如何通过java实现openssl pkeyutl -sign [英] how can realize openssl pkeyutl -sign by java

问题描述

命令行是

openssl pkeyutl   -sign -inkey pkcs1.pem -pkeyopt digest:sha1  -in testlog 

我想用java来实现.但是 NONEwithRSA 或 SHA1withRSA 都没有给出相同的输出.NONEwithRSA 的输出与

I want to realize it by java. But NONEwithRSA or SHA1withRSA neither give the same output. the NONEwithRSA's output is the same with

openssl pkeyutl   -sign -inkey pkcs1.pem   -in testlog 

没有 -pkeyopt 摘要:sha1

java代码就像

 Signature sign = Signature.getInstance(algorithm);
 sign.initSign(privatekey);
 sign.update(keyByte);
 return sign.sign();

我不知道如何修改.

非常感谢

我真正想做的是用Java实现C函数

What I really want to do is to implement the C function by Java

RSA_sign(NID_sha1, token, token_size, sig, &len, key->rsa)

哪个不散列明文

https://github.com/usb4java/usb4java-javax-examples/blob/97b95c80e8af87f935f736ed7b4f4a197d4643ac/src/main/java/org/usb4java/javax/examples/adb/Adb.这可以满足我的需求.

https://github.com/usb4java/usb4java-javax-examples/blob/97b95c80e8af87f935f736ed7b4f4a197d4643ac/src/main/java/org/usb4java/javax/examples/adb/Adb.java This can meet my needs.

推荐答案

openssl pkeyutl -sign with an RSA private key and -pkeyopt digest:$alg 执行第 2 步-5 的 EMSA-PKCS1-v1_5 加上私有 modexp(即 8.2.1 第 2 步使用 5.2.1 中的 RSASP1)；没有那个 -pkeyopt 它不会执行第 2 步，该步骤将散列值编码为一个简单的 ASN.1 结构.

openssl pkeyutl -sign with an RSA private key and -pkeyopt digest:$alg does steps 2-5 of EMSA-PKCS1-v1_5 plus the private modexp (i.e. 8.2.1 step 2 using RSASP1 from 5.2.1); without that -pkeyopt it does not do step 2, which encodes the hash value in a simple ASN.1 structure.

包含像 SHA1withRSA 这样的散列的 Java Signature 算法执行所有 EMSA-PKCS1-v1_5 步骤加上 modexp，而方案 NONEwithRSA 只执行第 3-5 步加 modexp，这些都不符合您的要求.如果您无法提供数据让 Signature 进行散列，则需要自己执行第 2 步，然后然后 NONEwithRSA.尽管 ASN.1 编码通常可能很复杂(解码甚至更复杂)，但这种情况可以简单地通过将完全由散列算法确定的前缀连接到散列值来完成；参见第 47 页的注释 1.

The Java Signature algorithms that include a hash like SHA1withRSA do all steps of EMSA-PKCS1-v1_5 plus modexp, while the scheme NONEwithRSA does only steps 3-5 plus modexp, and neither of these matches what you want. If you can't supply the data to let Signature do the hashing, you'll need to do step 2 yourself and then NONEwithRSA. Although ASN.1 encoding in general can be complicated (and decoding even more so), this case can be done simply by concatenating a prefix determined entirely by the hash algorithm to the hash value; see note 1 on page 47.

Meta:关于 openssl rsautl、pkeyutl 和没有 之间 RSA v1_5 签名差异的问题已经很多-pkeyoptdigest 或 dgst -sign 和其他系统，如 Java，都与包含或不包含 ASN.1 编码步骤的问题有关(其中许多比 rfc8017 更早)！)但我找不到任何适合这个 Q 的好骗子.

Meta: there have been lots of Qs about the differences in RSA v1_5 signatures between openssl rsautl, pkeyutl with and without -pkeyopt digest, or dgst -sign and other systems like Java, all to do with the issue of including or not including the ASN.1 encoding step (and many of them older than rfc8017!) but I can't find any that is a good dupe for this Q.

这篇关于如何通过java实现openssl pkeyutl -sign的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！