SunJCE SHA1WithRSA使用什么填充策略 [英] what padding strategy is used by SunJCE SHA1WithRSA
问题描述
通常PSS
和PKCS1v15
都可以用于RSA签名填充.
对于Java来说,代码也很简单,但是却无法说明所使用的填充策略.
我的代码:
Normally both PSS
and PKCS1v15
can be used for RSA signatures padding.
And for java the code is also simple, but it just can't tell the padding strategy used.
My code:
Signature signature = Signature.getInstance("SHA1WithRSA");
signature.initSign(privateKey);
signature.update(plainBytes);
byte[] signBytes = signature.sign();
我可以使用SunJCE作为提供者来明确定义PSS
与MGF1
作为填充策略吗?
May I explicitly define PSS
with MGF1
as the padding strategy using SunJCE as provider?
推荐答案
PSS
在 android 中实现的.
PSS
is not present in the supported algorithms list of SunJCE. However SHA256withRSA/PSS
is implemented in android.
我建议使用BouncyCastle
I suggest to use BouncyCastle
Security.addProvider(new BouncyCastleProvider());
Signature sig = Signature.getInstance("SHA1withRSA/PSS");
sig.initSign(privateKey);
sig.update(data);
byte[] signature = sig.sign();
已更新
PKCS#1 v2.1 中的默认maskGenAlgorithm
是MGF1.
The default maskGenAlgorithm
in PKCS#1 v2.1 is MGF1.
RSASSA-PSS-params ::= SEQUENCE {
hashAlgorithm [0] OAEP-PSSDigestAlgorithms DEFAULT sha1,
maskGenAlgorithm [1] PKCS1MGFAlgorithms DEFAULT mgf1SHA1,
saltLength [2] INTEGER DEFAULT 20,
trailerField [3] INTEGER DEFAULT 1
}
我认为BouncyCastle正在使用它.您可以定义自己的PSS参数.例如(请参阅 PSSParameterSpec )
I assume BouncyCastle is using it. You can define your own PSS parameters. For example (see PSSParameterSpec)
sig.setParameter(PSSParameterSpec.DEFAULT);
这篇关于SunJCE SHA1WithRSA使用什么填充策略的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!