Fatal编程技术网
  • java/
  • Java ';密钥对于此签名算法太短';签字时

Java ';密钥对于此签名算法太短';签字时

java

Java ';密钥对于此签名算法太短';签字时,java,rsa,digital-signature,Java,Rsa,Digital Signature,我在尝试初始化签名对象时遇到InvalidKeyException: java.security.InvalidKeyException: Key is too short for this signature algorithm 守则: String pkcs8 = 'MIIBVAIBADANBgkqhkiG9w0BAQEFAASCAT4wggE6AgEAAkEA34N+ujANvgJ0vc696v2T/L3QUxwNf5VEf9sO/NESOBx9ZNhTHKtmY3vdmW1LVmT07

我在尝试初始化签名对象时遇到
InvalidKeyException

java.security.InvalidKeyException: Key is too short for this signature algorithm
守则:

String pkcs8 = 'MIIBVAIBADANBgkqhkiG9w0BAQEFAASCAT4wggE6AgEAAkEA34N+ujANvgJ0vc696v2T/L3QUxwNf5VEf9sO/NESOBx9ZNhTHKtmY3vdmW1LVmT07vxVlaMgRhxG90h/HKCD7wIDAQABAkB2kN2PzN/tVIYzDdGnLz7qipJRFAeBD2CX5k9sA0gD5PLtpV0IVxYvSw7rUAOR/GywklF+QWKYwfCqkhMkEJMRAiEA+8fQcNEajDWB/R2VgPPWA8indGQdZT8m9lvo0xYD97kCIQDjQmkd82+UPlRB+g7GwTJw9GIiRvdps3yIKZlCKfHc5wIhAJCDb7BRVNuFGscdY+JQEla5pOO5UuX6CXL97fS6fiyBAiBRFKKYUwAeLda161dWRhuO/UH95L/k8Gqf0eeiGYD3RQIgEiAhiX1quSuBL7LrLGISGyJVy0dw+IXosqFHYeutmEI='
KeySpec keySpec = new PKCS8EncodedKeySpec(pkcs8.decodeBase64())
KeyFactory keyFactory = KeyFactory.getInstance("RSA", "SunRsaSign")
PrivateKey pk = keyFactory.generatePrivate(keySpec)
Signature signature = Signature.getInstance("SHA512withRSA", "SunRsaSign")
signature.initSign(pk) // <--- InvalidKeyException
这就是私钥的外观:

Sun RSA private CRT key, 512 bits
  modulus:          11706359850928035656926954612512379852454997399434114135854653766733637189933721115314465909375387122765789791657314272666480346477870633114913813167113199
  public exponent:  65537
  private exponent: 6209799048133316441293705496192881663344339603450371209133573984169170039947484349841188666943972061768383840284881642579217732240489331444594222111429393
  prime p:          113883566165066111166981826386356612269934395331161452768365784963361173403577
  prime q:          102792354025518497728065227780488381725246951885773034739853555051227644026087
  prime exponent p: 65365278008836639419826790688453702902877034572485301544697611535190715149441
  prime exponent q: 36673799866101187327427577642604625501620828371654868216232903920042186438469
  crt coefficient:  8198401844921780663468999895368137692410993828212557924743840907863587133506
如何让签名生效

jdk1.6这是一个很好的例子。描述说:

签名算法,如“SHA384withRSA”和“SHA512withRSA”,要求哈希长度应小于密钥大小。如果RSA密钥大小为512位,则无法与SHA384和SHA512一起使用

虽然有报道说JDK 7也有此缺陷,但我怀疑您也可能会被此缺陷绊倒。尝试生成一个更大的密钥(1024或更多)。

谢谢!使用更大的1024位密钥对JDK 6很有帮助。这不是一个bug,只是一个限制。使用如此大的散列函数,RSA-512中没有足够的空间格式化签名块。 
Sun RSA private CRT key, 512 bits
  modulus:          11706359850928035656926954612512379852454997399434114135854653766733637189933721115314465909375387122765789791657314272666480346477870633114913813167113199
  public exponent:  65537
  private exponent: 6209799048133316441293705496192881663344339603450371209133573984169170039947484349841188666943972061768383840284881642579217732240489331444594222111429393
  prime p:          113883566165066111166981826386356612269934395331161452768365784963361173403577
  prime q:          102792354025518497728065227780488381725246951885773034739853555051227644026087
  prime exponent p: 65365278008836639419826790688453702902877034572485301544697611535190715149441
  prime exponent q: 36673799866101187327427577642604625501620828371654868216232903920042186438469
  crt coefficient:  8198401844921780663468999895368137692410993828212557924743840907863587133506