我现在正在制作RSA消息认证软件.过程如下:
#1代码(如下)工作正常并生成以下结果:
5554c9a9f6838b6cf40d9dbfbab3d90ea27aa6434ed095d289c13c2624617993ad99161ac265276d150510c176341d8ab8600d08b7353286d465e6bd3370a6fd8dd3ffb82916f612fd6dcee5e654ed801cfca6b6d2d5d6dc99ff7921b615abdf62eb67db1f71e6a6ea70012fd35e7cefa1a8d3aab7614c47746cfe1fc2bc875b
但是#2代码显示以下错误:
javax.crypto.IllegalBlockSizeException: Data must not be longer than 128 bytes
我认为#1中的行Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
产生2048位(256字节)的结果.也许这就是问题......记住我使用1024位私钥.
那么#1代码如何生成128字节的结果呢?
1. SignMail.java
public class SignMail {
static {
Security.addProvider(new org.spongycastle.jce.provider.BouncyCastleProvider());
}
public static String sign(String userOriginalMessage) throws Exception {
PEMReader userPrivateKey = new PEMReader(
new InputStreamReader(
new FileInputStream(Environment.getExternalStorageDirectory()+"/pkcs10priv.key")));
KeyPair keyPair = (KeyPair)userPrivateKey.readObject();
byte[] cipherText;
//modified by JEON 20130817
Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
//encrypt the message using private key
cipher.init(Cipher.ENCRYPT_MODE, keyPair.getPrivate());
cipherText = cipher.doFinal(userOriginalMessage.getBytes());
return new String(Hex.encode(cipherText));
}
}
2. UserSMSVerifier.java
public class UserSMSVerifier {
static String signedMail;
static {
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
}
public static String messageGenarator(
String UserCert,
String origninalMessage
) throws Exception{
InputStream userCertStream = new ByteArrayInputStream(UserCert.getBytes("UTF-8"));
PEMReader userCerti = new PEMReader(
new InputStreamReader(
userCertStream));
//KeyPair userPrivate = (KeyPair)userPrivateKey.readObject();
X509Certificate userCert = (X509Certificate)userCerti.readObject();
byte[] dectyptedText = null;
// decrypt the text using the private key
//modified by JEON 20130817
//Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
cipher.init(Cipher.DECRYPT_MODE, userCert.getPublicKey());
dectyptedText = cipher.doFinal(origninalMessage.getBytes());
String result = new String(dectyptedText, Charset.forName("UTF-8"));
return result;
}
}
#2代码由以下JSP执行
#3 messageVeri.JSP
<%@ page language="java" contentType="text/html; charset=euc-kr" %>
<%@ page session = "true" %>
<%@ page import="java.sql.DriverManager" %>
<%@ page import="java.sql.Connection" %>
<%@ page import="java.sql.PreparedStatement" %>
<%@ page import="java.sql.Statement" %>
<%@ page import="java.sql.SQLException" %>
<%@ page import="java.sql.ResultSet" %>
<%@ page import="myPackage.UserSMSVerifier" %>
<%
request.setCharacterEncoding("euc-kr");
String userID = request.getParameter("sender");
String encryptedSMS = request.getParameter("encryptedSMS");
//String sql = "select user_id, user_pw from testca.testca_init where user_id=? and user_pw=?";
//String sql = "update testca.testca_init set pkcs10request = '"+pkcs10request_new+"' where user_id='user1'";
String sql = "select * from testca.testca_init where user_id='" + userID + "'";
Class.forName("com.mysql.jdbc.Driver");
Connection conn = null;
PreparedStatement pstmt = null;
Statement stmt = null;
ResultSet rs = null;
String jdbcDriver = "jdbc:mysql://localhost:3306/";
String dbUser = "root";
String dbPass = "fo.......t";
try{
conn = DriverManager.getConnection(jdbcDriver, dbUser, dbPass);
stmt = conn.createStatement();
//stmt.executeUpdate(sql);
rs=stmt.executeQuery(sql);
while(rs.next()){
//rs=stmt.executeQuery(sql);
String userCertificate=rs.getString("certificate");
UserSMSVerifier.messageGenarator(userCertificate, encryptedSMS);
}
}catch(Exception ex){out.print("Error 2: " +ex);}
/*
if(rs.next())
{
//session.setAttribute("userID", userID);
out.print("Insert Succeed!");
out.println();
//out.print("Welcome!" + " " + session.getAttribute("userID"));
}
else
{
out.print("failed to login!");
//session.invalidate();
}
*/
%>
Dun*_*nes 13
您的签名字符串包含256个字符,但这是十六进制的,实际上代表128 个字节.
在验证签名之前,必须将其转换回字节数组.这不是someString.getBytes()通过DatatypeConverter.parseHexBinary(someString)(或通过您喜欢的任何其他方法)来实现的.
此外,我强烈建议您在签名邮件时使用Signature类而不是Cipher类.目前,您的代码只能处理长度小于128字节的消息(实际上,由于填充较小).相反,您应该在签名之前对消息进行散列(例如,使用该SHA256withRSA机制).
| 归档时间: |
|
| 查看次数: |
23466 次 |
| 最近记录: |