Fatal编程技术网
  • android/
  • 基于Android-P的ECDSA数字签名验证

基于Android-P的ECDSA数字签名验证

android

基于Android-P的ECDSA数字签名验证,android,digital-signature,bouncycastle,ecdsa,Android,Digital Signature,Bouncycastle,Ecdsa,上面的代码执行ECDSA数字签名验证。这段代码在低于AndroidP的每个android版本上都能正常工作。在AndroidP上,我得到了这个例外 import android.os.Bundle; import android.util.Base64; import android.widget.Toast; import org.bouncycastle.jce.provider.BouncyCastleProvider; // implementation 'org.bouncycastl

上面的代码执行ECDSA数字签名验证。这段代码在低于AndroidP的每个android版本上都能正常工作。在AndroidP上,我得到了这个例外

import android.os.Bundle;
import android.util.Base64;
import android.widget.Toast;
import org.bouncycastle.jce.provider.BouncyCastleProvider; // implementation 'org.bouncycastle:bcprov-jdk16:1.46'
import java.security.KeyFactory;
import java.security.PublicKey;
import java.security.Security;
import java.security.Signature;
import java.security.spec.X509EncodedKeySpec;
import androidx.appcompat.app.AppCompatActivity;

public class MainActivity extends AppCompatActivity {

    static final String PUBLIC_KEY = "MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEMEV3EPREEDc0t4MPeuYgreLMHMVfD7iYJ2Cnkd0ucwf3GYVySvYTttMVMNMEKF554NYmdrOlqwo2s8J2tKt/oQ==";

    static final String DATA = "Hello";

    static final String SIGNATURE = "MEUCIQCsuI4OcBAyA163kiWji1lb7xAtC8S0znf62EpdA+U4zQIgBcLbXtcuxXHcwQ9/DmiVfoiigKnefeYgpVXZzjIuYn8=";

    static boolean verifyData() throws Exception {
        PublicKey pk = getPublicKey();
        byte[] signatureBytes = Base64.decode(SIGNATURE, Base64.NO_WRAP);

        Signature signature = Signature.getInstance("SHA256withECDSA", "BC");
        signature.initVerify(pk);
        signature.update(DATA.getBytes("UTF-8"));
        return signature.verify(signatureBytes);
    }

    static PublicKey getPublicKey() throws Exception {
        Security.addProvider(new BouncyCastleProvider());
        KeyFactory keyFactory = KeyFactory.getInstance("EC", "BC");
        X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(Base64.decode(PUBLIC_KEY, Base64.NO_WRAP));
        PublicKey key = keyFactory.generatePublic(x509EncodedKeySpec);
        return key;
    }

    @Override
    protected void onCreate(Bundle savedInstanceState) {
        super.onCreate(savedInstanceState);
        setContentView(R.layout.activity_main);
        try {
            Toast.makeText(this, verifyData() + "", Toast.LENGTH_LONG).show();
        } catch (Exception e) {
            Toast.makeText(this, "Failure: " + e.getMessage(), Toast.LENGTH_LONG).show();
            e.printStackTrace();
        }
    }

}
如前所述,我试图从这些语句中删除provider参数,如下所示:

java.security.NoSuchAlgorithmException: The BC provider no longer provides an implementation for Signature.SHA1withRSA. Please see https://android-developers.googleblog.com/2018/03/cryptography-changes-in-android-p.html for more details.
但这并没有解决问题?怎么会?现在我得到了一个例外:

Signature signature = Signature.getInstance("SHA256withECDSA");
KeyFactory keyFactory = KeyFactory.getInstance("EC");
一个可能的解决方案是将targetSdkVersion降低到27,但这还不够好。有更好的解决方案吗?

我可以在我的机器上重现这个问题(Android p,API级别28)。该问题的一个可能解决方案是在添加BC提供程序之前删除预装版本:

java.security.InvalidKeyException: com.android.org.conscrypt.OpenSSLX509CertificateFactory$ParsingException: Error parsing public key
或者:

Security.removeProvider("BC");
Security.addProvider(new BouncyCastleProvider());
此外,必须明确指定BC提供程序:

Security.removeProvider("BC");
Security.insertProviderAt(new BouncyCastleProvider(), 1);
在这个星座中,可以验证签名

与较低的API级别相比,不同的行为可能与Android p中实现的BC提供程序的更改有关

KeyFactory keyFactory = KeyFactory.getInstance("EC", "BC");
...
Signature signature = Signature.getInstance("SHA256withECDSA", "BC");