問題描述

我試圖了解 Java java.security.Signature 類的作用.如果我計算一個 SHA1 消息摘要，然后使用 RSA 加密該摘要，我會得到與要求 Signature 類簽署相同內容不同的結果:

I'm trying to understand what the Java java.security.Signature class does. If I compute an SHA1 message digest, and then encrypt that digest using RSA, I get a different result to asking the Signature class to sign the same thing:

// Generate new key
KeyPair keyPair = KeyPairGenerator.getInstance("RSA").generateKeyPair();
PrivateKey privateKey = keyPair.getPrivate();
String plaintext = "This is the message being signed";

// Compute signature
Signature instance = Signature.getInstance("SHA1withRSA");
instance.initSign(privateKey);
instance.update((plaintext).getBytes());
byte[] signature = instance.sign();

// Compute digest
MessageDigest sha1 = MessageDigest.getInstance("SHA1");
byte[] digest = sha1.digest((plaintext).getBytes());

// Encrypt digest
Cipher cipher = Cipher.getInstance("RSA");
cipher.init(Cipher.ENCRYPT_MODE, privateKey);
byte[] cipherText = cipher.doFinal(digest);

// Display results
System.out.println("Input data: " + plaintext);
System.out.println("Digest: " + bytes2String(digest));
System.out.println("Cipher text: " + bytes2String(cipherText));
System.out.println("Signature: " + bytes2String(signature));

結果(例如):

輸入數據:這是正在簽名的消息
摘要:62b0a9ef15461c82766fb5bdaae9edbe4ac2e067
密文:057dc0d2f7f54acc95d3cf5cba9f944619394711003bdd12...
簽名:7177c74bbbb871cc0af92e30d2808ebae146f25d3fd8ba1622...

Input data: This is the message being signed
Digest: 62b0a9ef15461c82766fb5bdaae9edbe4ac2e067
Cipher text: 057dc0d2f7f54acc95d3cf5cba9f944619394711003bdd12...
Signature: 7177c74bbbb871cc0af92e30d2808ebae146f25d3fd8ba1622...

我一定對 Signature 正在做的事情有一個根本性的誤解 - 我已經對其進行了跟蹤，它似乎正在對 MessageDigest 對象調用更新，其中如我所料，算法設置為 SHA1，然后獲取摘要，然后進行加密.是什么導致結果不同?

I must have a fundamental misunderstanding of what Signature is doing - I've traced through it, and it appears to be calling update on a MessageDigest object, with the algorithm set to SHA1 as I would expect, then getting the digest, then doing the encryption. What's making the results differ?

Leonidas 讓我檢查簽名方案是否應該按照我的想法去做.RFC 中定義了兩種類型的簽名:

Leonidas made me check whether the signature scheme is supposed to do what I think it does. There are two types of signature defined in the RFC:

• RSSA-PKCS1-v1_5
• RSSA-PSS

第一個 (PKCS1) 是我在上面描述.它使用哈希函數創建摘要，然后使用私鑰對結果進行加密.

The first of these (PKCS1) is the one I describe above. It uses a hash function to create a digest, and then encrypts the result with a private key.

第二種算法使用隨機鹽值，并且更安全但不確定.如果重復使用相同的密鑰，上面代碼產生的簽名不會改變，所以我認為它不可能是PSS.

The second algorithm uses a random salt value, and is more secure but non-deterministic. The signature produced from the code above does not change if the same key is used repeatedly, so I don't think it can be PSS.

這是我使用的 bytes2string 方法:

Here's the bytes2string method I was using:

private static String bytes2String(byte[] bytes) {
    StringBuilder string = new StringBuilder();
    for (byte b : bytes) {
        String hexString = Integer.toHexString(0x00FF & b);
        string.append(hexString.length() == 1 ? "0" + hexString : hexString);
    }
    return string.toString();
}

推薦答案

好的，我已經弄清楚發生了什么.Leonidas 是對的，它不僅僅是被加密的哈希(在 Cipher 類方法的情況下)，它是與摘要連接的哈希算法的 ID:

OK, I've worked out what's going on. Leonidas is right, it's not just the hash that gets encrypted (in the case of the Cipher class method), it's the ID of the hash algorithm concatenated with the digest:

  DigestInfo ::= SEQUENCE {
      digestAlgorithm AlgorithmIdentifier,
      digest OCTET STRING
  }

這就是 Cipher 和 Signature 的加密方式不同的原因.

Which is why the encryption by the Cipher and Signature are different.

這篇關于SHA1 和 RSA 與 java.security.Signature 對比 MessageDigest 和 Cipher的文章就介紹到這了，希望我們推薦的答案對大家有所幫助，也希望大家多多支持html5模板網！