使用Public Key的ECDSA Android验证始终返回false

时间:2017-08-26 14:57:47

标签: android android-keystore ecdsa

我有一些令牌,我需要先根据KeyStore的私钥和公钥使用SHA256和ECDSA签名。

每次当我尝试验证值时,我都会得到错误的结果。我不知道为什么。

有人知道如何解决这个问题吗?

以下是我生成和加载密钥的功能:

private void generateKeys(){

    try {

        keyStore = KeyStore.getInstance(KEYSTORE_NAME);
        keyStore.load(null);

        if(!keyStore.containsAlias(KEY_NAME)) {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(KeyProperties.KEY_ALGORITHM_EC, KEYSTORE_NAME);
            keyPairGenerator.initialize(
                    new KeyGenParameterSpec.Builder(KEY_NAME,
                            KeyProperties.PURPOSE_SIGN | KeyProperties.PURPOSE_VERIFY)
                            .setDigests(KeyProperties.DIGEST_SHA256,
                                    KeyProperties.DIGEST_SHA512)
                            .setAlgorithmParameterSpec(new ECGenParameterSpec("secp256r1"))
                            .setUserAuthenticationRequired(false)
                            .build());
            keyPairGenerator.generateKeyPair();

            setRegistred(true);
        }
    } catch (NoSuchAlgorithmException e) {
        e.printStackTrace();
    } catch (NoSuchProviderException e) {
        e.printStackTrace();
    } catch (InvalidAlgorithmParameterException e) {
        e.printStackTrace();
    } catch (CertificateException e) {
        e.printStackTrace();
    } catch (KeyStoreException e) {
        e.printStackTrace();
    } catch (IOException e) {
        e.printStackTrace();
    }
}



private void loadKeys(){
    try {
        keyStore = KeyStore.getInstance(KEYSTORE_NAME);
        keyStore.load(null);
        if(keyStore.containsAlias(KEY_NAME)) {
            publicKey = keyStore.getCertificate(KEY_NAME).getPublicKey();
            privateKey = (PrivateKey) keyStore.getKey(KEY_NAME, null);
        }
    } catch (IOException e) {
        e.printStackTrace();
    } catch (NoSuchAlgorithmException e) {
        e.printStackTrace();
    } catch (CertificateException e) {
        e.printStackTrace();
    } catch (KeyStoreException e) {
        e.printStackTrace();
    } catch (UnrecoverableKeyException e) {
        e.printStackTrace();
    }
}

这是符号值:

 public String sign(String inputStr, FingerprintManager.CryptoObject cryptoObject){
    try {
        Signature signature = Signature.getInstance(SecurityConstants.SIGNATURE);
        signature.initSign(privateKey);
        signature.update(inputStr.getBytes());
        byte[] signedBytes = signature.sign();
        String result = Base64.encodeToString(signedBytes, Base64.DEFAULT);
        Log.d("TAG", result);
        return result;
    } catch (SignatureException e) {
        e.printStackTrace();
    } catch (InvalidKeyException e) {
        e.printStackTrace();
    } catch (NoSuchAlgorithmException e) {
        e.printStackTrace();
    }
    return null;
}

我尝试使用公钥进行验证:

public boolean verifyWithPublicKey(String input, FingerprintManager.CryptoObject cryptoObject){
    try {
        Signature signature = Signature.getInstance(SecurityConstants.SIGNATURE);
        keyStore = KeyStore.getInstance(KEYSTORE_NAME);
        keyStore.load(null);
        PublicKey pk  = getPublicKeyForVerification();
        signature.initVerify(pk);
        signature.update(input.getBytes());
        boolean isVerifed = signature.verify(input.getBytes());
        Log.d("TAG", String.valueOf(isVerifed));
        return isVerifed;
    } catch (SignatureException e) {
        e.printStackTrace();
    } catch (InvalidKeyException e) {
        e.printStackTrace();
    } catch (CertificateException e) {
        e.printStackTrace();
    } catch (NoSuchAlgorithmException e) {
        e.printStackTrace();
    } catch (KeyStoreException e) {
        e.printStackTrace();
    } catch (IOException e) {
        e.printStackTrace();
    }
    return false;
}

1 个答案:

答案 0 :(得分:1)

当您编写以下代码以验证签名时,错误就在这里:

signature.update(input.getBytes());
boolean isVerifed = signature.verify(input.getBytes());

使用此代码,您尝试验证签名是否已自行签名!

你应该:

signature.update(MY_BYTES_ARRAY_OF_DATA);
boolean isVerifed = signature.verify(MY_SIGNATURE);

请不要忘记默认情况下签名不会封装签名数据。

如果您想拥有包含签名数据和相关签名的格式,请使用S / MIME,OpenPGP等。