日韩性视频-久久久蜜桃-www中文字幕-在线中文字幕av-亚洲欧美一区二区三区四区-撸久久-香蕉视频一区-久久无码精品丰满人妻-国产高潮av-激情福利社-日韩av网址大全-国产精品久久999-日本五十路在线-性欧美在线-久久99精品波多结衣一区-男女午夜免费视频-黑人极品ⅴideos精品欧美棵-人人妻人人澡人人爽精品欧美一区-日韩一区在线看-欧美a级在线免费观看

歡迎訪問 生活随笔!

生活随笔

當前位置: 首頁 > 编程资源 > 编程问答 >内容正文

编程问答

java bouncycastle_java – 使用bouncycastle进行签名和验证签名的正确方法

發布時間:2023/12/4 编程问答 35 豆豆
生活随笔 收集整理的這篇文章主要介紹了 java bouncycastle_java – 使用bouncycastle进行签名和验证签名的正确方法 小編覺得挺不錯的,現在分享給大家,幫大家做個參考.

我正在使用bcmail-jdk16-1.46.jar和bcprov-jdk16-1.46.jar(Bouncycastle庫)來簽名一個字符串,然后驗證簽名。

這是我的代碼來簽字符串:

package my.package;

import java.io.FileInputStream;

import java.security.Key;

import java.security.KeyStore;

import java.security.PrivateKey;

import java.security.Security;

import java.security.Signature;

import java.security.cert.X509Certificate;

import java.util.ArrayList;

import java.util.List;

import org.bouncycastle.cert.jcajce.JcaCertStore;

import org.bouncycastle.cms.CMSProcessableByteArray;

import org.bouncycastle.cms.CMSSignedData;

import org.bouncycastle.cms.CMSSignedDataGenerator;

import org.bouncycastle.cms.CMSTypedData;

import org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder;

import org.bouncycastle.jce.provider.BouncyCastleProvider;

import org.bouncycastle.operator.ContentSigner;

import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;

import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;

import org.bouncycastle.util.Store;

import sun.misc.BASE64Encoder;

public class SignMessage {

static final String KEYSTORE_FILE = "keys/certificates.p12";

static final String KEYSTORE_INSTANCE = "PKCS12";

static final String KEYSTORE_PWD = "test";

static final String KEYSTORE_ALIAS = "Key1";

public static void main(String[] args) throws Exception {

String text = "This is a message";

Security.addProvider(new BouncyCastleProvider());

KeyStore ks = KeyStore.getInstance(KEYSTORE_INSTANCE);

ks.load(new FileInputStream(KEYSTORE_FILE), KEYSTORE_PWD.toCharArray());

Key key = ks.getKey(KEYSTORE_ALIAS, KEYSTORE_PWD.toCharArray());

//Sign

PrivateKey privKey = (PrivateKey) key;

Signature signature = Signature.getInstance("SHA1WithRSA", "BC");

signature.initSign(privKey);

signature.update(text.getBytes());

//Build CMS

X509Certificate cert = (X509Certificate) ks.getCertificate(KEYSTORE_ALIAS);

List certList = new ArrayList();

CMSTypedData msg = new CMSProcessableByteArray(signature.sign());

certList.add(cert);

Store certs = new JcaCertStore(certList);

CMSSignedDataGenerator gen = new CMSSignedDataGenerator();

ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(privKey);

gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider("BC").build()).build(sha1Signer, cert));

gen.addCertificates(certs);

CMSSignedData sigData = gen.generate(msg, false);

BASE64Encoder encoder = new BASE64Encoder();

String signedContent = encoder.encode((byte[]) sigData.getSignedContent().getContent());

System.out.println("Signed content: " + signedContent + "\n");

String envelopedData = encoder.encode(sigData.getEncoded());

System.out.println("Enveloped data: " + envelopedData);

}

}

現在,EnvelopedData輸出將在此過程中用于通過以下方式驗證簽名:

package my.package;

import java.security.Security;

import java.security.cert.X509Certificate;

import java.util.Collection;

import java.util.Iterator;

import org.bouncycastle.cert.X509CertificateHolder;

import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;

import org.bouncycastle.cms.CMSSignedData;

import org.bouncycastle.cms.SignerInformation;

import org.bouncycastle.cms.SignerInformationStore;

import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;

import org.bouncycastle.jce.provider.BouncyCastleProvider;

import org.bouncycastle.util.Store;

import org.bouncycastle.util.encoders.Base64;

public class VerifySignature {

public static void main(String[] args) throws Exception {

String envelopedData = "MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIAwggLQMIIC" +

"OQIEQ479uzANBgkqhkiG9w0BAQUFADCBrjEmMCQGCSqGSIb3DQEJARYXcm9zZXR0YW5ldEBtZW5k" +

"ZWxzb24uZGUxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEi" +

"MCAGA1UEChMZbWVuZGVsc29uLWUtY29tbWVyY2UgR21iSDEiMCAGA1UECxMZbWVuZGVsc29uLWUt" +

"Y29tbWVyY2UgR21iSDENMAsGA1UEAxMEbWVuZDAeFw0wNTEyMDExMzQyMTlaFw0xOTA4MTAxMzQy" +

"MTlaMIGuMSYwJAYJKoZIhvcNAQkBFhdyb3NldHRhbmV0QG1lbmRlbHNvbi5kZTELMAkGA1UEBhMC" +

"REUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMSIwIAYDVQQKExltZW5kZWxzb24t" +

"ZS1jb21tZXJjZSBHbWJIMSIwIAYDVQQLExltZW5kZWxzb24tZS1jb21tZXJjZSBHbWJIMQ0wCwYD" +

"VQQDEwRtZW5kMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC+X1g6JvbdwJI6mQMNT41GcycH" +

"UbwCFWKJ4qHDaHffz3n4h+uQJJoQvc8yLTCfnl109GB0yL2Y5YQtTohOS9IwyyMWBhh77WJtCN8r" +

"dOfD2DW17877te+NlpugRvg6eOH6np9Vn3RZODVxxTyyJ8pI8VMnn13YeyMMw7VVaEO5hQIDAQAB" +

"MA0GCSqGSIb3DQEBBQUAA4GBALwOIc/rWMAANdEh/GgO/DSkVMwxM5UBr3TkYbLU/5jg0Lwj3Y++" +

"KhumYSrxnYewSLqK+JXA4Os9NJ+b3eZRZnnYQ9eKeUZgdE/QP9XE04y8WL6ZHLB4sDnmsgVaTU+p" +

"0lFyH0Te9NyPBG0J88109CXKdXCTSN5gq0S1CfYn0staAAAxggG9MIIBuQIBATCBtzCBrjEmMCQG" +

"CSqGSIb3DQEJARYXcm9zZXR0YW5ldEBtZW5kZWxzb24uZGUxCzAJBgNVBAYTAkRFMQ8wDQYDVQQI" +

"EwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEiMCAGA1UEChMZbWVuZGVsc29uLWUtY29tbWVyY2Ug" +

"R21iSDEiMCAGA1UECxMZbWVuZGVsc29uLWUtY29tbWVyY2UgR21iSDENMAsGA1UEAxMEbWVuZAIE" +

"Q479uzAJBgUrDgMCGgUAoF0wGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUx" +

"DxcNMTMwNTIxMDE1MDUzWjAjBgkqhkiG9w0BCQQxFgQU8mE6gw6iudxLUc9379lWK0lUSWcwDQYJ" +

"KoZIhvcNAQEBBQAEgYB5mVhqJu1iX9nUqfqk7hTYJb1lR/hQiCaxruEuInkuVTglYuyzivZjAR54" +

"zx7Cfm5lkcRyyxQ35ztqoq/V5JzBa+dYkisKcHGptJX3CbmmDIa1s65mEye4eLS4MTBvXCNCUTb9" +

"STYSWvr4VPenN80mbpqSS6JpVxjM0gF3QTAhHwAAAAAAAA==";

Security.addProvider(new BouncyCastleProvider());

CMSSignedData cms = new CMSSignedData(Base64.decode(envelopedData.getBytes()));

Store store = cms.getCertificates();

SignerInformationStore signers = cms.getSignerInfos();

Collection c = signers.getSigners();

Iterator it = c.iterator();

while (it.hasNext()) {

SignerInformation signer = (SignerInformation) it.next();

Collection certCollection = store.getMatches(signer.getSID());

Iterator certIt = certCollection.iterator();

X509CertificateHolder certHolder = (X509CertificateHolder) certIt.next();

X509Certificate cert = new JcaX509CertificateConverter().setProvider("BC").getCertificate(certHolder);

if (signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(cert))) {

System.out.println("verified");

}

}

}

}

一切都很好,直到signer.verify(..)由于以下異常:

Exception in thread "main" org.bouncycastle.cms.CMSSignerDigestMismatchException: message-digest attribute value does not match calculated value

at org.bouncycastle.cms.SignerInformation.doVerify(Unknown Source)

at org.bouncycastle.cms.SignerInformation.verify(Unknown Source)

at my.package.VerifySignature.main(VerifySignature.java:64)

我真的不知道我做錯了什么有人可以給我一個發生什么的提示嗎?

PS。如果有人想測試上面的代碼,你將需要我使用的測試證書文件來復制所有這些,只需從這里下載/保存:

提前致謝。

總結

以上是生活随笔為你收集整理的java bouncycastle_java – 使用bouncycastle进行签名和验证签名的正确方法的全部內容,希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯,歡迎將生活随笔推薦給好友。