我正在尝试验证从网络服务接收的数据字符串及其 RSA-SHA256 签名,但我完全陷入了从证书加载私钥/公钥的困境。
我有以下代码来从 cer 文件检索信息,我认为它采用 DER 格式,因为它不是典型的 base64 编码:
InputStream in = new FileInputStream(path1);
CertificateFactory factory = CertificateFactory.getInstance("X.509");
X509Certificate cert = (X509Certificate) factory.generateCertificate(in);
System.out.println(cert.toString());
它输出证书的完整信息:
Version: V3
Subject: EMAILADDRESS=...
...
Algorithm: [SHA256withRSA]
...
但是如果尝试使用以下代码加载和检索私钥:
KeyFactory kf = KeyFactory.getInstance("RSA");
X509EncodedKeySpec bobPubKeySpec = new X509EncodedKeySpec(encodedKey);
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
PublicKey bobPubKey = keyFactory.generatePublic(bobPubKeySpec);
Signature sig = Signature.getInstance("SHA256withRSA");
sig.initVerify(bobPubKey);
sig.update(data_received);
sig.verify(signature_received);
我收到以下异常
java.security.spec.InvalidKeySpecException: java.security.InvalidKeyException: invalid key format
在 keyFactory.generatePublic 方法中。如果将其更改为generatePrivate,结果相同。
最佳答案
谢谢詹姆斯,按照你的建议,我做了以下工作:
InputStream in = new FileInputStream(System.getProperty("user.dir") + "\\" + certificateName);
CertificateFactory factory = CertificateFactory.getInstance("X.509");
X509Certificate cert = (X509Certificate) factory.generateCertificate(in);
PublicKey pubKey = cert.getPublicKey();
Signature sig = Signature.getInstance("SHA256withRSA");
sig.initVerify(pubKey);
sig.update(xmlContent);
return sig.verify(headerSignature);
关于java - 验证 RSA SHA256 签名无法从证书获取私钥,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/37502652/