我不明白为什么存在JWS不受保护的头文件.
对于某些上下文:JWS未受保护的头包含不受完整性保护的参数,并且只能使用带有JSON序列化的每个签名.
如果它们可以用作顶级标题,我可以看到为什么有人想要包含一个可变参数(这不会改变签名).然而,这种情况并非如此.
任何人都可以想到一个用例或知道为什么它们被包含在规范中?
谢谢!
我正在尝试使用私钥和已知曲线生成公钥.以下是我的代码:
// Generate Keys
ECGenParameterSpec ecGenSpec = new ECGenParameterSpec("secp256r1");
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("ECDSA", "BC");
keyPairGenerator.initialize(ecGenSpec, new SecureRandom());
java.security.KeyPair pair = keyPairGenerator.generateKeyPair();
ECPrivateKey privateKey = (ECPrivateKey) pair.getPrivate();
ECPublicKey publicKeyExpected = (ECPublicKey) pair.getPublic();
// Expected public key
System.out.print("Expected Public Key: " +
BaseEncoding.base64Url().encode(publicKeyExpected.getEncoded()));
// Generate public key from private key
X9ECParameters ecp = SECNamedCurves.getByName("secp256r1");
ECDomainParameters domainParams = new ECDomainParameters(ecp.getCurve(),
ecp.getG(), ecp.getN(), ecp.getH(),
ecp.getSeed());
ECPoint Q = domainParams.getG().multiply(privateKey.getS()); // is this correct?
KeyFactory kf = KeyFactory.getInstance("ECDSA", "BC");
ECPublicKey publicKeyGenerated =
(ECPublicKey) kf.generatePublic(new X509EncodedKeySpec(Q.getEncoded(false))); …