如何使用Bouncycastle验证PGP分离的签名

huangapple go评论81阅读模式
英文:

How to verify PGP detached signature using Bouncycastle

问题

我想使用Bouncycastle解析和验证OpenPGP分离签名。签名可能如下所示:

-----BEGIN PGP SIGNATURE-----
Version: fast-openpgp

wsBcBAABCAAQBQJfRm9jCRDzeoZuOgUYnQAAVkoIAEReZ6Pp3SimYKbH+JHzwW8q
LiWeQIPNatFwDQHgD4ipT9aXMaObnXXl83KUQ5lPx8Bw77BxParpUbtCRNTrWoU5
XZ1ikfqzmeVEJrk4YsNKDiBpvjbyF86F8KSkXhwdLWSm1e6yemnXKcTHg2L13AiS
6TIqXXbcRmFF7RTO4DQrjira2YYlW8eHPIcCmOq0YjR4Qpz+R/+3BlfV2TAcL/sd
SeKAczgvdP6CS6be1rPA0nlgw9T853BpgqplQVM30pUhVlni7ga1YRzENm6Qic5A
uEbmPyunim2WHytPuLQq+BQvAq+Wrr2kiM7DhyvYFihDNdFWW67Y+fSlgPxOi/8=
=QKpc
-----END PGP SIGNATURE-----

这是我尝试在Kotlin中创建CMSSignedData的方式:

fun verifyDetached(signatureString: String, dataString: String): Boolean {
    val dataBytes = dataString.toByteArray()
    val signatureBytes = signatureString.toByteArray()
    val processableDataBytes = CMSProcessableByteArray(dataBytes)
    val ci = ContentInfo.getInstance(ASN1Sequence.fromByteArray(signatureBytes))
    val cms = CMSSignedData(processableDataBytes, ci)
    ...
}

当我将整个签名块传递到函数中(包括-----BEGIN PGP SIGNATURE-----),我会收到java.io.IOException: unknown tag 13 encountered错误。

当我删除签名包装,只传递签名内容到函数中时,我会收到java.io.IOException: Extra data detected in stream at org.bouncycastle.asn1.ASN1Primitive.fromByteArray错误。

当我直接将signatureBytes传递给CMSSignedData构造函数时,我会收到java.lang.IllegalArgumentException: unknown object in getInstance: org.bouncycastle.asn1.DLApplicationSpecific错误。

我应该如何使用Bouncycastle验证这种类型的签名?

英文:

I want to parse and verify an OpenPGP detached signature using Bouncycastle. The signature would be something like this:

-----BEGIN PGP SIGNATURE-----
Version: fast-openpgp

wsBcBAABCAAQBQJfRm9jCRDzeoZuOgUYnQAAVkoIAEReZ6Pp3SimYKbH+JHzwW8q
LiWeQIPNatFwDQHgD4ipT9aXMaObnXXl83KUQ5lPx8Bw77BxParpUbtCRNTrWoU5
XZ1ikfqzmeVEJrk4YsNKDiBpvjbyF86F8KSkXhwdLWSm1e6yemnXKcTHg2L13AiS
6TIqXXbcRmFF7RTO4DQrjira2YYlW8eHPIcCmOq0YjR4Qpz+R/+3BlfV2TAcL/sd
SeKAczgvdP6CS6be1rPA0nlgw9T853BpgqplQVM30pUhVlni7ga1YRzENm6Qic5A
uEbmPyunim2WHytPuLQq+BQvAq+Wrr2kiM7DhyvYFihDNdFWW67Y+fSlgPxOi/8=
=QKpc
-----END PGP SIGNATURE-----

And here is how I try to create CMSSignedData in Kotlin:

fun verifyDetached(signatureString: String, dataString: String): Boolean {
    val dataBytes = dataString.toByteArray()
    val signatureBytes = signatureString.toByteArray()
    val processableDataBytes = CMSProcessableByteArray(dataBytes)
    val ci = ContentInfo.getInstance(ASN1Sequence.fromByteArray(signatureBytes))
    val cms = CMSSignedData(processableDataBytes, ci)
    ...
}

When I pass the whole signature block into the function (including -----BEGIN PGP SIGNATURE-----) I get java.io.IOException: unknown tag 13 encountered.

When I remove signature wrappers and just pass in the signature content into the function I get java.io.IOException: Extra data detected in stream at org.bouncycastle.asn1.ASN1Primitive.fromByteArray.

When I directly pass signatureBytes to CMSSignedData constructor I get java.lang.IllegalArgumentException: unknown object in getInstance: org.bouncycastle.asn1.DLApplicationSpecific.

How should I verify this kind of signature using Bouncycastle?

答案1

得分: 2

CMS与PGP完全不同,与PGP无关。如需使用PGP,请使用BouncyCastle在bcpg中的PGP实现,而不是bcpkix中的CMS实现。请参阅例如https://stackoverflow.com/questions/42170230/verification-of-pgp-signature-using-bouncycastle和https://stackoverflow.com/questions/57574714/how-to-sign-and-verify-the-file-in-java。

英文:

CMS is completely and totally different from and not related to PGP. For PGP use the BouncyCastle implementation of PGP in bcpg, NOT the implementation of CMS in bcpkix. See e.g. https://stackoverflow.com/questions/42170230/verification-of-pgp-signature-using-bouncycastle and https://stackoverflow.com/questions/57574714/how-to-sign-and-verify-the-file-in-java .

huangapple
  • 本文由 发表于 2020年8月26日 22:39:23
  • 转载请务必保留本文链接:https://go.coder-hub.com/63600051.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定