Using SHA1 and RSA with java.security.Signature vs. MessageDigest and Cipher

后端 未结 6 530
鱼传尺愫
鱼传尺愫 2020-11-27 10:48

I\'m trying to understand what the Java java.security.Signature class does. If I compute an SHA1 message digest, and then encrypt that digest using RSA, I get a dif

相关标签:
6条回答
  • 2020-11-27 11:32

    To produce the same results:

    MessageDigest sha1 = MessageDigest.getInstance("SHA1", BOUNCY_CASTLE_PROVIDER);
    byte[] digest = sha1.digest(content);
    DERObjectIdentifier sha1oid_ = new DERObjectIdentifier("1.3.14.3.2.26");
    
    AlgorithmIdentifier sha1aid_ = new AlgorithmIdentifier(sha1oid_, null);
    DigestInfo di = new DigestInfo(sha1aid_, digest);
    
    byte[] plainSig = di.getDEREncoded();
    Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding", BOUNCY_CASTLE_PROVIDER);
    cipher.init(Cipher.ENCRYPT_MODE, privateKey);
    byte[] signature = cipher.doFinal(plainSig);
    
    0 讨论(0)
  • 2020-11-27 11:36

    OK, I've worked out what's going on. Leonidas is right, it's not just the hash that gets encrypted (in the case of the Cipher class method), it's the ID of the hash algorithm concatenated with the digest:

      DigestInfo ::= SEQUENCE {
          digestAlgorithm AlgorithmIdentifier,
          digest OCTET STRING
      }
    

    Which is why the encryption by the Cipher and Signature are different.

    0 讨论(0)
  • 2020-11-27 11:48

    Erm, after understanding your question: are you sure that the signature-method only creates a SHA1 and encrypts it? GPG et al offer to compress/clear sign the data. Maybe this java-signature-alg also creates a detachable/attachable signature.

    0 讨论(0)
  • 2020-11-27 11:49

    Taking @Mike Houston's answer as pointer, here is a complete sample code that does Signature and Hash and encryption.

    /**
     * @param args
     */
    public static void main(String[] args)
    {
        try
        {
            boolean useBouncyCastleProvider = false;
    
            Provider provider = null;
            if (useBouncyCastleProvider)
            {
                provider = new BouncyCastleProvider();
                Security.addProvider(provider);
            }
    
            String plainText = "This is a plain text!!";
    
            // KeyPair
            KeyPairGenerator keyPairGenerator = null;
            if (null != provider)
                keyPairGenerator = KeyPairGenerator.getInstance("RSA", provider);
            else
                keyPairGenerator = KeyPairGenerator.getInstance("RSA");
            keyPairGenerator.initialize(2048);
    
            KeyPair keyPair = keyPairGenerator.generateKeyPair();
    
            // Signature
            Signature signatureProvider = null;
            if (null != provider)
                signatureProvider = Signature.getInstance("SHA256WithRSA", provider);
            else
                signatureProvider = Signature.getInstance("SHA256WithRSA");
            signatureProvider.initSign(keyPair.getPrivate());
    
            signatureProvider.update(plainText.getBytes());
            byte[] signature = signatureProvider.sign();
    
            System.out.println("Signature Output : ");
            System.out.println("\t" + new String(Base64.encode(signature)));
    
            // Message Digest
            String hashingAlgorithm = "SHA-256";
            MessageDigest messageDigestProvider = null;
            if (null != provider)
                messageDigestProvider = MessageDigest.getInstance(hashingAlgorithm, provider);
            else
                messageDigestProvider = MessageDigest.getInstance(hashingAlgorithm);
            messageDigestProvider.update(plainText.getBytes());
    
            byte[] hash = messageDigestProvider.digest();
    
            DigestAlgorithmIdentifierFinder hashAlgorithmFinder = new DefaultDigestAlgorithmIdentifierFinder();
            AlgorithmIdentifier hashingAlgorithmIdentifier = hashAlgorithmFinder.find(hashingAlgorithm);
    
            DigestInfo digestInfo = new DigestInfo(hashingAlgorithmIdentifier, hash);
            byte[] hashToEncrypt = digestInfo.getEncoded();
    
            // Crypto
            // You could also use "RSA/ECB/PKCS1Padding" for both the BC and SUN Providers.
            Cipher encCipher = null;
            if (null != provider)
                encCipher = Cipher.getInstance("RSA/NONE/PKCS1Padding", provider);
            else
                encCipher = Cipher.getInstance("RSA");
            encCipher.init(Cipher.ENCRYPT_MODE, keyPair.getPrivate());
    
            byte[] encrypted = encCipher.doFinal(hashToEncrypt);
    
            System.out.println("Hash and Encryption Output : ");
            System.out.println("\t" + new String(Base64.encode(encrypted)));
        }
        catch (Throwable e)
        {
            e.printStackTrace();
        }
    }
    

    You can use BouncyCastle Provider or default Sun Provider.

    0 讨论(0)
  • 2020-11-27 11:51

    I have a similar problem, I tested adding code and found some interesting results. With this code I add, I can deduce that depending on the "provider" to use, the firm can be different? (because the data included in the encryption is not always equal in all providers).

    Results of my test.

    Conclusion.- Signature Decipher= ???(trash) + DigestInfo (if we know the value of "trash", the digital signatures will be equal)

    IDE Eclipse OUTPUT...

    Input data: This is the message being signed

    Digest: 62b0a9ef15461c82766fb5bdaae9edbe4ac2e067

    DigestInfo: 3021300906052b0e03021a0500041462b0a9ef15461c82766fb5bdaae9edbe4ac2e067

    Signature Decipher: 1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff003021300906052b0e03021a0500041462b0a9ef15461c82766fb5bdaae9edbe4ac2e067

    CODE

    import java.security.InvalidKeyException;
    import java.security.KeyPair;
    import java.security.KeyPairGenerator;
    import java.security.MessageDigest;
    import java.security.NoSuchAlgorithmException;
    import java.security.NoSuchProviderException;
    import java.security.PrivateKey;
    import java.security.PublicKey;
    import java.security.Signature;
    import java.security.SignatureException;
    import javax.crypto.BadPaddingException;
    import javax.crypto.Cipher;
    import javax.crypto.IllegalBlockSizeException;
    import javax.crypto.NoSuchPaddingException;
    import org.bouncycastle.asn1.x509.DigestInfo;
    import org.bouncycastle.asn1.DERObjectIdentifier;
    import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
    public class prueba {
    /**
    * @param args
    * @throws NoSuchProviderException 
    * @throws NoSuchAlgorithmException 
    * @throws InvalidKeyException 
    * @throws SignatureException 
    * @throws NoSuchPaddingException 
    * @throws BadPaddingException 
    * @throws IllegalBlockSizeException 
    *///
    public static void main(String[] args) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException, SignatureException, NoSuchPaddingException, IllegalBlockSizeException, BadPaddingException {
    // TODO Auto-generated method stub
    KeyPair keyPair = KeyPairGenerator.getInstance("RSA","BC").generateKeyPair();
    PrivateKey privateKey = keyPair.getPrivate();
    PublicKey puKey = keyPair.getPublic();
    String plaintext = "This is the message being signed";
    // Hacer la firma
    Signature instance = Signature.getInstance("SHA1withRSA","BC");
    instance.initSign(privateKey);
    instance.update((plaintext).getBytes());
    byte[] signature = instance.sign();
    // En dos partes primero hago un Hash
    MessageDigest digest = MessageDigest.getInstance("SHA1", "BC");
    byte[] hash = digest.digest((plaintext).getBytes());
    // El digest es identico a  openssl dgst -sha1 texto.txt
    //MessageDigest sha1 = MessageDigest.getInstance("SHA1","BC");
    //byte[] digest = sha1.digest((plaintext).getBytes());
    AlgorithmIdentifier digestAlgorithm = new AlgorithmIdentifier(new
    DERObjectIdentifier("1.3.14.3.2.26"), null);
    // create the digest info
    DigestInfo di = new DigestInfo(digestAlgorithm, hash);
    byte[] digestInfo = di.getDEREncoded();
    //Luego cifro el hash
    Cipher cipher = Cipher.getInstance("RSA","BC");
    cipher.init(Cipher.ENCRYPT_MODE, privateKey);
    byte[] cipherText = cipher.doFinal(digestInfo);
    //byte[] cipherText = cipher.doFinal(digest2);
    Cipher cipher2 = Cipher.getInstance("RSA","BC");
    cipher2.init(Cipher.DECRYPT_MODE, puKey);
    byte[] cipherText2 = cipher2.doFinal(signature);
    System.out.println("Input data: " + plaintext);
    System.out.println("Digest: " + bytes2String(hash));
    System.out.println("Signature: " + bytes2String(signature));
    System.out.println("Signature2: " + bytes2String(cipherText));
    System.out.println("DigestInfo: " + bytes2String(digestInfo));
    System.out.println("Signature Decipher: " + bytes2String(cipherText2));
    }
    
    0 讨论(0)
  • 2020-11-27 11:54

    A slightly more efficient version of the bytes2String method is

    private static final char[] hex = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'};
    private static String byteArray2Hex(byte[] bytes) {
        StringBuilder sb = new StringBuilder(bytes.length * 2);
        for (final byte b : bytes) {
            sb.append(hex[(b & 0xF0) >> 4]);
            sb.append(hex[b & 0x0F]);
        }
        return sb.toString();
    }
    
    0 讨论(0)
提交回复
热议问题