尽管使用了正确的 public 密钥和签名文件,但未验证签名
Signature not verified though the correct public key and signature file are being used
尽管我使用了正确的签名文件和 public 密钥,但下面 class 中的结果变量始终返回 false。
public class VeriGen {
static FileInputStream fin;
public static void main(String args[]) throws Exception {
Security.addProvider(new BouncyCastleProvider());
KeyStore msCertStore = KeyStore.getInstance("Windows-MY", "SunMSCAPI");
msCertStore.load(null, null);
X509Certificate c = ((X509Certificate) msCertStore.getCertificate("Software View Certificate Authority"));
PublicKey pubKey = c.getPublicKey();
File file = new File("C:\Users\mayooranM\Desktop\SignatureVerificationTest\ProcessExplorer.zip");
fin = new FileInputStream(file);
byte fileContent[] = new byte[(int) file.length()];
File signedData = new File(
"C:\Users\mayooranM\Desktop\SignatureVerificationTest\SignedProcessExplorer.sig");
fin = new FileInputStream(signedData);
byte signedContent[] = new byte[(int) signedData.length()];
boolean result = verifySig(fileContent, pubKey, signedContent);
System.out.println("result is : " + result);
}
public static boolean verifySig(byte[] data, PublicKey key, byte[] sig) throws Exception {
Signature signer = Signature.getInstance("SHA1WithRSA", "BC");
signer.initVerify(key);
signer.update(data);
return (signer.verify(sig));
}
}
下面是我用来签署文件的代码。
public class SigGen {
static final String KEYSTORE_FILE = "C:\Users\mayooranM\Desktop\x.509-sample-keys-and-certificates\generation-tool\swviewca.p12";
static final String KEYSTORE_INSTANCE = "PKCS12";
static final String KEYSTORE_PWD = "swviewcastoresecret";
static final String KEYSTORE_ALIAS = "swviewca";
static FileInputStream fin = null;
public static void main(String args[]) throws Exception {
Security.addProvider(new BouncyCastleProvider());
File file = new File("C:\Users\mayooranM\Desktop\SignatureVerificationTest\ProcessExplorer.zip");
fin = new FileInputStream(file);
byte fileContent[] = new byte[(int) file.length()];
KeyStore ks = KeyStore.getInstance(KEYSTORE_INSTANCE);
ks.load(new FileInputStream(KEYSTORE_FILE), KEYSTORE_PWD.toCharArray());
Key key = ks.getKey(KEYSTORE_ALIAS, KEYSTORE_PWD.toCharArray());
// Sign
PrivateKey privKey = (PrivateKey) key;
byte[] signedData = signData(fileContent, privKey);
FileOutputStream fos = new FileOutputStream(
"C:\Users\mayooranM\Desktop\SignatureVerificationTest\SignedProcessExplorer.sig");
fos.write(signedData);
fos.close();
}
public static byte[] signData(byte[] data, PrivateKey key) throws Exception {
Signature signer = Signature.getInstance("SHA1WithRSA", "BC");
signer.initSign(key);
signer.update(data);
return (signer.sign());
}
}
我在这里做错了什么?请指教
在您发布的代码中,您似乎从未真正阅读过该文件; fin 已分配但从未使用,signedContent 和 fileContent 数组已创建但从未填充。
尽管我使用了正确的签名文件和 public 密钥,但下面 class 中的结果变量始终返回 false。
public class VeriGen {
static FileInputStream fin;
public static void main(String args[]) throws Exception {
Security.addProvider(new BouncyCastleProvider());
KeyStore msCertStore = KeyStore.getInstance("Windows-MY", "SunMSCAPI");
msCertStore.load(null, null);
X509Certificate c = ((X509Certificate) msCertStore.getCertificate("Software View Certificate Authority"));
PublicKey pubKey = c.getPublicKey();
File file = new File("C:\Users\mayooranM\Desktop\SignatureVerificationTest\ProcessExplorer.zip");
fin = new FileInputStream(file);
byte fileContent[] = new byte[(int) file.length()];
File signedData = new File(
"C:\Users\mayooranM\Desktop\SignatureVerificationTest\SignedProcessExplorer.sig");
fin = new FileInputStream(signedData);
byte signedContent[] = new byte[(int) signedData.length()];
boolean result = verifySig(fileContent, pubKey, signedContent);
System.out.println("result is : " + result);
}
public static boolean verifySig(byte[] data, PublicKey key, byte[] sig) throws Exception {
Signature signer = Signature.getInstance("SHA1WithRSA", "BC");
signer.initVerify(key);
signer.update(data);
return (signer.verify(sig));
}
}
下面是我用来签署文件的代码。
public class SigGen {
static final String KEYSTORE_FILE = "C:\Users\mayooranM\Desktop\x.509-sample-keys-and-certificates\generation-tool\swviewca.p12";
static final String KEYSTORE_INSTANCE = "PKCS12";
static final String KEYSTORE_PWD = "swviewcastoresecret";
static final String KEYSTORE_ALIAS = "swviewca";
static FileInputStream fin = null;
public static void main(String args[]) throws Exception {
Security.addProvider(new BouncyCastleProvider());
File file = new File("C:\Users\mayooranM\Desktop\SignatureVerificationTest\ProcessExplorer.zip");
fin = new FileInputStream(file);
byte fileContent[] = new byte[(int) file.length()];
KeyStore ks = KeyStore.getInstance(KEYSTORE_INSTANCE);
ks.load(new FileInputStream(KEYSTORE_FILE), KEYSTORE_PWD.toCharArray());
Key key = ks.getKey(KEYSTORE_ALIAS, KEYSTORE_PWD.toCharArray());
// Sign
PrivateKey privKey = (PrivateKey) key;
byte[] signedData = signData(fileContent, privKey);
FileOutputStream fos = new FileOutputStream(
"C:\Users\mayooranM\Desktop\SignatureVerificationTest\SignedProcessExplorer.sig");
fos.write(signedData);
fos.close();
}
public static byte[] signData(byte[] data, PrivateKey key) throws Exception {
Signature signer = Signature.getInstance("SHA1WithRSA", "BC");
signer.initSign(key);
signer.update(data);
return (signer.sign());
}
}
我在这里做错了什么?请指教
在您发布的代码中,您似乎从未真正阅读过该文件; fin 已分配但从未使用,signedContent 和 fileContent 数组已创建但从未填充。