I'm trying to verify a ECDSA signature, using java, the key was created using golang:
我正在尝试验证ECDSA签名,使用java,密钥是使用golang创建的:
import (
"crypto/ecdsa"
"crypto/elliptic"
"crypto/rand"
"crypto/x509"
"encoding/pem"
"fmt"
"io/ioutil"
"reflect"
)
func doit(){
privateKey, _ := ecdsa.GenerateKey(elliptic.P384(), rand.Reader)
publicKey := &privateKey.PublicKey
if !elliptic.P384().IsOnCurve(publicKey.X, publicKey.Y) {
fmt.Printf(" public key invalid. ")
}
encPriv, encPub := encode(privateKey, publicKey)
fmt.Println(encPriv)
fmt.Println(encPub)
}
the signature happens here: (message was encoded by golang, using this method):
签名发生在这里:(消息由golang编码,使用此方法):
func SignMessage(message []byte) (r *big.Int, s *big.Int, err error) {
zero := big.NewInt(0)
// Hash message:
h := sha1.New()
io.WriteString(h, string(message))
hashBytes := h.Sum(nil)
hash := fmt.Sprintf("%x", hashBytes)
// hash message
// get private key from disk:
pemEncoded, err := ioutil.ReadFile("./ecc/eccpriv.pem")
if err != nil {
return zero, zero, err
}
pemEncodedPub, err := ioutil.ReadFile("./ecc/eccpub.pem")
if err != nil {
return zero, zero, err
}
var priv *ecdsa.PrivateKey
//var _pub *ecdsa.PublicKey
priv, _, err = ECCDecodeFromPem(pemEncoded, pemEncodedPub)
if err != nil {
return zero, zero, err
}
r, s, err = ecdsa.Sign(rand.Reader, priv, []byte(hash))
if err != nil {
return zero, zero, err
}
return r, s, nil
}
the decoding aspect is happening here:
解码方面发生在这里:
//Verify Response
String signature = ac.getECCDSAPublicKeyFromServer();
String cleanSignature = ac.cleanBytes(signature);
byte[] bSignature = Base64.getDecoder().decode(cleanSignature);
System.out.println(cleanSignature);
PublicKey ecdsaPublicKey = ac.getPemPublicKeyFromString(signature,"ECDSA");
//PublicKey ecdsaPublicKey = ac.getECDSAKeyFromBytes(cleanSignature.getBytes("UTF-8"));
Signature ecdsaVerify = Signature.getInstance("ECDSA", "BC");
ecdsaVerify.initVerify(ecdsaPublicKey);
ecdsaVerify.update(json_response.getBytes("UTF-8"));
System.out.println("SIG:");
for(int i=0;i<bSignature.length;i++){
System.out.println(bSignature[i]);
}
System.out.println(new String(bSignature, StandardCharsets.UTF_8));
System.out.println("/SIG");
boolean result = ecdsaVerify.verify(bSignature);
System.out.println("Result is:"+result);
however, unfortunately, the program fails because:
然而,遗憾的是,该计划失败的原因是:
Exception in thread "main" java.security.SignatureException: error decoding signature bytes.
at org.bouncycastle.jcajce.provider.asymmetric.util.DSABase.engineVerify(Unknown Source)
at java.base/java.security.Signature$Delegate.engineVerify(Signature.java:1245)
at java.base/java.security.Signature.verify(Signature.java:674)
at ...
This causes an interesting dilema, since the Public key:
这引起了一个有趣的困境,因为公钥:
-----BEGIN PUBLIC KEY-----
MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEBiTlkxxYVLduJeiQ7V1AqG4bY9lxrxLX
un+qd4BeaICC1Yx/nsDvvXEPwfCYwXgnyk3u7DV3ldUiaXCIr89OoNei6D2Xgrs3
KYtpVEv7ylnUzo8xZH3/mMdLMUiy6fl8
-----END PUBLIC KEY-----
Seems to be correct, according to this website:
根据这个网站,似乎是正确的:
https://lapo.it/asn1js/#3076301006072A8648CE3D020106052B81040022036200040624E5931C5854B76E25E890ED5D40A86E1B63D971AF12D7BA7FAA77805E688082D58C7F9EC0EFBD710FC1F098C17827CA4DEEEC357795D522697088AFCF4EA0D7A2E83D9782BB37298B69544BFBCA59D4CE8F31647DFF98C74B3148B2E9F97C
the Key was generated correctly, and the ASN.1 Parse decodes it correctly. Why doesn't java like my code?
密钥生成正确,ASN.1 Parse正确解码。为什么java不像我的代码?
Also, please pardon my poor indentation.
另外,请原谅我糟糕的缩进。
1 个解决方案
#1
1
I think your problem is here:
我认为你的问题在这里:
hash := fmt.Sprintf("%x", hashBytes)
And you have to pass hashBytes directly to
而且你必须直接传递hashBytes
r, s, err = ecdsa.Sign(rand.Reader, priv, hashBytes)
#1
1
I think your problem is here:
我认为你的问题在这里:
hash := fmt.Sprintf("%x", hashBytes)
And you have to pass hashBytes directly to
而且你必须直接传递hashBytes
r, s, err = ecdsa.Sign(rand.Reader, priv, hashBytes)