我正在尝试使用提供的公钥和签名验证使用私钥签名的邮件.
像魅力一样工作的命令行是
cat call.blah | openssl dgst -sha256 -verify public-key.pem -signature signature.sig Verified OK
public-key.pem是使用该命令从X509证书创建的
openssl x509 -pubkey -noout -in x509key.cer > public-key.pem
现在我试图模仿groovy,这是我的代码
static void main(String[] args) { /* Verify a DSA signature */ if (args.length != 3) { System.out.println("Usage: VerSig publickeyfile signaturefile datafile") } else try { /* import encoded public key */ FileInputStream keyfis = new FileInputStream(args[0]) CertificateFactory f = CertificateFactory.getInstance("X.509") X509Certificate certificate = (X509Certificate)f.generateCertificate(keyfis) PublicKey pubKey = certificate.getPublicKey() /* input the signature bytes */ FileInputStream sigfis = new FileInputStream(args[1]) byte[] sigToVerify = new byte[sigfis.available()] sigfis.read(sigToVerify) sigfis.close() /* create a Signature object and initialize it with the public key */ Signature sig = Signature.getInstance("SHA256withRSA") sig.initVerify(pubKey) /* Update and verify the data */ FileInputStream datafis = new FileInputStream(args[2]) BufferedInputStream bufin = new BufferedInputStream(datafis) byte[] buffer = new byte[1024] int len while (bufin.available() != 0) { len = bufin.read(buffer) sig.update(buffer, 0, len) } bufin.close() boolean verifies = sig.verify(sigToVerify) // <---- THIS IS WHERE THE ERROR OCCURS System.out.println("signature verifies: " + verifies) } catch (Exception e) { e.printStackTrace() } }
我用这些参数运行它
x509key.cer signature.sig call.blah
(这是X509证书,签名和签名的邮件正文)
获取以下堆栈跟踪
java.security.SignatureException: Signature length not correct: got 512 but was expecting 256 at sun.security.rsa.RSASignature.engineVerify(RSASignature.java:190) at java.security.Signature$Delegate.engineVerify(Signature.java:1174) at java.security.Signature.verify(Signature.java:624) at java_security_Signature$verify$2.call(Unknown Source) at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:45) at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:108) at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:116) at VerSig.main(VerSign.groovy:50) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:483) at com.intellij.rt.execution.application.AppMain.main(AppMain.java:134)
我究竟做错了什么?