（1）转换ECDSA私人&公钥，（2）ECDSA的验证 [英] (1)Convert the ECDSA private & public key, (2)Verification by ECDSA

问题描述

按照此讨论，这是一个简单的教程如何在Java中使用ECDSA算法对字符串进行签名，而不使用任何第三方库。但问题是：

Following this discussion it's a simple tutorial how to sign a string by using ECDSA algorithm in java without using any third-party libraries. But the question is:

1. 如何将公钥和私钥转换为字符串？ （因为我想将它们发送到数据库）。


2. 有人可以帮助我创建一个简单的教程如何使用ECDSA算法在java中验证消息？此时我需要包含签名和公钥作为验证方法。

这是我的java代码中的方案，有寄件者端和收件者端：

Here's my scenario in my java code, assume that there's a sender side and the recipient side:

• 寄件者端

package sender;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
public class Sign {    
  public static void main(String[] args) throws Exception {
      /*
       * Generate a key pair
       */
      KeyPairGenerator keyGen = KeyPairGenerator.getInstance("EC");
      SecureRandom random = SecureRandom.getInstance("SHA1PRNG");

      keyGen.initialize(256, random);

      KeyPair pair = keyGen.generateKeyPair();

      /*
      Generate the private and the public key
      */

      PrivateKey priv = pair.getPrivate();
      /*
      *and then Convert the priv key into a String;
      *HOW can i do that ? this what i'm asking
      */

      PublicKey pub = pair.getPublic();
      /*
      Convert the pub key into a String;
      HOW can i do that ? this what i'm asking
      */      

      /*
      -------Encrypt the pub and the priv key, i do with my own code  
      -------Store the enrypted pub & priv key into the database
      -------I'm doing this with my own code
      */


      /*
      * Create a Signature object and initialize it with the private key
      */
      Signature dsa = Signature.getInstance("SHA1withECDSA");

      dsa.initSign(priv);

      String str = "This is string to sign";
      byte[] strByte = str.getBytes("UTF-8");
      dsa.update(strByte);

      /*
      * Now that all the data to be signed has been read in, generate a
      * signature for it
      */

      byte[] realSig = dsa.sign();
      System.out.println("Signature: " + 
             new BigInteger(1, realSig).toString(16));
      /*
      and Then i'm storing this signature into my database. 
      i have done with this
      */
    }
}

• 收件人



package recipient;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
 public class Verify {   
   public static void main(String[] args) throws Exception {
   /*
   Step one, taking public key from the database.
   Step two, receive the message + signature.
   Step three, split the message and signature into an "array[0]" for message,
   and "array[1] for the signature"

   Verify the signature <--- Here's what im asking to anybody, 
   how can i do, i mean the sample code ? 
   */  
   }
}

：D

推荐答案

您在处理ECDSA时遇到很多不同的问题。我将在这里讨论关于数据库存储的第一个问题。我建议你做一些额外的研究ECDSA的力学，如果你想了解如何正确使用它。

You're asking a lot of different questions about dealing with ECDSA. I will address your first question about database storage here. I recommend you do some additional research on the mechanics of ECDSA if you want to learn about how to properly use it. Examples given here would be hard to follow out of context anyway.

要将键存储为字符串，您必须首先在其中检索表示键的字节数组，编码格式（注意：编码未加密）。这可以通过使用PublicKey和PrivateKey的超级接口的 Key 类中的 getEncoded（）

To store keys as a string, you must first retrieve the byte array representing the key in its encoded format (note: encoded not encrypted). This can be done by using the getEncoded() method from class Key which is the superinterface of both PublicKey and PrivateKey.

示例：

PrivateKey key = // ...

byte[] enc_key = key.getEncoded();

// Byte array to string

StringBuilder key_builder = new StringBuilder();

for(byte b : enc_key){
    key_builder.append(String.format("%02x", b));
}

String serialized_key = key_builder.toString();

要从数据库中重新加载密钥，将字符串解析为字节数组，

To load the key again from a database you parse the string to a byte array, pass it into the appropriate key specification and then retrieve it by using a key factory.

示例：

String serialzed_key = // ...

byte[] encoded_key = // serialzed_key -> byte array conversion

// If key is private, use PKCS #8

PKCS8EncodedKeySpec formatted_private = new PKCS8EncodedKeySpec(encoded_key);

// or, if key is public, use X.509

X509EncodedKeySpec formatted_public = new X509EncodedKeySpec(encoded_key);

// Retrieve key using KeyFactory

KeyFactory kf = KeyFactory.getInstance("EC");

PublicKey pub = kf.generatePublic(formatted_public);

PrivateKey priv = kf.generatePrivate(formatted_private);

如果你的意思是使用ECDSA作为签名算法，使用 verify 方法而不是符号方法，如下所示：

If all you mean to do is to use ECDSA as a signature algorithm, verification is identical to signing using using the verify methods instead of the sign methods, as follows:

byte[] message_hash = // ...
byte[] candidate_message = // ...

PublicKey pub = // ...

Signature dsa = Signature.getInstance("SHA1withECDSA");

dsa.initVerify(pub);

dsa.update(candidate_message);

boolean success = dsa.verify(message_hash);

这篇关于（1）转换ECDSA私人&公钥，（2）ECDSA的验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！