android上PEM文件的公钥,java
基本上,我正在尝试验证使用openssl的签名如下所示:android上PEM文件的公钥,java,java,android,openssl,public-key,pem,Java,Android,Openssl,Public Key,Pem,基本上,我正在尝试验证使用openssl的签名如下所示: openssl dgst -sha256 -verify prime192v1-pub-v1.pem -signature signatureFile.bin < dataFile.bin 下面是我如何调用该方法的: SO.getPublicKeyFromString( "-----BEGIN PUBLIC KEY-----\n" + "MEkwEwYHKoZIzj0CAQY
openssl dgst -sha256 -verify prime192v1-pub-v1.pem -signature signatureFile.bin < dataFile.bin
下面是我如何调用该方法的:
SO.getPublicKeyFromString(
"-----BEGIN PUBLIC KEY-----\n" +
"MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEXMHnQfWiM4oCaLfx296llgz7iaVv\n" +
"avMPppkzVNZAxtlNLhFlXnNWD0Mw9yzP8/Go\n" +
"-----END PUBLIC KEY-----"
);
有人知道我做错了什么吗?我成功了。公钥是椭圆曲线(p192)公钥,应该以不同的方式加载。拥有
PublicKey
后,我能够以与使用openssl命令相同的方式验证签名
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import java.io.Reader;
import java.io.StringReader;
import java.security.KeyFactory;
import java.security.PublicKey;
import java.security.Security;
import java.security.Signature;
import java.security.spec.X509EncodedKeySpec;
public class SO {
public PublicKey getPublicKey() throws Exception {
Security.addProvider(new BouncyCastleProvider());
Reader rdr = new StringReader(
"-----BEGIN PUBLIC KEY-----\n" +
"MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEXMHnQfWiM4oCaLfx296llgz7iaVv\n" +
"avMPppkzVNZAxtlNLhFlXnNWD0Mw9yzP8/Go\n" +
"-----END PUBLIC KEY-----\n"
); // or from file etc.
org.bouncycastle.util.io.pem.PemObject spki = new org.bouncycastle.util.io.pem.PemReader(rdr).readPemObject();
PublicKey key = KeyFactory.getInstance("EC", "BC").generatePublic(new X509EncodedKeySpec(spki.getContent()));
return key;
}
public static boolean verify(byte[] data, byte[] signatureBytes, PublicKey publicKey) throws Exception {
Signature signature = Signature.getInstance("SHA256withECDSA", "BC");
signature.initVerify(publicKey);
signature.update(data);
return signature.verify(signatureBytes);
}
}
我为此奋斗了一段时间,并想出了这个解决方案。我决定不让安全系统过载,因为我在应用程序的其他区域使用了android加密系统的其他元素
public class EncryptionInterface {
private static final int bufferSize_ = 32;
private static final String headerTag = "-----BEGIN PUBLIC KEY-----";
private static final String footerTag = "-----END PUBLIC KEY-----";
/**
*
* @param ctx
* @return
* @throws Exception
*/
public static PublicKey getPublicKey(Context ctx) throws Exception {
PublicKey generatedPublic;
Security.addProvider(new BouncyCastleProvider());
String publicKeyString = getKeyFromFile(ctx);
byte[] decoded = Base64.decode(publicKeyString, Base64.DEFAULT);
org.spongycastle.asn1.pkcs.RSAPublicKey pkcs1PublicKey = org.spongycastle.asn1.pkcs.RSAPublicKey.getInstance(decoded);
BigInteger modulus = pkcs1PublicKey.getModulus();
BigInteger publicExponent = pkcs1PublicKey.getPublicExponent();
RSAPublicKeySpec keySpec = new RSAPublicKeySpec(modulus, publicExponent);
KeyFactory kf = KeyFactory.getInstance("RSA");
generatedPublic = kf.generatePublic(keySpec);
return generatedPublic;
}
/**
* Load the key/PEM from a file and strip the header/footer.
* @param ctx
* @throws Exception
*/
public static String getKeyFromFile(Context ctx) throws Exception
{
String certPath = "publickey.pem";
InputStream input = ctx.getAssets().open(certPath);
byte[] buffer = new byte[bufferSize_];
int len = 0;
ByteArrayOutputStream keyBuffer = new ByteArrayOutputStream();
while ((len = input.read(buffer)) != -1) {
keyBuffer.write(buffer, 0, len);
}
String str = new String(keyBuffer.toByteArray());
str = str.replace(headerTag, "");
str = str.replace(footerTag, "");
return str;
}
}
是的,它不是RSA公钥,它是椭圆曲线(P192)公钥。、、、等等。这很好。问题是,我可以用这个方法验证令牌吗。数据将是标头+正文,签名字节将是签名和公钥的字节。我已经这样测试过,如果你知道如何解决这个问题,那就不太好了,这对我来说是一个很大的帮助。我正在得到异常::java.io.IOException:------未找到结束公钥。原因可能是什么?我正在传递公钥值。
public class EncryptionInterface {
private static final int bufferSize_ = 32;
private static final String headerTag = "-----BEGIN PUBLIC KEY-----";
private static final String footerTag = "-----END PUBLIC KEY-----";
/**
*
* @param ctx
* @return
* @throws Exception
*/
public static PublicKey getPublicKey(Context ctx) throws Exception {
PublicKey generatedPublic;
Security.addProvider(new BouncyCastleProvider());
String publicKeyString = getKeyFromFile(ctx);
byte[] decoded = Base64.decode(publicKeyString, Base64.DEFAULT);
org.spongycastle.asn1.pkcs.RSAPublicKey pkcs1PublicKey = org.spongycastle.asn1.pkcs.RSAPublicKey.getInstance(decoded);
BigInteger modulus = pkcs1PublicKey.getModulus();
BigInteger publicExponent = pkcs1PublicKey.getPublicExponent();
RSAPublicKeySpec keySpec = new RSAPublicKeySpec(modulus, publicExponent);
KeyFactory kf = KeyFactory.getInstance("RSA");
generatedPublic = kf.generatePublic(keySpec);
return generatedPublic;
}
/**
* Load the key/PEM from a file and strip the header/footer.
* @param ctx
* @throws Exception
*/
public static String getKeyFromFile(Context ctx) throws Exception
{
String certPath = "publickey.pem";
InputStream input = ctx.getAssets().open(certPath);
byte[] buffer = new byte[bufferSize_];
int len = 0;
ByteArrayOutputStream keyBuffer = new ByteArrayOutputStream();
while ((len = input.read(buffer)) != -1) {
keyBuffer.write(buffer, 0, len);
}
String str = new String(keyBuffer.toByteArray());
str = str.replace(headerTag, "");
str = str.replace(footerTag, "");
return str;
}
}