【问题标题】:Data signed on iOS- Objective C while verifing in Java always return false在 iOS-Objective C 上签名的数据在 Java 中验证时总是返回 false
【发布时间】:2019-06-27 10:10:23
【问题描述】:

iOS 代码:

//step 1

//start of key pair genration

NSString * PrivTagString = @"com.manish.rsa.privIdentifier";

NSString * PubTagString = @"com.manish.rsa.pubIdentifier";



 privateTag = [PrivTagString dataUsingEncoding:NSUTF8StringEncoding];

 publicTag = [PubTagString dataUsingEncoding:NSUTF8StringEncoding];



NSDictionary *privateAttributes = @{(NSString *)kSecAttrIsPermanent: @YES, (NSString *)kSecAttrApplicationTag: privateTag};

NSDictionary *publicAttributes = @{(NSString *)kSecAttrIsPermanent: @YES, (NSString *)kSecAttrApplicationTag: publicTag};



NSDictionary *pairAttributes = @{(NSString *)kSecAttrKeyType: (NSString *)kSecAttrKeyTypeRSA, (NSString *)kSecAttrKeySizeInBits: @2048, (NSString *)kSecPublicKeyAttrs: publicAttributes, (NSString *)kSecPrivateKeyAttrs: privateAttributes};



OSStatus osStatus = SecKeyGeneratePair((CFDictionaryRef)pairAttributes, &publicKeyRef, &privateKeyRef);

switch (osStatus) {

    case noErr:

        break;

    default:

        break;

}

//end of key pair key genration



//step2

//export ublic key for java server



NSLog(@"%@",[self getPublicKeyAsBase64ForJavaServer]);





//step3

//Create the SHA256 digest of the custom string with CC_SHA256

NSString *stringToSign = @"Manish";



NSMutableData *hash = [NSMutableData dataWithLength:(NSUInteger)CC_SHA256_DIGEST_LENGTH];

NSData *data = [stringToSign dataUsingEncoding:NSUTF8StringEncoding];

CC_SHA256(data.bytes, (CC_LONG)data.length, hash.mutableBytes);



//step4

// Sign the hash with the private key

size_t blockSize = SecKeyGetBlockSize(privateKeyRef);



NSUInteger hashDataLength = hash.length;

const unsigned char *hashData = (const unsigned char *)hash.bytes;



NSMutableData *result = [NSMutableData dataWithLength:blockSize];





uint8_t *signedHashBytes = malloc(blockSize * sizeof(uint8_t));

memset((void *) signedHashBytes, 0x0, blockSize);

size_t encryptedDataLength = blockSize;



OSStatus status = SecKeyRawSign(privateKeyRef, kSecPaddingPKCS1SHA256, hashData, hashDataLength, signedHashBytes, &encryptedDataLength);



NSData *signedHash = [NSData dataWithBytes:(const void *) signedHashBytes length:(NSUInteger) encryptedDataLength];



NSLog(@"%@",[signedHash base64EncodedStringWithOptions:0]);

Java 代码

String message = new String("Manish".getBytes(),"UTF-8");
String sign = "UDhDZd5NWA0nVOyspxgiklAk4LIqY8eaM7f8RJSTdr058BIVTH99AVnfQ8Yz7zEQeKVWKF3BG0e+maaJpK3lfRLs5ohjs6pxBEIFODr6fkSQjQ5NEr4LHNh51Q7TY6RyOFvk9qasXcLuqLM+DjawSAN0/HjUq4GM6eNgQ4EYtrDa72HuRCiGKdIz/TdZSITQjT0bOfUVssR3869PmVjVX43TzPZv7j2/A+t8BT0lkURD+Z2v1DJeSdopjLESuQ6+DCRkwHPw63thymvR8tU3VUiQ4DfABTV3xB6gQp4MaTN0hGreOXHh9iiPQaEII7wa6vq7JS7l26gAzz8Yiu4AsA==";

String pub = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2udbgzyYEm2pPIA23GwZbjy2osoN9+nirttWFQwXWAyz2Fr+D6b45Xzvqr03wByySosRMQSZLs5eDYXPpmK12wGNKtQu8RaaodVfJ7p86mQY0/TapLoUpMkU6cmjxZV3gcrv811uL13zRQpuixHFU8aIzKJ4DU5/XuU0TSM1Z3nUnRj9cdGswG8JW2jWfWHNJIMUsq9y7A8ti/wNbXQgjHWr0S9pFIuZHV0kP9UFa0SHHdjj3HpUz324DWpsYfMJsPCVDsbedK0ckDfHjmhLYi2xOgYb7k2AGW0tLqiOigaHYbRR4glm4ztlNr8QjDlDo+k5rnlhv8/ZC1Zy3XAU/wIDAQAB";
byte[] decodedPublicKey = Base64.getDecoder().decode(pub.getBytes("UTF-8"));
X509EncodedKeySpec publickeySpec = new X509EncodedKeySpec(decodedPublicKey);
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
PublicKey publicKey = keyFactory.generatePublic(publickeySpec);


final Signature instace = Signature.getInstance("SHA256withRSA");
instace.initVerify(publicKey);
instace.update(message.getBytes("UTF-8"));
boolean result =instace.verify(Base64.getDecoder().decode((sign.getBytes("UTF-8"))));
System.out.println(result);

结果总是只有假的。 我尝试了许多其他现有解决方案,例如: RSA SHA256 signing in iOS and verification on JavaData signed on iOS can't be verified in Java 但没有运气。 请提供您的宝贵意见,我错过了什么?我觉得某个地方存在字符集问题。

【问题讨论】:

    标签: java ios objective-c rsa digital-signature


    【解决方案1】:

    我在代码中发现了错误,因为我在钥匙串中创建它们时保存了密钥,所以第一次如果我使用签名密钥和公钥,它在 java 端得到了正确验证,但下次我再次创建密钥和标识符时钥匙串中仍然存在相同的旧钥匙,所以给我带来了麻烦。为了解决这个问题,我刚刚从钥匙串中删除了钥匙,然后再次创建它们,现在它工作正常;)

    【讨论】:

      猜你喜欢
      • 1970-01-01
      • 1970-01-01
      • 2014-05-30
      • 1970-01-01
      • 2022-11-09
      • 2018-10-31
      • 2023-03-03
      • 2022-01-16
      • 1970-01-01
      相关资源
      最近更新 更多