0
我想使用RSA密钥对签署文件。为了这个目的,我有这样的Perl脚本:Crypt :: RSA(Perl)和java.security.Signature(Java)之间的相互作用
#!/usr/bin/perl
use Crypt::RSA;
my $data = ... # File contents
my $rsa = new Crypt::RSA;
my $key = new Crypt::RSA::Key::Private(Filename => "stackoverflow.priv", Password => "*****");
my $signature = $rsa->sign(Message => $data, Key => $key, Armour => 0);
# Write signature to file
在客户端,我想用下面的Java功能来验证文件:
private static final String PUBLICKEY_MOD = "190343051422614110006523776876348493...";
private static String PUBLICKEY_EXP = "65537";
public boolean check() {
byte[] data = ... // Data
byte[] dataSignature = ... // Signature (as calculated in the Perl script)
Signature signature = Signature.getInstance("SHA256withRSA");
signature.initVerify(getPublicKey());
signature.update(data);
return signature.verify(dataSignature);
}
private PublicKey getPublicKey() {
RSAPublicKeySpec spec = new RSAPublicKeySpec(new BigInteger(PUBLICKEY_MOD), new BigInteger(PUBLICKEY_EXP));
KeyFactory factory = KeyFactory.getInstance("RSA");
return factory.generatePublic(spec);
}
然而,check()始终报告虚假。我已经检查了这些东西:
data和dataSignature是正确读取PUBLICKEY_MOD和PUBLICKEY_EXP是正确的getPublicKey()回报具有正确的属性- 私钥和公钥是一部分的公钥同一对
有谁知道如何正确验证文件? signature是否正确实例化?
非常感谢!我解决了这两个问题,它完美地工作。如果您想将您的观点作为答案添加,我会将其标记为解决方案。 – SecStone 2012-03-21 13:01:03
你能指出你做了什么来获得SHA-256为PERL工作,有[这个其他问题](http://stackoverflow.com/questions/12142381/is-there-a-perl-implementation-of-sha256withrsa )... – 2012-08-27 18:23:59