0
我想使用RSA密鑰對簽署文件。爲了這個目的,我有這樣的Perl腳本:Crypt :: RSA(Perl)和java.security.Signature(Java)之間的相互作用
#!/usr/bin/perl
use Crypt::RSA;
my $data = ... # File contents
my $rsa = new Crypt::RSA;
my $key = new Crypt::RSA::Key::Private(Filename => "stackoverflow.priv", Password => "*****");
my $signature = $rsa->sign(Message => $data, Key => $key, Armour => 0);
# Write signature to file
在客戶端,我想用下面的Java功能來驗證文件:
private static final String PUBLICKEY_MOD = "190343051422614110006523776876348493...";
private static String PUBLICKEY_EXP = "65537";
public boolean check() {
byte[] data = ... // Data
byte[] dataSignature = ... // Signature (as calculated in the Perl script)
Signature signature = Signature.getInstance("SHA256withRSA");
signature.initVerify(getPublicKey());
signature.update(data);
return signature.verify(dataSignature);
}
private PublicKey getPublicKey() {
RSAPublicKeySpec spec = new RSAPublicKeySpec(new BigInteger(PUBLICKEY_MOD), new BigInteger(PUBLICKEY_EXP));
KeyFactory factory = KeyFactory.getInstance("RSA");
return factory.generatePublic(spec);
}
然而,check()始終報告虛假。我已經檢查了這些東西:
data和dataSignature是正確讀取PUBLICKEY_MOD和PUBLICKEY_EXP是正確的getPublicKey()回報具有正確的屬性- 私鑰和公鑰是一部分的公鑰同一對
有誰知道如何正確驗證文件? signature是否正確實例化?
非常感謝!我解決了這兩個問題,它完美地工作。如果您想將您的觀點作爲答案添加,我會將其標記爲解決方案。 – SecStone 2012-03-21 13:01:03
你能指出你做了什麼來獲得SHA-256爲PERL工作,有[這個其他問題](http://stackoverflow.com/questions/12142381/is-there-a-perl-implementation-of-sha256withrsa )... – 2012-08-27 18:23:59