java - 尽管使用了正确的公钥和签名文件,但签名未得到验证

标签 java security certificate digital-signature bouncycastle

尽管我使用了正确的签名文件和公钥,但下面类中的结果变量始终返回 false。

public class VeriGen {

    static FileInputStream fin;

    public static void main(String args[]) throws Exception {
        Security.addProvider(new BouncyCastleProvider());

        KeyStore msCertStore = KeyStore.getInstance("Windows-MY", "SunMSCAPI");
        msCertStore.load(null, null);
        X509Certificate c = ((X509Certificate) msCertStore.getCertificate("Software View Certificate Authority"));
        PublicKey pubKey = c.getPublicKey();


        File file = new File("C:\\Users\\mayooranM\\Desktop\\SignatureVerificationTest\\ProcessExplorer.zip");
        fin = new FileInputStream(file);
        byte fileContent[] = new byte[(int) file.length()];

        File signedData = new File(
                "C:\\Users\\mayooranM\\Desktop\\SignatureVerificationTest\\SignedProcessExplorer.sig");
        fin = new FileInputStream(signedData);
        byte signedContent[] = new byte[(int) signedData.length()];

        boolean result = verifySig(fileContent, pubKey, signedContent);
        System.out.println("result is : " + result);
    }

    public static boolean verifySig(byte[] data, PublicKey key, byte[] sig) throws Exception {
        Signature signer = Signature.getInstance("SHA1WithRSA", "BC");
        signer.initVerify(key);
        signer.update(data);
        return (signer.verify(sig));

    }
}

下面是我用来签署文件的代码。

public class SigGen {

    static final String KEYSTORE_FILE = "C:\\Users\\mayooranM\\Desktop\\x.509-sample-keys-and-certificates\\generation-tool\\swviewca.p12";
    static final String KEYSTORE_INSTANCE = "PKCS12";
    static final String KEYSTORE_PWD = "swviewcastoresecret";
    static final String KEYSTORE_ALIAS = "swviewca";
    static FileInputStream fin = null;

    public static void main(String args[]) throws Exception {
        Security.addProvider(new BouncyCastleProvider());

        File file = new File("C:\\Users\\mayooranM\\Desktop\\SignatureVerificationTest\\ProcessExplorer.zip");
        fin = new FileInputStream(file);
        byte fileContent[] = new byte[(int) file.length()];

        KeyStore ks = KeyStore.getInstance(KEYSTORE_INSTANCE);
        ks.load(new FileInputStream(KEYSTORE_FILE), KEYSTORE_PWD.toCharArray());
        Key key = ks.getKey(KEYSTORE_ALIAS, KEYSTORE_PWD.toCharArray());

        // Sign
        PrivateKey privKey = (PrivateKey) key;
        byte[] signedData = signData(fileContent, privKey);

        FileOutputStream fos = new FileOutputStream(
                "C:\\Users\\mayooranM\\Desktop\\SignatureVerificationTest\\SignedProcessExplorer.sig");
        fos.write(signedData);
        fos.close();

    }

    public static byte[] signData(byte[] data, PrivateKey key) throws Exception {
        Signature signer = Signature.getInstance("SHA1WithRSA", "BC");
        signer.initSign(key);
        signer.update(data);
        return (signer.sign());
    }


}

我在这里做错了什么?请指教。

最佳答案

在您发布的代码中,看起来您从未真正阅读过该文件; fin 已分配但从未使用,并且 signedContentfileContent 数组已创建但从未填充。

关于java - 尽管使用了正确的公钥和签名文件,但签名未得到验证,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/35870544/

相关文章:

java - 我的第一个 gwt 应用程序不显示按钮

php - 如何取消设置特定用户的 session ?

spring - 获得 Spring 认证有多大用处

windows - Windows 驱动程序签名需要什么证书?

.htaccess - SSL_ERROR_BAD_CERT_DOMAIN

Java,检查两个字符数组是否相等

java - 如何改善 Android 应用程序的启动时间?

java - Quartz调度器通过FTP下载文件

web-services - 保护使用 Web 服务的移动应用程序的最佳实践

c++ - 如何检测文件是否存在而不会因权限问题而脱轨?