问题

我正在尝试让Java验证一个已签名的SHA-1哈希值，但它始终返回false。我在Go中有以下代码，它生成一个RSA密钥对，并对命中/sign端点的任何消息进行签名并返回带有十六进制编码的哈希、公钥模数和指数的消息：

package main

import (
	"crypto"
	"crypto/rand"
	"crypto/rsa"
	"encoding/hex"
	"encoding/json"
	"fmt"
	"io"
	"net/http"
	"strconv"
)

var PrivKey *rsa.PrivateKey

type Message struct {
	Message string `json:"message"`
}

func (msg *Message) Decode(r io.Reader) error {
	return json.NewDecoder(r).Decode(&msg)
}

type Signature struct {
	Hash      string `json:"hash"`
	Signature string `json:"signature"`
	N         string `json:"N"`
	E         string `json:"E"`
}

func hash(msg string) []byte {
	sh := crypto.SHA1.New()
	sh.Write([]byte(msg))
	hash := sh.Sum(nil)
	return hash
}

func SignWithKey(msg Message) Signature {
	hash := hash(msg.Message)
	bytes, err := rsa.SignPKCS1v15(rand.Reader, PrivKey, crypto.SHA1, hash)
	if err != nil {
		panic(err)
	}
	signature := hex.EncodeToString(bytes)
	sig := Signature{
		hex.EncodeToString(hash),
		signature,
		PrivKey.PublicKey.N.String(),
		strconv.Itoa(PrivKey.PublicKey.E),
	}
	return sig
}

func sign(w http.ResponseWriter, r *http.Request) {
	fmt.Println("/sign")
	var msg Message
	err := msg.Decode(r.Body)
	if err != nil {
		panic(err)
	}

	fmt.Println("Signing: " + msg.Message)
	signature := SignWithKey(msg)
	js, err := json.Marshal(signature)
	fmt.Println(string(js))

	w.Header().Set("Content-Type", "application/json")
	w.Write(js)
}

func LoadKeys() {
	// generate private key
	var err error
	PrivKey, err = rsa.GenerateKey(rand.Reader, 2048)
	if err != nil {
		fmt.Println(err)
	}
}

func main() {

	fmt.Println("Loading Keys")
	LoadKeys()
	fmt.Println("Keys Loaded")
	http.HandleFunc("/sign", sign)

	http.ListenAndServe(":8080", nil)
}

在Java/Android端，我有以下代码，它在发送相关部分后，使用未解析的JSON对象调用此函数，但一旦到达签名验证部分，它总是返回false：

protected void onPostExecute(String result) {
    if (result == null) {
        tv.setText("NULL");
        return;
    }
    JsonElement jelement = new JsonParser().parse(result);
    JsonObject jobject = jelement.getAsJsonObject();
    String signature = jobject.getAsJsonPrimitive("signature").getAsString();
    BigInteger N = jobject.getAsJsonPrimitive("N").getAsBigInteger();
    BigInteger E = jobject.getAsJsonPrimitive("E").getAsBigInteger();
    String hash = jobject.getAsJsonPrimitive("hash").getAsString();
    java.security.spec.RSAPublicKeySpec spec = new java.security.spec.RSAPublicKeySpec(N, E);

    try {
        KeyFactory keyFactory = KeyFactory.getInstance("RSA");
        PublicKey pk = keyFactory.generatePublic(spec);

        MessageDigest digest = MessageDigest.getInstance("SHA1");
        byte[] inputBytes = msg.getBytes("UTF8");
        byte[] hashedBytes = digest.digest(inputBytes);

        Signature sig = Signature.getInstance("SHA1withRSA", "SC");
        sig.initVerify(pk);
        sig.update(hashedBytes);
        boolean ret = sig.verify(Hex.decode(signature));
        if (ret) {
            tv.setText(output + "Verified");
        } else {
            tv.setText(output + "NOT VERIFIED");
        }
    } catch (Exception e) {
        Log.i("error", e.toString());
    }
}

请问有什么我可以帮助你的吗？

英文:

I am trying to get Java to verify a signed SHA-1 hash but it keeps returning false. I have the following code in Go which generates an RSA Key Pair and signs and returns any message that hits the /sign endpoint along with the hex encoded hash and the public key modulus and exponent:

package main
import (
&quot;crypto&quot;
&quot;crypto/rand&quot;
&quot;crypto/rsa&quot;
&quot;encoding/hex&quot;
&quot;encoding/json&quot;
&quot;fmt&quot;
&quot;io&quot;
&quot;net/http&quot;
&quot;strconv&quot;
)
var PrivKey *rsa.PrivateKey
type Message struct {
Message string `json:&quot;message&quot;`
}
func (msg *Message) Decode(r io.Reader) error {
return json.NewDecoder(r).Decode(&amp;msg)
}
type Signature struct {
Hash      string `json:&quot;hash&quot;`
Signature string `json:&quot;signature&quot;`
N         string `json:&quot;N&quot;`
E         string `json:&quot;E&quot;`
}
func hash(msg string) []byte {
sh := crypto.SHA1.New()
sh.Write([]byte(msg))
hash := sh.Sum(nil)
return hash
}
func SignWithKey(msg Message) Signature {
hash := hash(msg.Message)
bytes, err := rsa.SignPKCS1v15(rand.Reader, PrivKey, crypto.SHA1, hash)
if err != nil {
panic(err)
}
signature := hex.EncodeToString(bytes)
sig := Signature{
hex.EncodeToString(hash),
signature,
PrivKey.PublicKey.N.String(),
strconv.Itoa(PrivKey.PublicKey.E),
}
return sig
}
func sign(w http.ResponseWriter, r *http.Request) {
fmt.Println(&quot;/sign&quot;)
var msg Message
err := msg.Decode(r.Body)
if err != nil {
panic(err)
}
fmt.Println(&quot;Signing: &quot; + msg.Message)
signature := SignWithKey(msg)
js, err := json.Marshal(signature)
fmt.Println(string(js))
w.Header().Set(&quot;Content-Type&quot;, &quot;application/json&quot;)
w.Write(js)
}
func LoadKeys() {
// generate private key
var err error
PrivKey, err = rsa.GenerateKey(rand.Reader, 2048)
if err != nil {
fmt.Println(err)
}
}
func main() {
fmt.Println(&quot;Loading Keys&quot;)
LoadKeys()
fmt.Println(&quot;Keys Loaded&quot;)
http.HandleFunc(&quot;/sign&quot;, sign)
http.ListenAndServe(&quot;:8080&quot;, nil)
}

On the Java/Android side I have this code which after sending the relevant bits hits this function with the unparsed JSON object, but once it gets to the Signature verify part it always returns false:

protected void onPostExecute(String result) {
if (result == null) {
tv.setText(&quot;NULL&quot;);
return;
}
JsonElement jelement = new JsonParser().parse(result);
JsonObject jobject = jelement.getAsJsonObject();
String signature = jobject.getAsJsonPrimitive(&quot;signature&quot;).getAsString();
BigInteger N = jobject.getAsJsonPrimitive(&quot;N&quot;).getAsBigInteger();
BigInteger E = jobject.getAsJsonPrimitive(&quot;E&quot;).getAsBigInteger();
String hash = jobject.getAsJsonPrimitive(&quot;hash&quot;).getAsString();
java.security.spec.RSAPublicKeySpec spec = new java.security.spec.RSAPublicKeySpec(N, E);
try {
KeyFactory keyFactory = KeyFactory.getInstance(&quot;RSA&quot;);
PublicKey pk = keyFactory.generatePublic(spec);
MessageDigest digest = MessageDigest.getInstance(&quot;SHA1&quot;);
byte[] inputBytes = msg.getBytes(&quot;UTF8&quot;);
byte[] hashedBytes = digest.digest(inputBytes);
Signature sig = Signature.getInstance(&quot;SHA1withRSA&quot;, &quot;SC&quot;);
sig.initVerify( pk );
sig.update( hashedBytes );
boolean ret = sig.verify( Hex.decode(signature) );
if (ret) {
tv.setText(output + &quot;Verified&quot;);
} else {
tv.setText(output + &quot;NOT VERIFIED&quot;);
}
}
catch (Exception e) {
Log.i(&quot;error&quot;, e.toString());
}  
}
}

答案1

得分: 2

在Java中，您在签名或验证消息之前不需要对其进行哈希处理。这意味着发送到sig.update的字节不应该是hashedBytes，而是inputBytes。

英文:

In Java you don't need to hash the message before signing or verifying it. That means that the bytes being sent to sig.update shouldn't be hashedBytes, but the inputBytes.

答案2

得分: 0

如果您不想在Go中对内容进行哈希处理，而只是对原始数据进行签名，您可以使用以下代码：

signature, err := rsa.SignPKCS1v15(rand.Reader, privateKey, crypto.Hash(0), []byte(message))

英文:

If you don't want to hash the content in Go and just sign the raw data, you can use this code:

signature, err := rsa.SignPKCS1v15(rand.Reader, privateKey, crypto.Hash(0), []byte(message))

通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库，让每个人都能够通过互相帮助和分享经验来进步。

验证在Golang中生成的rsa.SignPKCS1v15签名在Java中的验证。

问题

答案1

答案2

Golang单元测试中用于模拟数据库的依赖注入

如何在Golang中使用MongoDB的$mod运算符？

How to install Go on my ubuntu 12.10 from source code

Selenium Chrome Driver- Getting java.lang.IllegalStateException: The path to the driver executable must be set by the webdriver.chrome.driver

What's the correct way to type hint an empty list as a literal in python?

如何在Highcharts Gantt中更改本地化的星期名称

如何在同一个流中使用多个过滤器和映射函数？

如何使用Map/Set来将代码优化到O(n)？

.NET MAUI Android在GitHub Actions上构建失败，错误代码为1。

如何在Playwright视觉比较中屏蔽多个定位器？

在C++中，可以使用可变模板参数来检索类型的内部类型。

selenium.common.exceptions.StaleElementReferenceException: Message: stale element reference: stale element not found

Creating and opening a URL to log in to Website via Basic Auth with Robot Framework/Selenium (Python)

AG Grid 在上下文菜单中以大文本形式打开

发表评论