如您所知,OAuth 可以支持 RSA-SHA1 签名。我有一个具有以下方法的 OAuthSignature 接口(interface)
public String sign(String data, String consumerSecret, String tokenSecret) throws GeneralSecurityException;
我成功实现并测试了 HMAC-SHA1 签名(OAuth 支持)以及 PLAINTEXT“签名”。
我已经搜索谷歌,如果我需要使用 SHA1withRSA 签名,我必须创建一个私钥:示例代码:
/**
* Signs the data with the given key and the provided algorithm.
*/
private static byte[] sign(PrivateKey key,
String data)
throws GeneralSecurityException {
Signature signature = Signature.getInstance("SHA1withRSA");
signature.initSign(key);
signature.update(data.getBytes());
return signature.sign();
}
现在,我如何获取 OAuth key (即 key = consumerSecret&tokenSecret)并创建一个 PrivateKey 以与 SHA1withRSA 签名一起使用?
谢谢
来自 OAuth Core
9.3. RSA-SHA1
The RSA-SHA1 signature method uses the RSASSA-PKCS1-v1_5 signature algorithm as defined in [RFC3447] (Jonsson, J. and B. Kaliski, “Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography; Specifications Version 2.1,” .) section 8.2 (more simply known as PKCS#1), using SHA-1 as the hash function for EMSA-PKCS1-v1_5. It is assumed that the Consumer has provided its RSA public key in a verified way to the Service Provider, in a manner which is beyond the scope of this specification.
我现在使用这个 ( http://code.google.com/apis/gdata/docs/auth/oauth.html ) 作为执行 RSA-SHA1 签名的引用。
最佳答案
OAuthSignature 接口(interface)来自哪个 API?有没有可能tokenSecret参数不是RSA签名所必需的?
关于java - 在 Java 中实现 RSA-SHA1 签名算法(创建用于 OAuth RSA-SHA1 签名的私钥),我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/2545058/