使用OpenSSL和Android时使用不同的RSA签名 [英] Different RSA signatures when using OpenSSL and Android

问题描述

在仔细研究了类似的问题之后，我还没有找到答案.

After looking through SO at similar questions, i have yet to find the answer.

我正在同时使用两个文件 openssl rsautl -sign ...和openssl dgst -sign ... 这两个选项显然提供不同的输出.

I am singing a document using both openssl rsautl -sign ... and openssl dgst -sign ... Both options obviously provide different outputs.

我的问题是，当我使用:在Android应用程序上对文件签名时:

My problem is, when i sign my file on the android application using :

public byte[] signData(byte[] data, PrivateKey privateKey) {
    Signature signature = null;
    try {
        signature = Signature.getInstance("SHA256withRSA");
        signature.initSign(privateKey);
        signature.update(data);
        return signature.sign();
    } catch (Exception e) {
        e.printStackTrace();
        return null;
    }
}

此函数返回一个完全不同的十六进制字符串. 以及android上的验证方法:

This function returns a completely different HEX string. And the verification method on android :

byte[] sigBytes = hexStringToByteArray(signature);    
X509EncodedKeySpec spec = new X509EncodedKeySpec(keyBytes);
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
PublicKey publicKey = keyFactory.generatePublic(spec);
Signature signCheck = Signature.getInstance("android ");
signCheck.initVerify(publicKey);
signCheck.update(data.getBytes("UTF-8"));
boolean isVerified = signCheck.verify(sigBytes);

仅验证由android应用程序生成的十六进制字符串.

Only verifies the HEX string generated by the android application.

使用openssl命令(已尝试使用大多数可用参数)，我似乎无法生成相同的十六进制字符串.

Using the openssl commands (have tried using most of the available parameters) i cannot seem to generate the same HEX string.

仅供参考:我同时在android和命令行上使用RSA和SHA256签名.

FYI: i sign on both android and command line with RSA and with SHA256.

从android我得到以下十六进制字符串:0A241F28C2C4CF8A71879FAFB9F16CF4908560B76BF2DDDB7757B7C5B150C4C5EE76E86D50CC237552E08F4C4154EB83BC9CEFF0E3540B515D131E711E8CE46E4EF8DFC941E0BAE1945FDB348D66839721D27F626E9869118A7EA0D181E367A19AF4335E44256F6DAB35B23871DC95CB47CDFC489852A093F9F25FCBC451FE90EEAD5D033C65FEE1CBF67D77581BF79F27A38574879A5B903D48D0C5705E1F8F0263F262D76B08A523A27AD4D8394050CEAC2EDD92021CCDB34038699AAA49B1BFDF6823ADEFA185B036A6DF30955A152D51B64BCAF83AF79B6F7EEE783AC4217D6CE6604AF7E016C53B0D86E70AEDD4178AE039B12ED2731AD45321DEF9E394

From android i get the following hex string : 0A241F28C2C4CF8A71879FAFB9F16CF4908560B76BF2DDDB7757B7C5B150C4C5EE76E86D50CC237552E08F4C4154EB83BC9CEFF0E3540B515D131E711E8CE46E4EF8DFC941E0BAE1945FDB348D66839721D27F626E9869118A7EA0D181E367A19AF4335E44256F6DAB35B23871DC95CB47CDFC489852A093F9F25FCBC451FE90EEAD5D033C65FEE1CBF67D77581BF79F27A38574879A5B903D48D0C5705E1F8F0263F262D76B08A523A27AD4D8394050CEAC2EDD92021CCDB34038699AAA49B1BFDF6823ADEFA185B036A6DF30955A152D51B64BCAF83AF79B6F7EEE783AC4217D6CE6604AF7E016C53B0D86E70AEDD4178AE039B12ED2731AD45321DEF9E394

并从openssl(openssl dgst -sha256 -binary -sign private.pem data.txt | hexdump)中，我得到:818DB0A4F8AE1A1374643E61CD835C38B9C78275E97F7D29CBB739E912C94F5B625FF3F9F916BE5A5D6BB6BBBA5B55D14C93CF5E53525471E135B92B8D30ED501F72429A5792CBA2B07EEF780515BD70226038E5A7567914EFA4D676685777C96AB1067BFBB2B95B2FCCBACB5BD6D9E6723D22DB715DE1EF4284509620E0C540C8D08B367FA966245671C16D35ECA52CC0640C2C0C733989B7703922AC07D0817D2440A0C4640508FEE6CBC62221847D2893716A712292B701A5C65901D05636855D9D31253C1F53EF3E7B1741A460A0F7DEDCEF4CA4039AA5385B49BE486A6380488FB5A0DEEF8BDD0F70874866EF6FC2EC4CFFC6BDD71271F1AE30112F8BD0

and from openssl (openssl dgst -sha256 -binary -sign private.pem data.txt | hexdump), i get : 818DB0A4F8AE1A1374643E61CD835C38B9C78275E97F7D29CBB739E912C94F5B625FF3F9F916BE5A5D6BB6BBBA5B55D14C93CF5E53525471E135B92B8D30ED501F72429A5792CBA2B07EEF780515BD70226038E5A7567914EFA4D676685777C96AB1067BFBB2B95B2FCCBACB5BD6D9E6723D22DB715DE1EF4284509620E0C540C8D08B367FA966245671C16D35ECA52CC0640C2C0C733989B7703922AC07D0817D2440A0C4640508FEE6CBC62221847D2893716A712292B701A5C65901D05636855D9D31253C1F53EF3E7B1741A460A0F7DEDCEF4CA4039AA5385B49BE486A6380488FB5A0DEEF8BDD0F70874866EF6FC2EC4CFFC6BDD71271F1AE30112F8BD0

请帮助，加油.

推荐答案

我使用命令"openssl pkeyutl -sign ..."和Java代码使用了不同的输出签名字符串:

I had different output signing String with command "openssl pkeyutl -sign ..." and java code:

Signature sig = Signature.getInstance("SHA256withRSA");

最终更改为该指纹，我得到了相同的输出:

changing to this fingerprint finally I got the same output:

Signature sig = Signature.getInstance("NONEwithRSA");

这篇关于使用OpenSSL和Android时使用不同的RSA签名的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！