讀取簽名文件後無法驗證簽名

Question

sign.verify（簽名）在verifySignature方法中返回false;我認爲它有一些關於如何使用signedobject.obj文件（證書傳遞有效性）使用outputstreams和inputstream的問題。我可以從文件中正確讀取消息。

代碼：

RSAPrivateKey pk = (RSAPrivateKey) ks.getKey("CS2", "fihjo".toCharArray()); 
Signature s = Signature.getInstance("SHA1withRSA"); 
s.initSign(pk); 

ByteArrayOutputStream baos = new ByteArrayOutputStream(); 
ObjectOutputStream oos = new ObjectOutputStream(baos); 
String message = "Hi Sign ME!!!"; 
oos.writeObject(message); 
oos.writeObject(s.sign()); 
byte[] barr = baos.toByteArray(); 
s.update(barr); 

FileOutputStream out1 = new FileOutputStream("signedobject.obj"); 
out1.write(barr); 
//out1.write(s.sign()); 
out1.close(); 

verifySignature(ks); 

verifySignature（密鑰庫）方法：

FileInputStream fis = new FileInputStream("signedobject.obj"); 
ObjectInputStream ois = new ObjectInputStream(fis); 
String message = (String)ois.readObject(); // read message 
System.out.println("msg: "+message); 
byte[] signature = (byte[])ois.readObject(); // read signature, hmmm 

X509Certificate xcert = (X509Certificate) ks.getCertificate("CS1"); 
Signature sign = Signature.getInstance("SHA1withRSA"); 
sign.initVerify(xcert.getPublicKey()); 
sign.update(message.getBytes()); 
if (sign.verify(signature)) // This is where it fails! 
System.out.println("It is validly signed. String: "+message); 
else System.out.println("It isn't valid"); 

Answer 1

您有該消息的字節陣列上更新後呼號。例如：

String message = "Hi Sign ME!!!"; 
s.update(message.getBytes("UTF8"); 
byte[] signature = s.sign() 

oos.writeObject(message); 
oos.writeObject(signature);