signature.verify()在Java中返回false [英] signature.verify() is returning false in java

问题描述

首先，我看到还有其他与此问题相关的帖子，但是没有人遇到与我相同的问题，即 signature.verify()意外返回了 false .

First of all, I see there are other posts with this question, but no one has the same problem as me, i.e. signature.verify() is unexpectedly returning false.

这是我的代码:

private static String encriptar(String xmlSolicitud, PrivateKey privateKey)
        throws Exception {

    Signature signature=Signature.getInstance("SHA1withRSA");
    signature.initSign(privateKey);
    signature.update(xmlSolicitud.getBytes(Charset.forName("UTF-8")));
    byte[] signatureValue = signature.sign();
    String response = Base64.encode(signatureValue);
    signature.initVerify(keyReader.publicKeyRead(Reference.rutaPublicKeyTest));
    System.out.println(signature.verify(signatureValue));
    return response;
}

这是我读入按键的方式(如果需要):

And here is how I read in the keys (if needed):

public static PrivateKey privateKeyRead(String filename)
        throws IOException, NoSuchAlgorithmException, InvalidKeySpecException {

    File f = new File(filename);
    FileInputStream fis = new FileInputStream(f);
    DataInputStream dis = new DataInputStream(fis);
    byte[] keyBytes = new byte[(int)f.length()];
    dis.readFully(keyBytes);
    dis.close();

    PKCS8EncodedKeySpec spec =
                new PKCS8EncodedKeySpec(keyBytes);
    KeyFactory kf = KeyFactory.getInstance("RSA");
    return kf.generatePrivate(spec);
}

public static PublicKey publicKeyRead(String filename)
        throws Exception {

    File f = new File(filename);
    FileInputStream fis = new FileInputStream(f);
    DataInputStream dis = new DataInputStream(fis);
    byte[] keyBytes = new byte[(int)f.length()];
    dis.readFully(keyBytes);
    dis.close();

    X509EncodedKeySpec spec =
                new X509EncodedKeySpec(keyBytes);
    KeyFactory kf = KeyFactory.getInstance("RSA");
    return kf.generatePublic(spec);
}

推荐答案

调用 sign 后，签名的状态将重置.根据文档:

The state of the signature is reset after you call sign. As per the documentation:

对此方法的调用会将此签名对象重置为原来的状态在先前通过调用进行初始化以进行签名时 initSign(PrivateKey).也就是说，该对象被重置并且可用于如果需要，可以通过new从同一签名者生成另一个签名调用 update 和 sign .

A call to this method resets this signature object to the state it was in when previously initialized for signing via a call to initSign(PrivateKey). That is, the object is reset and available to generate another signature from the same signer, if desired, via new calls to update and sign.

您需要使用签名的字节再次更新签名:

You need to update the signature again with the bytes that were signed:

private static String encriptar(String xmlSolicitud, PrivateKey privateKey)
        throws Exception {

    Signature signature=Signature.getInstance("SHA1withRSA");
    signature.initSign(privateKey);
    signature.update(xmlSolicitud.getBytes(Charset.forName("UTF-8")));

    byte[] signatureValue = signature.sign();
    String response = Base64.encode(signatureValue);

    signature.initVerify(keyReader.publicKeyRead(Reference.rutaPublicKeyTest));
    signature.update(xmlSolicitud.getBytes(Charset.forName("UTF-8"))); // <-- Here

    System.out.println(signature.verify(signatureValue)); // <-- Will print true

    return response;
}

---

在旁注中，您似乎正在对XML内容进行签名.最好使用 XML签名，以避免被规范化问题绊倒.

---

On a side note, it looks like you're signing XML content. Probably wise to use XML signatures to avoid being tripped up by canonicalization issues.

这篇关于signature.verify()在Java中返回false的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！