs6+GX
Ml3Hif6Yt1kem0CeraX9SNoyBNAzjD5TVMGIdGlgRr6GNreHeXMGWlvdDkvCACER
ZEEtMsKZicm+yl6kR8AGHTCA/PBltHfyrFQd4n9I//UDqI4RjqzvpCXGQcVEsSDY
CCBGBQJRAoGBALnHTAZlpoLJZuSBVtnMuRM3cSX43IkE9w9FveDV1jX5mmfK7yBV
pQFV8eVJfk91ERQ4Dn6ePLUv2dRIt4a0S0qHqadgzyoFyqkmmUi1kNLyixtRqh+m
2gXx0t63HEpZDbEPppdpnlppZquVQh7TyrKSXW9MTzUkQjFI9UY7kZeKAhQXiJgI
kBniZHdFBAZBTE14YJUBkw==
-----END DSA PRIVATE KEY-----

这里是sigfile.bin的十六进制编码输出:

302c021456d7e7da10d1538a6cd45dcb2b0ce15c28bac03402147e973a4de1e92e8a87ed5218c797952a3f854df5

我现在正试图用BouncyCastle在Java中验证这一点,但我无法这样做。这是我的Java代码:

import java.io.StringReader;
import org.bouncycastle.openssl.PEMReader;
import java.security.interfaces.DSAPublicKey;
import org.bouncycastle.crypto.params.DSAPublicKeyParameters;

import org.bouncycastle.crypto.signers.DSADigestSigner;
import org.bouncycastle.crypto.signers.DSASigner;
import org.bouncycastle.crypto.digests.SHA1Digest;
import org.bouncycastle.crypto.params.DSAParameters;

public class DSA
{
    public static void main(String[] args)
    throws Exception
    {
        byte[] message = "foobar".getBytes();
        byte[] signature = hexStringToByteArray("302c021456d7e7da10d1538a6cd45dcb2b0ce15c28bac03402147e973a4de1e92e8a87ed5218c797952a3f854df5");

            String key = "-----BEGIN PUBLIC KEY-----\n" +
                "MIIBuDCCASwGByqGSM44BAEwggEfAoGBAOwYAcAzXpuw+XCXuNp5zhAzKdhrRguI\n" +
                "uI5kLia8fhRb+1EnFPNpXt4fUS2c/0P0nvzH/TvApizzMkRYJea6rRSW5B+MDjv6\n" +
                "lvrxv+5xBM15kdug033mgSL7wEJIrTLwbe5/djz2oe+pr1KLqs/fvgyKcQyttUWb\n" +
                "5SmwZ+UVx3zfAhUAu0kA2L6VgbvEwpD9sTj5tLyB6Y0CgYEA5GjC+KsPsAH3HZKl\n" +
                "2IwTjX47iNVHyuzr4ZcyXceJ/pi3WR6bQJ6tpf1I2jIE0DOMPlNUwYh0aWBGvoY2\n" +
                "t4d5cwZaW90OS8IAIRFkQS0ywpmJyb7KXqRHwAYdMID88GW0d/KsVB3if0j/9QOo\n" +
                "jhGOrO+kJcZBxUSxINgIIEYFAlEDgYUAAoGBALnHTAZlpoLJZuSBVtnMuRM3cSX4\n" +
                "3IkE9w9FveDV1jX5mmfK7yBVpQFV8eVJfk91ERQ4Dn6ePLUv2dRIt4a0S0qHqadg\n" +
                "zyoFyqkmmUi1kNLyixtRqh+m2gXx0t63HEpZDbEPppdpnlppZquVQh7TyrKSXW9M\n" +
                "TzUkQjFI9UY7kZeK\n" +
                "-----END PUBLIC KEY-----";
        PEMReader reader = new PEMReader(new StringReader(key));
        DSAPublicKey decoded = (DSAPublicKey) reader.readObject();

        DSADigestSigner dsa = new DSADigestSigner(new DSASigner(), new SHA1Digest());
        DSAParameters params = new DSAParameters(
            decoded.getParams().getP(),
            decoded.getParams().getQ(),
            decoded.getParams().getG()
        );
        DSAPublicKeyParameters publickey = new DSAPublicKeyParameters(decoded.getY(), params);
        dsa.init(false, publickey);
        dsa.update(message, 0, message.length);
        boolean result = dsa.verifySignature(signature);

        System.out.println(result ? "good" : "bad");
    }

    public static byte[] hexStringToByteArray(String s)
    {
        int len = s.length();
        byte[] data = new byte[len / 2];
        for (int i = 0; i < len; i += 2)
        {
            data[i / 2] = (byte) ((Character.digit(s.charAt(i), 16) << 4)
                + Character.digit(s.charAt(i+1), 16));
        }
        return data;
    }
}

签名未经验证。我的Java代码有问题吗?也许OpenSSL对dss1做了一些奇怪的事情?

我能够使用OpenSSL验证签名:

openssl dgst -dss1 -verify dsa_pub.pem -signature sigfile.bin foo.txt

1 个答案:

答案 0 :(得分:2)

(Unix)echo输出其参数,如果多于一个,则以空格分隔 PLUS A NEWLINE 。使用"foobar\n"作为要验证的数据。或者,在printf '%s' foobar >foo.txt的结果上签名可移植省略换行符; 某些版本的echo支持-n用于此目的,一些较旧版本使用\c,有些则根本不支持它。

FYI BouncyCastle从版本150(2013)开始不再有org.bouncycastle.openssl.PEMReader;相反,您需要PEMParser返回org.bouncycastle.asn1.x509.SubjectPublicKeyInfoorg.bouncycastle.openssl.jcajce.JcaPEMKeyConverter可以通过KeyFactory.getInstance(alg).generatePublicKey(new X509EncodedKey(spki.getEncoded()))JcaPEMKeyConverter转换为关键对象,这是org.bouncycastle.jcajce.provider.asymmetric.dsa.DSAUtil.generatePublicKeyParameter实际执行的操作。

OTOH你可以使用openssl dgst来替换那些摆弄参数片段的东西;这就是BC提供者接口(而不是轻量级接口)的作用。或者当然,您可以首先使用JCA,而您根本不需要BC,因为OpenSSL公钥格式(与privatekey不同)始终与基本Java加密兼容。

同样BTW -dss1只需通过版本0.9.8进行-sha1黑客攻击;自2010年发布的1.0.0版本(但由于实际或可怕的不兼容性而未被许多发行版和产品立即升级),您只需要SmartSerializer.php和DSA pubkey。

相关问题
最新问题