将公钥固定在我的应用中 [英] Pinning public key in my app
问题描述
我将公共密钥固定在应用程序中,作为安全措施的一部分,因为我已经从我的PEM证书中提取了公共密钥,
I am pinning public key in my app as part of security measures, for that I have extracted public key from my PEM certificate which looks like
-----BEGIN PUBLIC KEY-----
MIIBIj....IDAQAB
-----END PUBLIC KEY-----
但是在OWASP的示例代码中,我们确实看到了用于比较DER编码的公钥的代码,
However in sample code of OWASP, we do see code to compare DER encoded public key,
// DER encoded public key
private static String PUB_KEY = "30820122300d06092a864886f70d0101"
+ "0105000382010f003082010a0282010100b35ea8adaf4cb6db86068a836f3c85"
+ "5a545b1f0cc8afb19e38213bac4d55c3f2f19df6dee82ead67f70a990131b6bc"
+ "ac1a9116acc883862f00593199df19ce027c8eaaae8e3121f7f329219464e657"
+ "2cbf66e8e229eac2992dd795c4f23df0fe72b6ceef457eba0b9029619e0395b8"
+ "609851849dd6214589a2ceba4f7a7dcceb7ab2a6b60c27c69317bd7ab2135f50"
+ "c6317e5dbfb9d1e55936e4109b7b911450c746fe0d5d07165b6b23ada7700b00"
+ "33238c858ad179a82459c4718019c111b4ef7be53e5972e06ca68a112406da38"
+ "cf60d2f4fda4d1cd52f1da9fd6104d91a34455cd7b328b02525320a35253147b"
+ "e0b7a5bc860966dc84f10d723ce7eed5430203010001";
我知道DER是二进制格式,但是不知道作者如何转换或提取上述格式?当我转换为DER时,它具有的原始字节与上述格式不同. 有人对此有指点吗?
I know DER is a binary format, however not sure how author converted or extracted above format? when I convert into DER it is having raw bytes not like above format. Do anyone has pointer around this?
替代方法可以是, 示例代码,
Alternate approach can be, Sample code,
//Hack ahead: BigInteger and toString(). We know a DER encoded Public Key begins
//with 0x30 (ASN.1 SEQUENCE and CONSTRUCTED), so there is no leading 0x00 to drop.
RSAPublicKey pubkey = (RSAPublicKey) chain[0].getPublicKey();
String enc
oded = new BigInteger(1 /* positive */, pubkey.getEncoded()).toString(16);
如果我转换已编码"变量base64 PEM公钥格式.如何在Android中做到这一点?
If I convert "encoded" variable base64 PEM public key format. How to do it in Android?
任何帮助将不胜感激
推荐答案
下面的代码解决了我的问题:
Below line solved my problem:
String base64Encoded = Base64.encodeToString(pubkey.getEncoded(), Base64.DEFAULT).
replaceAll("\n", "");
这篇关于将公钥固定在我的应用中的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
