为什么我使用OpenSSL和Java生成的RSA-SHA256签名不同? [英] Why are the RSA-SHA256 signatures I generate with OpenSSL and Java different?
问题描述
我想用Java生成一个RSA-SHA256签名,但是我无法在控制台上生成与OpenSSL相同的签名。
I want to generate a RSA-SHA256 signature in Java, but I can't get it to produce the same signature as with OpenSSL on the console.
这个是我用OpenSSL做的事情(遵循本教程):
This is what I did with OpenSSL (following this tutorial):
生成密钥对:
openssl genrsa -out private.pem 1024
提取公钥:
openssl rsa -in private.pem -out public.pem -outform PEM -pubout
创建数据哈希:
echo 'data to sign' > data.txt
openssl dgst -sha256 < data.txt > hash
生成的哈希文件以(stdin)= 我手工删除的东西(首先忘记提及它,谢谢mata)。
The generated hash file starts with (stdin)= what I removed by hand (first forgot to mention it, thanks mata).
签名哈希:
openssl rsautl -sign -inkey private.pem -keyform PEM -in hash > signature
要在Java中重现结果,我首先将私钥从PEM转换为DER:
To reproduce the results in Java I first converted the private key from PEM to DER:
openssl pkcs8 -topk8 -inform PEM -outform DER -in private.pem -nocrypt > private.der
现在我编写了这个Java类来生成相同的签名:
Now I wrote this Java class to generate the same signature:
public class RSATest {
public static void main(String[] args) throws IOException,
NoSuchAlgorithmException, InvalidKeySpecException,
InvalidKeyException, SignatureException {
byte[] encodedPrivateKey = readFile("private.der");
byte[] content = readFile("data.txt");
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(encodedPrivateKey);
RSAPrivateKey privateKey = (RSAPrivateKey) keyFactory
.generatePrivate(keySpec);
Signature signature = Signature.getInstance("SHA256withRSA");
signature.initSign(privateKey);
signature.update(content);
byte[] signatureBytes = signature.sign();
FileOutputStream fos = new FileOutputStream("signature-java");
fos.write(signatureBytes);
fos.close();
}
private static byte[] readFile(String filename) throws IOException {
File file = new File(filename);
BufferedInputStream bis = new BufferedInputStream(new FileInputStream(
file));
byte[] bytes = new byte[(int) file.length()];
bis.read(bytes);
bis.close();
return bytes;
}
}
不幸的是结果不一样,所以我认为我一定做错了什么,但我无法弄清楚是什么。有人可以帮我找到这个错误吗?
Unfortunately the results are not the same, so I think I must have done something wrong, but I can't figure out what. Can someone of you help me to find the bug?
推荐答案
openssl dgst -sha256 < data.txt
产生如下内容:
(stdin)= b39eaeb437e33087132f01c2abc60c6a16904ee3771cd7b0d622d01061b40729
注意(stdin)= '?你不希望它成为你的哈希的一部分,如果你需要创建一个摘要,使用 -binary 选项。
notice the (stdin)='? you don't want that to be part of your hash, if you need to create a digest, use the -binary option.
尝试使用它来签署您的数据:
try using this to sign your data:
openssl sha -sha256 -sign private.pem < data.txt
这可以满足您的一切需求。
This does everything you need.
编辑 - 更多解释:
让我们创建一个摘要并显示它
let's create a digest and show it
$ openssl dgst -sha256 -binary < data.txt > digest
$ hd digest
00000000 26 3b 0a a1 2e b9 32 db b8 dc d3 6f 37 94 0b 05 |&;....2....o7...|
00000010 71 9c ba 79 46 34 28 9f 5c 5b 98 9a 64 61 c9 ec |q..yF4(.\[..da..|
现在我们采用这个摘要并使用 rsautl 签署int:
now we take this digest and sign int using rsautl:
$ openssl rsautl -sign -inkey private.pem < digest > sign1
$ hd sign1
00000000 1b 7a cf a4 8d 41 8e 04 ed 3a bb ba 86 f1 f8 e0 |.z...A...:......|
00000010 df f7 47 3e d7 a7 f4 90 7a 05 f8 7f 45 e5 29 e7 |..G>....z...E.).|
00000020 9f f4 2c 91 97 2f e7 26 69 9f 6a 07 a3 48 1b 85 |..,../.&i.j..H..|
00000030 2e f8 ee 44 4d 25 9f ae 05 95 81 c9 e3 07 68 ad |...DM%........h.|
现在让我们使用 dgst 签署同一个文件直接:
now let's sign the same file using dgst directly:
$ openssl dgst -sha256 -sign private.pem < data.txt > sign2
$ hd sign2
00000000 15 c2 94 87 eb e6 cb 45 c8 63 0c 97 60 d3 07 f3 |.......E.c..`...|
00000010 dc 65 32 ad 44 1c c2 2a 7f a3 e1 fc dd 84 27 8c |.e2.D..*......'.|
00000020 77 a6 97 2b 33 6b c6 d7 7d e1 1d 39 5c 48 b6 48 |w..+3k..}..9\H.H|
00000030 cb 18 be bf 6a 66 90 d3 88 89 52 6c dd d1 b9 99 |....jf....Rl....|
那么这里有什么不同?为了看到这一点,我们可以验证签名并显示原始输出。两个文件都包含摘要,但元数据和填充是不同的:
So what's different here? To see that, we can verify the signature and show the raw output. Both files do contain the digest, but the metadata and padding is different:
$ openssl rsautl -raw -verify -inkey private.pem < sign1 | hd
00000000 00 01 ff ff ff ff ff ff ff ff ff ff ff ff ff ff |................|
00000010 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 00 |................|
00000020 26 3b 0a a1 2e b9 32 db b8 dc d3 6f 37 94 0b 05 |&;....2....o7...|
00000030 71 9c ba 79 46 34 28 9f 5c 5b 98 9a 64 61 c9 ec |q..yF4(.\[..da..|
$ openssl rsautl -raw -verify -inkey private.pem < sign2 | hd
00000000 00 01 ff ff ff ff ff ff ff ff ff ff 00 30 31 30 |.............010|
00000010 0d 06 09 60 86 48 01 65 03 04 02 01 05 00 04 20 |...`.H.e....... |
00000020 26 3b 0a a1 2e b9 32 db b8 dc d3 6f 37 94 0b 05 |&;....2....o7...|
00000030 71 9c ba 79 46 34 28 9f 5c 5b 98 9a 64 61 c9 ec |q..yF4(.\[..da..|
为了更清楚地看到这一点,我们可以尝试使用 -asn1parse 标志,不适用于第一个签名,但是第二个签名显示签名的正确结构:
To see this more clearly, we can try to use the -asn1parse flag, which won't work for the first signature, but for the second it shows the correct structure of the signature:
$ openssl rsautl -verify -inkey private.pem -asn1parse < sign1
Error in encoding
139931349546656:error:0D07209B:asn1 encoding routines:ASN1_get_object:too long:asn1_lib.c:142:
$ openssl rsautl -verify -inkey private.pem -asn1parse < sign2
0:d=0 hl=2 l= 49 cons: SEQUENCE
2:d=1 hl=2 l= 13 cons: SEQUENCE
4:d=2 hl=2 l= 9 prim: OBJECT :sha256
15:d=2 hl=2 l= 0 prim: NULL
17:d=1 hl=2 l= 32 prim: OCTET STRING
0000 - 26 3b 0a a1 2e b9 32 db-b8 dc d3 6f 37 94 0b 05 &;....2....o7...
0010 - 71 9c ba 79 46 34 28 9f-5c 5b 98 9a 64 61 c9 ec q..yF4(.\[..da..
这篇关于为什么我使用OpenSSL和Java生成的RSA-SHA256签名不同?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
