那些遇到过的问题

标签: digital-signature

验证JWT.IO中的签名

我已经生成了以下令牌并尝试使用http://jwt.io验证签名. 我还附加了jwks端点的内容,该端点应该包含我需要验证的所有详细信息.

所以我的问题是:我怎样才能在jwt.io网站上说这个签名有效?我错过了证书链参数的一些转换吗?

这是jwks的参考规范.

eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6ImEzck1VZ01Gdjl0UGNsTGE2eUYzekFrZnF1RSIsImtpZCI6ImEzck1VZ01Gdjl0UGNsTGE2eUYzekFrZnF1RSJ9.eyJub25jZSI6IjYzNjA3MDM0OTc3NDIzODg2NS5OMlkxTldKbU1EZ3RZbU13TkMwME9XWTNMVGt5TlRJdE9ERXpOell4Wm1NME0yVmxNV1l5TkdOaFlXTXRaVEpqT1MwME4yRmpMVGd6WmpVdFpXWTVOVEEwWmpFMU1qWTEiLCJpYXQiOjE0NzE0MzgxODIsImF0X2hhc2giOiJLWUJpVkl1Uy1YZERzU3NHcWU5dTJBIiwic3ViIjoiMSIsImFtciI6InBhc3N3b3JkIiwiYXV0aF90aW1lIjoxNDcxNDM4MTgyLCJpZHAiOiJpZHNydiIsImlzcyI6Imh0dHBzOi8vZWx3ZWJhcHBsaWNhdGlvbjEuYXp1cmV3ZWJzaXRlcy5uZXQvaWRlbnRpdHkiLCJhdWQiOiJtdmMiLCJleHAiOjE0NzE0Mzg0ODIsIm5iZiI6MTQ3MTQzODE4Mn0.Ehck2-rA09cJzlfURhDMp-WcXm_t_dl-u0Mli3exdv1HxX8i77x5VfFPM6rP4lcpI3lpN8Yj-FefZYDTUY_UmxCYvXf6ILSrhzEfQVaXSPKX1RUQQIDJGPU6NuFLcR416JpUAkE8joYae3WPj5VsM4yNENGGjUANm4qgj6G_mYy_BiXcSqvRGRYwW5GHDsnnANrIw4oktIYS05yCbjdiNYgQZ043L6Pb2p-5eTPCFqG7WRHp208dhg8D3nhtYEov2Kxod93oKHXSp1zf-Ot0cadk6Ss4fClaTE9S1f29lbwxw7ZxI1L3R4oOL3FZPSSHGp4d3a3AdUKOjKvvTVPv6w

{
    keys : [{
            kty : "RSA",
            use : "sig",
            kid : "a3rMUgMFv9tPclLa6yF3zAkfquE",
            x5t : "a3rMUgMFv9tPclLa6yF3zAkfquE",
            e : "AQAB",
            n : "qnTksBdxOiOlsmRNd-mMS2M3o1IDpK4uAr0T4_YqO3zYHAGAWTwsq4ms-NWynqY5HaB4EThNxuq2GWC5JKpO1YirOrwS97B5x9LJyHXPsdJcSikEI9BxOkl6WLQ0UzPxHdYTLpR4_O-0ILAlXw8NU4-jB4AP8Sn9YGYJ5w0fLw5YmWioXeWvocz1wHrZdJPxS8XnqHXwMUozVzQj-x6daOv5FmrHU1r9_bbp0a1GLv4BbTtSh4kMyz1hXylho0EvPg5p9YIKStbNAW9eNWvv5R8HN7PPei21AsUqxekK0oW9jnEdHewckToX7x5zULWKwwZIksll0XnVczVgy7fCFw",
            x5c : [
                "MIIDBTCCAfGgAwIBAgIQNQb+T2ncIrNA6cKvUA1GWTAJBgUrDgMCHQUAMBIxEDAOBgNVBAMTB0RldlJvb3QwHhcNMTAwMTIwMjIwMDAwWhcNMjAwMTIwMjIwMDAwWjAVMRMwEQYDVQQDEwppZHNydjN0ZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqnTksBdxOiOlsmRNd+mMS2M3o1IDpK4uAr0T4/YqO3zYHAGAWTwsq4ms+NWynqY5HaB4EThNxuq2GWC5JKpO1YirOrwS97B5x9LJyHXPsdJcSikEI9BxOkl6WLQ0UzPxHdYTLpR4/O+0ILAlXw8NU4+jB4AP8Sn9YGYJ5w0fLw5YmWioXeWvocz1wHrZdJPxS8XnqHXwMUozVzQj+x6daOv5FmrHU1r9/bbp0a1GLv4BbTtSh4kMyz1hXylho0EvPg5p9YIKStbNAW9eNWvv5R8HN7PPei21AsUqxekK0oW9jnEdHewckToX7x5zULWKwwZIksll0XnVczVgy7fCFwIDAQABo1wwWjATBgNVHSUEDDAKBggrBgEFBQcDATBDBgNVHQEEPDA6gBDSFgDaV+Q2d2191r6A38tBoRQwEjEQMA4GA1UEAxMHRGV2Um9vdIIQLFk7exPNg41NRNaeNu0I9jAJBgUrDgMCHQUAA4IBAQBUnMSZxY5xosMEW6Mz4WEAjNoNv2QvqNmk23RMZGMgr516ROeWS5D3RlTNyU8FkstNCC4maDM3E0Bi4bbzW3AwrpbluqtcyMN3Pivqdxx+zKWKiORJqqLIvN8CT1fVPxxXb/e9GOdaR8eXSmB0PgNUhM4IjgNkwBbvWC9F/lzvwjlQgciR7d4GfXPYsE1vf8tmdQaY8/PtdAkExmbrb9MihdggSoGXlELrPA91Yce+fiRcKY3rQlNWVd4DOoJ/cPXsXwry8pWjNCo5JD8Q+RQ5yZEy7YPoifwemLhTdsBz3hlZr28oCGJ3kbnpW0xGvQb3VHSTVVbeei0CfXoW6iz1"
            ]
        }
    ]
}
Run Code Online (Sandbox Code Playgroud)

签名图像无效

rsa digital-signature jwt openid-connect

Jer*_*ray
2019 03-14
29
推荐指数
1
解决办法
1万
查看次数

从Delphi以编程方式检查数字签名

我需要Delphi中的一个函数来验证外部EXE或DLL的数字签名.在我的特定应用程序中,我偶尔会调用其他进程,但出于安全考虑,我想确保这些可执行文件是在我们的组织运行之前创建的.

在C中看过微软的例子,但是,我不想浪费时间将其翻译成Delphi,如果其他人已经有的话.

我更喜欢第三方库的代码段或代码示例.谢谢.

windows delphi winapi digital-certificate digital-signature

kes*_*kes
2011 05-13
28
推荐指数
1
解决办法
1万
查看次数

使用bouncycastle签署和验证签名的正确方法

我正在使用bcmail-jdk16-1.46.jarbcprov-jdk16-1.46.jar (Bouncycastle库)签署一个string然后验证signature.

这是我code的签名string:

package my.package;

import java.io.FileInputStream;
import java.security.Key;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Security;
import java.security.Signature;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;

import org.bouncycastle.cert.jcajce.JcaCertStore;
import org.bouncycastle.cms.CMSProcessableByteArray;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.CMSSignedDataGenerator;
import org.bouncycastle.cms.CMSTypedData;
import org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
import org.bouncycastle.util.Store;

import sun.misc.BASE64Encoder;

public class SignMessage {

    static final String KEYSTORE_FILE = "keys/certificates.p12";
    static final String KEYSTORE_INSTANCE = "PKCS12";
    static final String KEYSTORE_PWD = …
Run Code Online (Sandbox Code Playgroud)

java encryption cryptography bouncycastle digital-signature

Osc*_*car
2017 03-21
27
推荐指数
3
解决办法
7万
查看次数

SHA256withRSA和SHA256之间的区别然后是RSA

使用以下两种方法计算签名有什么区别?

  1. 用来计算签名 Signature.getInstance("SHA256withRSA")
  2. 计算SHA256 MessageDigest.getInstance("SHA-256")并计算摘要Signature.getInstance("RSA");以获得签名?

如果它们不同,有没有办法修改方法2,以便两种方法都提供相同的输出?

我尝试了以下代码:

package mysha.mysha;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.Security;
import java.security.Signature;

import org.bouncycastle.jce.provider.BouncyCastleProvider;

public class MySHA256 {

    public static void main(String[] args) throws Exception {
        //compute SHA256 first
        Security.addProvider(new BouncyCastleProvider());
        String s = "1234";
        MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
        messageDigest.update(s.getBytes());
        byte[] outputDigest = messageDigest.digest();       
        //sign SHA256 with RSA
        PrivateKey privateKey = Share.loadPk8("D:/key.pk8");
        Signature rsaSignature = Signature.getInstance("RSA");
        rsaSignature.initSign(privateKey);
        rsaSignature.update(outputDigest);
        byte[] signed = rsaSignature.sign();
        System.out.println(bytesToHex(signed));


        //compute SHA256withRSA as a single step
        Signature rsaSha256Signature = …
Run Code Online (Sandbox Code Playgroud)

java rsa bouncycastle digital-signature

Gre*_*and
2015 10-24
27
推荐指数
1
解决办法
3万
查看次数

使用Java XML数字签名API的xml签名的摘要值错误

我需要将签名的XML文件发送给巴西的政府机构.问题是我的Java代码计算的摘要(使用Java XML数字签名API与使用XMLSEC等其他工具生成的摘要不同).

这是我用来为某些XML节点生成XML签名的代码:

private synchronized void sign(XmlObject obj) throws Exception {
        initKeystore();
        XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");
        List<Transform> transformList = new ArrayList<Transform>();
        Transform envelopedTransform = fac.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null);
        Transform c14NTransform = fac.newTransform("http://www.w3.org/TR/2001/REC-xml-c14n-20010315",
                (TransformParameterSpec) null);
        transformList.add(envelopedTransform);
        transformList.add(c14NTransform);
        Reference ref = fac.newReference("", fac.newDigestMethod(DigestMethod.SHA1, null),
                Collections.singletonList(fac.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null)), null,
                null);
        SignedInfo si = fac.newSignedInfo(
                fac.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE, (C14NMethodParameterSpec) null),
                fac.newSignatureMethod(SignatureMethod.RSA_SHA1, null), Collections.singletonList(ref));
        KeyStore ks = KeyStore.getInstance("PKCS12");
        ks.load(new FileInputStream(System.getProperty("javax.net.ssl.keyStore")),
                System.getProperty("javax.net.ssl.keyStorePassword").toCharArray());
        KeyStore.PrivateKeyEntry keyEntry = (KeyStore.PrivateKeyEntry) ks.getEntry("entry",
                new KeyStore.PasswordProtection(System.getProperty("javax.net.ssl.keyStorePassword").toCharArray()));

        X509Certificate cert = (X509Certificate) …
Run Code Online (Sandbox Code Playgroud)

java xml digital-signature xmlsec

And*_*dre
lucky-day
25
推荐指数
1
解决办法
6502
查看次数

如何验证签名,从CRT文件加载PUBLIC KEY?

我回顾了很多论坛和例子,但没有人帮助我.我需要从任何Web服务验证签名.我有带有公钥的test.crt文件进行验证.

static bool Verify(string text, string signature)
{
  X509Certificate2 cert = new X509Certificate2(
      HttpContext.Current.Server.MapPath("test-server.cert"));
  RSACryptoServiceProvider csp = (RSACryptoServiceProvider) cert.PublicKey.Key;

  // Hash the data
  SHA1Managed sha1 = new SHA1Managed();
  UnicodeEncoding encoding = new UnicodeEncoding();
  byte[] data = encoding.GetBytes(text);
  byte[] sign = Convert.FromBase64String(signature);
  byte[] hash = sha1.ComputeHash(data);

  return csp.VerifyHash(hash, CryptoConfig.MapNameToOID("SHA1"), sign);
}
Run Code Online (Sandbox Code Playgroud)

但结果总是假的:(

我有一个OpenSSL示例:

openssl base64 -d -in signature -out signature.bin
openssl dgst -sha1 -verify test-server.pub -signature signature.bin from_gateway
Run Code Online (Sandbox Code Playgroud)

c# cryptography digital-signature public-key-encryption x509

dru*_*rup
2012 10-12
25
推荐指数
1
解决办法
5439
查看次数

如何对可执行文件进行数字签名?

我正在编写需要管理访问权限的软件.弹出UAC对话框时,它会显示与未签名软件不同的数字签名软件弹出窗口.我相信对我的软件进行数字签名将使用户更容易信任我的软件.数字签名软件需要花费数千美元,还是免费的?有一个简单的方法吗?我搜索过谷歌,我得到的是如何签署PHP,XML和PDF文件,这不是我想要的.我需要签署我的软件可执行文件.

刚看到一些关于sigtool.exe的事情?这是正确的方向吗?那些复杂的.pfx文件和Authenticode怎么样?

c# digital-signature

Rud*_*udi
2015 05-10
24
推荐指数
3
解决办法
2万
查看次数

XML签名:如何计算摘要值?

我有这样的XML

<?xml version="1.0" encoding="utf-8"?>
<foo>
  <bar>
    <value>A</value>
  </bar>
  <bar>
    <value>B</value>
  </bar>
  <baz>
    <value>C</value>
  </baz><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" /><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><Reference URI=""><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><DigestValue>WqpRWHxXA0YgH+p3Sxy6hRo1XIk=</DigestValue></Reference></SignedInfo><SignatureValue>EoRk/GhR4UA4D+8AzGPPkeim1dZrlSy88eF73n/T9Lpeq9IxoGRHNUA8FEwuDNJuz3IugC0n2RHQQpQajiYvhlY3XG+z742pgsdMfFE4Pddk4gF1T8CVS1rsF7bjX+FKT/c8B2/C8FNgmfkxDlB/ochtbRvuAGPQGtgJ3h/wjSg=</SignatureValue><KeyInfo><X509Data><X509Certificate>MIIB8zCCAVygAwIBAgIQgfzbrIjhLL9FobStI2ub3zANBgkqhkiG9w0BAQQFADATMREwDwYDVQQDEwhUZXN0ZUFjbjAeFw0wMDAxMDEwMDAwMDBaFw0zNjAxMDEwMDAwMDBaMBMxETAPBgNVBAMTCFRlc3RlQWNuMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDO+yAZ8/qJbhSVH/+2wMmzix3jM/CExb6sTgaiPwe6ylcHgF45zeQDq06OSJZCSns34em/ULINZddDf8z0b9uk/2sOGr1pYqsunLLBvw2FkvWJQDkhx2SzCm8v4xGX2kyXNbjiY/K56oPOMjpayKoAFnnvk7p2iFAxNZK/6lpZ7wIDAQABo0gwRjBEBgNVHQEEPTA7gBCOOHcajwnATYZ0t6w7LVU0oRUwEzERMA8GA1UEAxMIVGVzdGVBY26CEIH826yI4Sy/RaG0rSNrm98wDQYJKoZIhvcNAQEEBQADgYEABL9Qhi6f1Z+/t8oKXBQFx3UUsNF9N2o4k6q1c3CKZYqx2E/in+nARIYRdh5kbeLfomi6GIyVFeXExp8crob3MAzOQMvXf9+ByuezimMPIHDvv0u3kmmeITXfoZrHCDxLoWWlESN1owBfKPqe7JKAuu9ORDC0pUiUfCHWxCoqNos=</X509Certificate></X509Data></KeyInfo></Signature>
</foo>
Run Code Online (Sandbox Code Playgroud)

如何创建引用中的摘要值(WqpRWHxXA0YgH + p3Sxy6hRo1XIk =)?我的意思是如何手动计算这个值?

xml digest digital-signature xml-signature

use*_*816
2017 10-20
23
推荐指数
3
解决办法
5万
查看次数

我何时应该使用SHA-1,何时应该使用SHA-2?

在我的c#应用程序中,我正在使用RSA签名文件,然后由上传的人上传到我公司的数据库中,在这里我必须选择SHA-1或SHA-2来计算哈希值.
与编程中的任何其他组件一样,我知道必须有一个"在这里使用"和"在那里使用"这两个组件.
那么,什么时候?那时呢?

编辑:
我的问题是:性能有什么不同?而不是关于安全性,因为我已经知道SHA-2比SHA-1更安全.
在此链接中,不同类型的SHA-2之间的比较注意何时使用SHA-512以及何时不使用SHA-512.我需要一个关于SHA-1和SHA-2的类似论点.

c# security rsa sha digital-signature

Maj*_*ajd
2011 02-15
23
推荐指数
1
解决办法
3万
查看次数

Android应用程序的"./META-INF/CERT.RSA"文件中包含哪些内容?

我是加密证书的新手,我正在试图找出Android应用程序的"./META-INF"文件夹下的"CERT.RSA"文件的组件.

据我了解,"CERT.RSA"用于验证同一目录下"CERT.SF"文件的签名.它应该包括证书元信息(主题,发行者,序列号等),由开发者私钥签名的"CERT.SF"签名,以及用于验证签名的公钥.

如何从"CERT.RSA"文件中获取上述组件?特别是,如何从"CERT.RSA"中检索公钥?

我尝试使用以下命令来显示签名证书.当人们谈论签名证书时,是否(以下输出)公钥或签名签名?

>> openssl pkcs7 -inform DER -print_certs -out cert.pem -in CERT.RSA
>> cat cert.pem

subject=/C=SE/ST=Kista/L=Kista/O=Javsym/OU=Mobile Visuals/CN=Eyvind Almqvist
issuer=/C=SE/ST=Kista/L=Kista/O=Javsym/OU=Mobile Visuals/CN=Eyvind Almqvist
-----BEGIN CERTIFICATE-----
MIICWzCCAcSgAwIBAgIETVPFgjANBgkqhkiG9w0BAQUFADBxMQswCQYDVQQGEwJT
RTEOMAwGA1UECBMFS2lzdGExDjAMBgNVBAcTBUtpc3RhMQ8wDQYDVQQKEwZKYXZz
eW0xFzAVBgNVBAsTDk1vYmlsZSBWaXN1YWxzMRgwFgYDVQQDEw9FeXZpbmQgQWxt
cXZpc3QwIBcNMTEwMjEwMTEwMTIyWhgPMjA2MTAxMjgxMTAxMjJaMHExCzAJBgNV
BAYTAlNFMQ4wDAYDVQQIEwVLaXN0YTEOMAwGA1UEBxMFS2lzdGExDzANBgNVBAoT
BkphdnN5bTEXMBUGA1UECxMOTW9iaWxlIFZpc3VhbHMxGDAWBgNVBAMTD0V5dmlu
ZCBBbG1xdmlzdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAjwLlwflQ2zoC
1EeCkICSqYTSkdv6Xj0YCqoQsuLJw0pwDbz5qRos61Ub0ZxWCa4TfXu1NJmuD4j+
LwQYvAR6JO985y4zjH1Ee5qZmHDC5yoSRko6P8B4KfmBm8E8CryhUjN7vNLUfG2o
XrmXK+g5KKTx3wzWlb4+AdAS7/NlDVkCAwEAATANBgkqhkiG9w0BAQUFAAOBgQAS
CxdfvR/LHPlULkCsoGw9/Q2ZhsTlPr7fZw32sef9vnz1hqd6iMDsLC2c34yRVJfb
t6dZCVO9/gWMURIZ7NmT36uBFAUB+XkGK+5/ot3YEJicEwmk/Nvj1Tzo3PjBX3ZD
lLBpEPgc3IUOhgMyzDR+ytgFlH0MkDps6FApunUpiQ==
-----END CERTIFICATE-----
Run Code Online (Sandbox Code Playgroud)

通过使用以下命令,我可以获得此证书的元信息:

>> keytool -printcert -file CERT.RSA

Owner: CN=Eyvind Almqvist, OU=Mobile Visuals, O=Javsym, L=Kista, ST=Kista, C=SE
Issuer: CN=Eyvind Almqvist, OU=Mobile Visuals, O=Javsym, L=Kista, ST=Kista, C=SE
Serial number: 4d53c582
Valid from: Thu Feb 10 06:01:22 EST 2011 until: Fri Jan 28 06:01:22 …
Run Code Online (Sandbox Code Playgroud)

android digital-certificate digital-signature android-applicationinfo

use*_*508
2016 02-21
23
推荐指数
4
解决办法
3万
查看次数

标签 统计

digital-signature ×10

c# ×3

java ×3

rsa ×3

bouncycastle ×2

cryptography ×2

digital-certificate ×2

xml ×2

android ×1

android-applicationinfo ×1

delphi ×1

digest ×1

encryption ×1

jwt ×1

openid-connect ×1

public-key-encryption ×1

security ×1

sha ×1

winapi ×1

windows ×1

x509 ×1

xml-signature ×1

xmlsec ×1