我正在写一段代码来检查签名
如果r和s为正,则下面的代码有效否则验证失败。
我的代码是
PublicKey publicKey = cert.getPublicKey();
Signature ecdsaVerify = Signature.getInstance("SHA256withECDSA", new BouncyCastleProvider());
ecdsaVerify.initVerify(publicKey);
ecdsaVerify.update(message.getBytes());
valid = ecdsaVerify.verify(sigDer);
我的签名是以der格式创建的,从原始r和s开始。请记住,如果r或s为负数,则将"00"添加到der格式中,我还使用了BouncyCastle ANS1级
ASN1EncodableVector v = new ASN1EncodableVector();
v.add(new ASN1Integer(r));
v.add(new ASN1Integer(s));
DERSequence der = new DERSequence(v);
但我仍然能够验证r和s是否为正,如果其中一个为负(初始字节大于0x80(,我就不能验证
我错过了什么?
-----编辑-----
我创建了一个更好的代码来解释我的问题
static boolean verifySignature(String messagePlain, String certificatePEM, String rHex, String sHex)
{
boolean valid = false;
Security.addProvider(new BouncyCastleProvider());
try
{
BigInteger r = new BigInteger(rHex, 16);
BigInteger s = new BigInteger(sHex, 16);
ASN1EncodableVector v = new ASN1EncodableVector();
v.add(new ASN1Integer(r));
v.add(new ASN1Integer(s));
DERSequence der = new DERSequence(v);
byte[] signature = der.getEncoded();
CertificateFactory cf = CertificateFactory.getInstance("X.509", new BouncyCastleProvider());
InputStream certStream = new ByteArrayInputStream(certificatePEM.getBytes());
X509Certificate x509cert = (X509Certificate)cf.generateCertificate(certStream);
PublicKey publicKey = x509cert.getPublicKey();
Signature ecdsaVerify = Signature.getInstance("SHA256withECDSA", new BouncyCastleProvider());
ecdsaVerify.initVerify(publicKey);
ecdsaVerify.update(messagePlain.getBytes());
valid = ecdsaVerify.verify(signature);
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (CertificateException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (SignatureException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (InvalidKeyException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
return valid;
}
我的主要
public static void main( String[] args )
{
String messNOT = "dc03d9c5676cc8a76b59214b86214b865d01022cdd518622c721967c7c23abbc133c133c133c133c133c133c2c651a2419a64d4a598d19cd202326752cdefe3204031f00000506675b20383373";
String rNOT = "663e5dd196f22f03e3aba8f6652d1ca92d207088911987f44048a4b85ec36e91";
String sNOT = "84c4ca1678dce85b19b2ddb378f4a1df878cec21ce6fbab9292576281602041d";
String certNOT ="-----BEGIN CERTIFICATE-----rn"
+ "MIICzDCCAlOgAwIBAgICANMwCgYIKoZIzj0EAwMwdjELMAkGA1UEBhMCQ0gxDjAMrn"
+ "BgNVBAoMBUFkbWluMREwDwYDVQQLDAhTZXJ2aWNlczEiMCAGA1UECwwZQ2VydGlmrn"
+ "aWNhdGlvbiBBdXRob3JpdGllczEgMB4GA1UEAwwXYWJuYS1jc2NhLXN3aXR6ZXJsrn"
+ "YW5kLTIwHhcNMjIwMjA5MTQxNDM2WhcNMjgwMjE0MTQxNDM2WjAaMQswCQYDVQQGrn"
+ "EwJDSDELMAkGA1UEAxMCVlMwggEzMIHsBgcqhkjOPQIBMIHgAgEBMCwGByqGSM49rn"
+ "AQECIQCp+1fboe6pvD5mCpCdg41ybjv2I9UmICggE0gdH25TdzBEBCB9Wgl1/Cwwrn"
+ "V+72dTBBev/n+4BVwSbcXGzpSktE8zC12QQgJtxcbOlKS0TzMLXZu9d8v5WEFilcrn"
+ "9+HOa8zcGP+MB7YEQQSL0q65y35XyyxLSC/8gbevud4n4eO9I8I6RFO9ms4yYlR+rn"
+ "+DXD2sT9l/hGGhRhHcnCd0UTLe2OVFwdVMcvBGmXAiEAqftX26Huqbw+ZgqQnYONrn"
+ "cYw5eqO1Yab3kB4OgpdIVqcCAQEDQgAEEw6HdjvJQhXyiitwaWZ4DmypigCjdJenrn"
+ "oRjW7Tz3n1Mlqf2dwwgYcwHB7N6zvLpQ2aZmILOicbyvSKHCZHaztqNRME8wHwYDrn"
+ "VR0jBBgwFoAU5/zrAS4O3jj5DvGKXM5XDxMEyXMwFQYHZ4EIAQEGAgQKMAgCAQAxrn"
+ "AxMBVjAVBgNVHSUBAf8ECzAJBgdngQgBAQsBMAoGCCqGSM49BAMDA2cAMGQCMEG4rn"
+ "zJn2/N85NLsDM58+jB0oyFTB152gPyAcdhq04gLpXynW2qbSNfE6Fgw34Qm+vAIwrn"
+ "AZSAdepOu4r6T+hj1p8Q3HFlSvlByjpr/b2VNiMXup6v3O7BnGqbyRFgMlc3c/BBrn"
+ "-----END CERTIFICATE-----";
String messYES = "dc03d9c5d9b71fe6fe336de4e53214665d01022cdb5bd2b3c549cd1da93c5bd458135c6f57fc133c133c133c9e2e4d0d28043132b09e1ae53f5c52853f78fe370403900000050659e9269f2cb8";
String rYES = "473c2e821b49bffc32e49cb7ed5f0645a32ad76c8258ebd4ec9aca56";
String sYES = "77c7e16920143444cf68d3891436b1a0189e08d06b104fdb247cd3ef";
String certYES ="-----BEGIN CERTIFICATE-----rn"
+ "MIID7jCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQsFADAuMQswCQYDVQQGEwJVVDEPrn"
+ "MA0GA1UECgwGVVRPUElBMQ4wDAYDVQQDDAVDU0NBMTAeFw0yMTEwMjAxMjEwMTharn"
+ "Fw0yNDEwMTkxMjEwMThaMBoxCzAJBgNVBAYTAlVUMQswCQYDVQQDDAJBMTCCARMwrn"
+ "gdQGByqGSM49AgEwgcgCAQEwKAYHKoZIzj0BAQIdANfBNKomQ2aGKhgwJXXR14ewrn"
+ "nwdXl9qJ9X7IwP8wPAQcaKXmLKnObBwpmAOmwVMLUU4YKtiwBCpZytKfQwQcJYD2rn"
+ "PM/kQTiHBxOxqSNp4z4hNdJm27NyOGxACwQ5BA2QKa0sflz0NAgjsqh9xoyeTOMXrn"
+ "TB5u/e4SwH1Yqlb3csBybyTGuJ5OzawkNUuemcqj9tN2FALNAh0A18E0qiZDZoYqrn"
+ "GDAlddD7mNEWvEtt3ryjpaeTnwIBAQM6AATBWidMSa55454DGh7j+IkWfswMr33vrn"
+ "jwQiNONEo+LRC3+yL5dDcfdCfDQqrMdAC8PfR/8cMVRMJ6M6MDgwHwYDVR0jBBgwrn"
+ "FoAUCoYRgjvodzM4CDLB5bSdQMEXyBIwFQYDVR0lAQH/BAswCQYHZ4EIAQEOAjANrn"
+ "BgkqhkiG9w0BAQsFAAOCAgEAe+CFC4CEPjGx9vDi+zWKCho6QtwGI/MVwWqmgoRSrn"
+ "UgBgMrtAq/tYeWz8tD6kZzLW8M5PxGLRUyd4oBt2WzdNqHGJ72w4NDeUm33DH40grn"
+ "bivStdcHIeYxxNCq1WFiN1oAfqpi+XdzfSgRSSuYY+8sZoGxg2A7ydMIGN4CuWGDrn"
+ "Op1T/BViespPkZWFo9P8wdetaV3mqjLu7oiDISkfxQhGRFMpOJrw/blxhl5ZgRShrn"
+ "Zrvpz8nzMZitxPompJLCL0rHCofLwPRKvFF4W5DQt0n3MWVrXjHtLFC4haO05Ugwrn"
+ "VQy+KgWwE+AhdkUJGHrSUtEajiscgULU6l/UIuOpmF68VqHvx6EEM7UpLbXXQkuMrn"
+ "lE+9YWKRj0bssVKtoShw3m+TDsrk1xfGzk6lLPPpcObvdNkRiPufoMCD0Ci8h05Srn"
+ "oQCWLFLJcOrn8yGVSwaHgbcsuVX15rCneeXIhGbRlnnqjD/Z+vWGh3RleOSvdIDMrn"
+ "hnYDoRm7gZs0b5hIZ6M9kBqDTf61rraV7+0LzFuWMIq7+ree2eCIeBv26f+LRFXyrn"
+ "UDGWqEfiZR2ytyY54VUc/ptMVwkz1EethHu2JqZxAp1qkWUci++AZN43Typ/NJ9rrn"
+ "qZjM5nSSQzQDVvfE8seLe/78mmwmM9pD+NMGxWMpdA0MBwJN0Nzhlcp/rnWKtp7urn"
+ "3jo=rn"
+ "-----END CERTIFICATE-----";
System.out.println("valid: " + verifySignature(messNOT, certNOT, rNOT, sNOT));
System.out.println("valid: " + verifySignature(messYES, certYES, rYES, sYES));
}
输出
valid: false
valid: true
使用openssl可以验证这两个签名,为什么它在java中不起作用?
问题的原因不是r和/或s以字节开头>=0x80,但是消息messNOT在验证期间是UTF-8编码的。
如果messNOT不是UTF-8编码的而是十六进制解码的,则对有问题的消息messNOT的验证是成功的。相反,对于工作消息messYES,如果messYES是UTF-8编码的,则验证是成功的。
由于这两条消息在发布的代码中都是UTF-8编码的,这就解释了为什么messNOT的验证失败,而messYES的验证成功。
为了成功验证两条消息,最简单的方法是在verifySignature():中将消息作为byte[]传递
static boolean verifySignature(byte[] messagePlain, String certificatePEM, String rHex, String sHex) {
...
ecdsaVerify.update(messagePlain);
...
}
并预先执行转换(如所述(:
import org.bouncycastle.util.encoders.Hex;
...
System.out.println("valid: " + verifySignature(Hex.decode(messNOT), certNOT, rNOT, sNOT)); // valid: true
System.out.println("valid: " + verifySignature(messYES.getBytes(StandardCharsets.UTF_8), certYES, rYES, sYES)); // valid: true
这与通过OpenSSL进行的验证是一致的
顺便说一句,BouncyCastle还支持带有SHA256withPlain-ECDSA的IEEE P1363(即r|s(格式,因此不需要转换为ASN.1/DER。