长度不一致的Java ECDSAwithSHA256签名 [英] Java ECDSAwithSHA256 signature with inconsistent length

问题描述

因此，我试图用Java生成ECDSAwithHA256签名，为此，我正在使用BouncyCastle提供程序。曲线是secp521r1。

So I am trying to generate an ECDSAwithHA256 signature in Java, and for that, I am using the BouncyCastle provider. The curve is a secp521r1.

要初始化我正在使用的签名者：

To initalize the signer I am using:

public static final String SIGNATURE_ALGORITHEM = "SHA256withECDSA";

public void init() {
    signer = Signature.getInstance(SIGNATURE_ALGORITHEM, BouncyCastleProvider.PROVIDER_NAME);
    signer.initSign(privKey);
}

并签署我正在使用的

public byte[] sign(byte[] bytes) throws SignatureException {
        signer.update(bytes);
        byte[] signature = signer.sign();
        System.out.println("Signature lenght is " + signature.length);
        return signature;
}

现在唯一的问题是，当我运行代码时，签名，长度在137到139字节之间。但我希望得到的字节数始终相同。有人知道我必须更改什么，即我的签名长度始终相同，但仍然是标准的签名格式吗？

The only problem now is, that when I am running the code, I get signatures with a length between 137 and 139 byte. But I expected to get always the same amount of bytes. Does somebody know what I have to change, that I have always the same signature length, but still a standardized signature format?

推荐答案

通常，Java加密（默认情况下为Bouncy）使用可变长度的ASN.1 DER对ECDSA（也称为DSA）签名进行编码。参见neardupe ECDSA签名长度，并跨 https://crypto.stackexchange.com/questions/33095/shouldnt-a-signature -using-ecdsa-exactly-96-bytes-not-102-or-103 。

Java crypto normally, and Bouncy by default, encodes ECDSA (also DSA) signatures using ASN.1 DER which is variable length. See neardupe ECDSA signature length and cross https://crypto.stackexchange.com/questions/33095/shouldnt-a-signature-using-ecdsa-be-exactly-96-bytes-not-102-or-103 .

不过，对您来说，Bouncy（1.51起）还使用名称 {hash} withPLAIN-ECDSA 或 {hash} withCVC-ECDSA （以及用代替的斜杠）。在这种情况下，CVC显然意味着卡可验证证书，尽管我不会认为签名编码对于有限设备来说是证书验证最困难的部分。

Fortunately for you however, Bouncy (1.51 up) also implements P1363-style fixed-length encoding under the names {hash}withPLAIN-ECDSA or {hash}withCVC-ECDSA (and also substituting a slash for with). CVC in this context apparently means Card Verifiable Certificate, although I would not have thought the signature encoding is anywhere near the hardest part of cert verification for a limited device.

更新： Bouncy 1.61（2019-02）修复了注释中提到的普通编码中的错误。另外，在Java 9（2018-12）中，标准（Oracle）SunEC提供程序支持此格式为 {hash} withECDSAinP1363format

Updates: Bouncy 1.61 (2019-02) fixes the bug in 'plain' encoding mentioned in comments. Also, in Java 9 (2018-12) up the standard (Oracle) SunEC provider supports this format as {hash}withECDSAinP1363format

这篇关于长度不一致的Java ECDSAwithSHA256签名的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！