问题
So I am trying to generate an ECDSAwithHA256 signature in Java, and for that, I am using the BouncyCastle provider. The curve is a secp521r1.
To initalize the signer I am using:
public static final String SIGNATURE_ALGORITHEM = "SHA256withECDSA";
public void init() {
signer = Signature.getInstance(SIGNATURE_ALGORITHEM, BouncyCastleProvider.PROVIDER_NAME);
signer.initSign(privKey);
}
And to sign I am using
public byte[] sign(byte[] bytes) throws SignatureException {
signer.update(bytes);
byte[] signature = signer.sign();
System.out.println("Signature lenght is " + signature.length);
return signature;
}
The only problem now is, that when I am running the code, I get signatures with a length between 137 and 139 byte. But I expected to get always the same amount of bytes. Does somebody know what I have to change, that I have always the same signature length, but still a standardized signature format?
回答1:
Java crypto normally, and Bouncy by default, encodes ECDSA (also DSA) signatures using ASN.1 DER which is variable length. See neardupe ECDSA signature length and cross https://crypto.stackexchange.com/questions/33095/shouldnt-a-signature-using-ecdsa-be-exactly-96-bytes-not-102-or-103 .
Fortunately for you however, Bouncy (1.51 up) also implements P1363-style fixed-length encoding under the names {hash}withPLAIN-ECDSA or {hash}withCVC-ECDSA (and also substituting a slash for with). CVC in this context apparently means Card Verifiable Certificate, although I would not have thought the signature encoding is anywhere near the hardest part of cert verification for a limited device.
Updates: Bouncy 1.61 (2019-02) fixes the bug in 'plain' encoding mentioned in comments. Also, in Java 9 (2018-12) up the standard (Oracle) SunEC provider supports this format as {hash}withECDSAinP1363format
来源:https://stackoverflow.com/questions/52122705/java-ecdsawithsha256-signature-with-inconsistent-length