问题
Basically I'm trying to verify signature which using openssl looks like this:
openssl dgst -sha256 -verify prime192v1-pub-v1.pem -signature signatureFile.bin < dataFile.bin
... and in order to do that on android I need to create PublicKey
object. The method that I'm using throws java.security.spec.InvalidKeySpecException: Unexpected key type
at line kf.generatePublic(new X509EncodedKeySpec(encoded))
.
import org.spongycastle.util.encoders.Base64;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.PublicKey;
import java.security.spec.X509EncodedKeySpec;
public class SO {
public static PublicKey getPublicKeyFromString(String key) throws IOException, GeneralSecurityException {
String publicKeyPEM = key;
publicKeyPEM = publicKeyPEM.replace("-----BEGIN PUBLIC KEY-----\n", "");
publicKeyPEM = publicKeyPEM.replace("-----END PUBLIC KEY-----", "");
byte[] encoded = Base64.decode(publicKeyPEM);
KeyFactory kf = KeyFactory.getInstance("RSA");
return kf.generatePublic(new X509EncodedKeySpec(encoded));
}
}
This is how I call the method:
SO.getPublicKeyFromString(
"-----BEGIN PUBLIC KEY-----\n" +
"MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEXMHnQfWiM4oCaLfx296llgz7iaVv\n" +
"avMPppkzVNZAxtlNLhFlXnNWD0Mw9yzP8/Go\n" +
"-----END PUBLIC KEY-----"
);
Anyone knows what I'm doing wrong?
回答1:
I got it working. The public key is elliptic curve (p192) public key and it should be loaded differently. Having PublicKey
I was able to verify signature the same way as using openssl command.
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import java.io.Reader;
import java.io.StringReader;
import java.security.KeyFactory;
import java.security.PublicKey;
import java.security.Security;
import java.security.Signature;
import java.security.spec.X509EncodedKeySpec;
public class SO {
public PublicKey getPublicKey() throws Exception {
Security.addProvider(new BouncyCastleProvider());
Reader rdr = new StringReader(
"-----BEGIN PUBLIC KEY-----\n" +
"MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEXMHnQfWiM4oCaLfx296llgz7iaVv\n" +
"avMPppkzVNZAxtlNLhFlXnNWD0Mw9yzP8/Go\n" +
"-----END PUBLIC KEY-----\n"
); // or from file etc.
org.bouncycastle.util.io.pem.PemObject spki = new org.bouncycastle.util.io.pem.PemReader(rdr).readPemObject();
PublicKey key = KeyFactory.getInstance("EC", "BC").generatePublic(new X509EncodedKeySpec(spki.getContent()));
return key;
}
public static boolean verify(byte[] data, byte[] signatureBytes, PublicKey publicKey) throws Exception {
Signature signature = Signature.getInstance("SHA256withECDSA", "BC");
signature.initVerify(publicKey);
signature.update(data);
return signature.verify(signatureBytes);
}
}
回答2:
I was fighting with this for a while and came up with this solution. I decided against overloading the security system as I use other elements of android's Encryption system in other areas of my app.
public class EncryptionInterface {
private static final int bufferSize_ = 32;
private static final String headerTag = "-----BEGIN PUBLIC KEY-----";
private static final String footerTag = "-----END PUBLIC KEY-----";
/**
*
* @param ctx
* @return
* @throws Exception
*/
public static PublicKey getPublicKey(Context ctx) throws Exception {
PublicKey generatedPublic;
Security.addProvider(new BouncyCastleProvider());
String publicKeyString = getKeyFromFile(ctx);
byte[] decoded = Base64.decode(publicKeyString, Base64.DEFAULT);
org.spongycastle.asn1.pkcs.RSAPublicKey pkcs1PublicKey = org.spongycastle.asn1.pkcs.RSAPublicKey.getInstance(decoded);
BigInteger modulus = pkcs1PublicKey.getModulus();
BigInteger publicExponent = pkcs1PublicKey.getPublicExponent();
RSAPublicKeySpec keySpec = new RSAPublicKeySpec(modulus, publicExponent);
KeyFactory kf = KeyFactory.getInstance("RSA");
generatedPublic = kf.generatePublic(keySpec);
return generatedPublic;
}
/**
* Load the key/PEM from a file and strip the header/footer.
* @param ctx
* @throws Exception
*/
public static String getKeyFromFile(Context ctx) throws Exception
{
String certPath = "publickey.pem";
InputStream input = ctx.getAssets().open(certPath);
byte[] buffer = new byte[bufferSize_];
int len = 0;
ByteArrayOutputStream keyBuffer = new ByteArrayOutputStream();
while ((len = input.read(buffer)) != -1) {
keyBuffer.write(buffer, 0, len);
}
String str = new String(keyBuffer.toByteArray());
str = str.replace(headerTag, "");
str = str.replace(footerTag, "");
return str;
}
}
来源:https://stackoverflow.com/questions/45464949/publickey-from-pem-file-on-android-java