很长一段时间以来,我一直在使用X509证书进行签名。
PrivateKey privateKey = ...
String document = ...
Signature signature = Signature.getInstance("SHA256withRSA");
signature.initSign(privateKey);
signature.update(document.getBytes());
return signature.sign();
正在验证。。。
PublicKey publicKey = ...
String document = ...
byte[] signature = ...
Signature signature = Signature.getInstance("SHA256withRSA");
signature.initVerify(publicKey);
signature.update(document.getBytes());
return signature.verify(signature);
很简单。
但最近我听说可以只使用文档的SHA256哈希来验证签名,而不是整个文档。。。
PublicKey publicKey = ...
byte[] documentHash = MessageDigest.getInstance("SHA-256").digest(document.getBytes());
byte[] signature = ...
Signature signature = Signature.getInstance("SHA256withRSA");
signature.initVerify(publicKey);
// ???
return signature.verify(signature);
有可能吗?在Java中会是什么样子?
我是从另一家公司听说的,所以我无法访问源代码=(
简短的回答是是。
长答案与将签名与算法标识符封装在一起的编码有关;仅在散列上验证";功能你必须做2个改变。
首先,将算法标识符添加到签名中:正如@President James K.Polk所写,您必须添加一些额外的字节,才能对验证函数的输入进行正确编码。根据您的需要";EMSA-PKCS1-v1_ 5"-衬垫(此处描述:https://www.rfc-editor.org/rfc/rfc3447#page-41(您必须在表示用于计算哈希的算法。
我有点懒,把必要的字节准备成硬编码的字节数组,所以这个版本只在SHA-256算法上运行-如果如果你使用了不同的哈希算法,你需要更改预先准备好的字节:
String prependSha256String = "3031300D060960864801650304020105000420";
byte[] prependSha256 = hexStringToByteArray(prependSha256String);
int combinedLength = prependSha256.length + documentHash.length;
byte[] documentHashFull = new byte[combinedLength];
System.arraycopy(prependSha256, 0, documentHashFull, 0, prependSha256.length);
System.arraycopy(documentHash, 0, documentHashFull, prependSha256.length, documentHash.length);
第二-使用另一种RSA签名方案:由于我们已经完成了SHA-256部分,我们需要一个";裸的";称为"RSA"方案;NonewithRSA";,因此您需要更改实例化,如:
Signature signatureVerifyHash = Signature.getInstance("NonewithRSA");
这是两个RSA签名验证的结果(旧的和"新的"一个(:
verify the signature with the full document
sigVerified: true
verify the signature with the SHA256 of the document only
sigVerifiedHash: true
以下是完整的工作代码:
import java.security.*;
public class MainSo2 {
public static void main(String[] args) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException {
System.out.println("Is it possible to verify a SHA256withRSA signature with a SHA256 hash of the original data?");
// create a rsa keypair of 2048 bit keylength
KeyPairGenerator rsaGenerator = KeyPairGenerator.getInstance("RSA");
SecureRandom random = new SecureRandom();
rsaGenerator.initialize(2048, random);
KeyPair rsaKeyPair = rsaGenerator.generateKeyPair();
PublicKey publicKey = rsaKeyPair.getPublic();
PrivateKey privateKey = rsaKeyPair.getPrivate();
String document = "The quick brown fox jumps over the lazy dog";
// sign
Signature signature = Signature.getInstance("SHA256withRSA");
signature.initSign(privateKey);
signature.update(document.getBytes());
byte[] sig = signature.sign();
// verify with full message
System.out.println("nverify the signature with the full document");
Signature signatureVerify = Signature.getInstance("SHA256withRSA");
signatureVerify.initVerify(publicKey);
signatureVerify.update(document.getBytes());
boolean sigVerified = signatureVerify.verify(sig);
System.out.println("sigVerified: " + sigVerified);
// verify just the sha256 hash of the document
System.out.println("nverify the signature with the SHA256 of the document only");
byte[] documentHash = MessageDigest.getInstance("SHA-256").digest(document.getBytes());
// you need to prepend some bytes: 30 31 30 0D 06 09 60 86 48 01 65 03 04 02 01 05 00 04 20
// see https://www.rfc-editor.org/rfc/rfc3447#page-41
// warning: this string is only for SHA-256 algorithm !!
String prependSha256String = "3031300D060960864801650304020105000420";
byte[] prependSha256 = hexStringToByteArray(prependSha256String);
int combinedLength = prependSha256.length + documentHash.length;
byte[] documentHashFull = new byte[combinedLength];
System.arraycopy(prependSha256, 0, documentHashFull, 0, prependSha256.length);
System.arraycopy(documentHash, 0, documentHashFull, prependSha256.length, documentHash.length);
// lets verify
Signature signatureVerifyHash = Signature.getInstance("NonewithRSA");
signatureVerifyHash.initVerify(publicKey);
// signatureVerifyHash.update(document.getBytes());
signatureVerifyHash.update(documentHashFull);
boolean sigVerifiedHash = signatureVerifyHash.verify(sig);
System.out.println("sigVerifiedHash: " + sigVerifiedHash);
}
public static byte[] hexStringToByteArray(String s) {
int len = s.length();
byte[] data = new byte[len / 2];
for (int i = 0; i < len; i += 2) {
data[i / 2] = (byte) ((Character.digit(s.charAt(i), 16) << 4)
+ Character.digit(s.charAt(i + 1), 16));
}
return data;
}
}