Java中的方法RSACryptoServiceProvider signHash的等价物

发布时间：2020-12-14 16:41:06 所属栏目：Java 来源：网络整理

导读：我正在尝试获得相当于以下C#方法： public byte[] SignHash(byte[] btHash,string SN){ string strSignature = string.Empty; X509Store x509store = null; x509store = new X509Store(StoreLocation.CurrentUser); x509store.Open(OpenFlags.ReadOnly); for

我正在尝试获得相当于以下C#方法：

public byte[] SignHash(byte[] btHash,string SN)
{
    string strSignature = string.Empty;
    X509Store x509store = null;
    x509store = new X509Store(StoreLocation.CurrentUser);
    x509store.Open(OpenFlags.ReadOnly);

    foreach (X509Certificate2 x509 in x509store.Certificates)
    {
        if (x509.SerialNumber.ToLower().Contains(SN.ToLower()))
        {
            byte[] btSignature = null;
            using (RSACryptoServiceProvider key = new RSACryptoServiceProvider())
            {

                key.FromXmlString(x509.PrivateKey.ToXmlString(true));
                return key.SignHash(btHash,CryptoConfig.MapNameToOID("SHA256"));
            }
            break;
        }
    }
    return null;

}

在Java语言中.其实我来过这个：

private static String SignHash(final byte[] btHash,String SerialNumber) throws Exception
{
    KeyStore ks = null;
    ks = KeyStore.getInstance("Windows-MY");
    ks.load(null,null);

    Boolean noValidCertificate = true;

    Enumeration<String> en = ks.aliases();

    ArrayList<String> lstAlias = Collections.list(en);

    lstErreurs.add(lstAlias.size() + " certificate(s) found");

    for (String aliasKey : lstAlias)
    {
        X509Certificate cert = (X509Certificate) ks.getCertificate(aliasKey);

        Certificat = Base64Coder.encodeBase64String(cert.getEncoded());

        Boolean blnCertificateFound = false;

        if (SerialNumber != null && !SerialNumber.equals(""))
        {
            String SerialNumberCert = cert.getSerialNumber().toString(16);

            if (SerialNumber.toLowerCase().contains(SerialNumberCert.toLowerCase())
                    || SerialNumberCert.toLowerCase().contains(SerialNumber.toLowerCase()))
            {
                blnCertificateFound = true;
            }
        }

        if (blnCertificateFound == false)
        {
            continue;
        }

        Provider p = ks.getProvider();

        boolean isHashToSign = false;
        for (String strToSign : input.split(";")) {
            if(strToSign.length() == 44 && General.isBase64(strToSign)) {
                isHashToSign = true;
                break;
            }
        }

        String algorithm = "";
        if(isHashToSign)
        {
            algorithm = "RSA";
        } else {
            algorithm = "SHA256withRSA";
        }
        Signature sig = Signature.getInstance(algorithm,p);

        PrivateKey key = (PrivateKey) ks.getKey(aliasKey,"1234".toCharArray());

        if (key != null)
        {
            noValidCertificate = false;

            sig.initSign(key);

            String[] TabToSign = input.split(";");
            String strResultSignature = "";
            String separator = "";
            for (String strToSign : TabToSign)
            {
                byte[] btToSign = null;
                if(isHashToSign) {
                    btToSign = General.Base64_Decode_To_ByteArray(strToSign.getBytes(Charset.forName("UTF-8")));
                } else {
                    btToSign = strToSign.getBytes(Charset.forName("UTF-8"));
                }

                sig.update(btToSign);

                byte[] res = sig.sign();

                String resB64 = Base64Coder.encodeBase64String(res);

                strResultSignature += separator + resB64;
                separator = ";";
            }

            return strResultSignature;
        }
    }

    return null;
}

但获取算法“RSA”不适用于签名.我终于在Java中签名哈希的哈希.我想签署一个SHA256字节数组散列,而不会再次发生哈希.我怎么能得到这个结果？ (有关信息,我使用Windows证书商店,所以我必须与Sun MSCAPI提供商合作).

编辑1：

我尝试使用算法“NONEwithRSA”,但签名结果与使用SignHash方法的.NET中的签名不同.

编辑2：

以下线程：Difference between SHA256withRSA and SHA256 then RSA说明实际上可以签署一个哈希,但该方法需要BouncyCastle.

我无法使用BouncyCastle操作,因为我需要使用sun MSCAPI提供程序(Windows Certificate Store).我必须找到BouncyCastle的替代方法(除非BC允许我们使用Sun MSCAPI提供程序).

解决方法

(答案是完全重写的,一些不那么有趣的想法和片段可以在 previous revisions中找到)

对SignHash的调用(btHash,CryptoConfig.MapNameToOID(“SHA256”))执行PKCS#1 v1.5签名(RSASSA-PKCS1-v1_5),例如：

byte[] btHash = new byte[] { 0x57,0x91,0x16,0xB6,0x3E,0x06,0x58,0x83,0x24,0x8C,0x07,0xDA,0x6A,0x03,0x4D,0x23,0x37,0x0B,0x32,0x1C,0xA0,0x80,0x08,0x1F,0x42,0x81,0x8E,0x54,0x3A,0xC6 };
X509Certificate2 cert = new X509Certificate2("dummy.p12","1234",X509KeyStorageFlags.Exportable);
using (RSACryptoServiceProvider key = new RSACryptoServiceProvider())
{
    key.FromXmlString(cert.PrivateKey.ToXmlString(true));
    byte[] ret = key.SignHash(btHash,CryptoConfig.MapNameToOID("SHA256"));
}

提供签名：

0A5003E549C4E4310F720076A5A4D785B165C4FE352110F6CA9877EB9F364D0C40B0197110304D6F92E8BD40DFD38DB91F356601CDD2CD34129BC54492C2D7F371D431150288A95C21E47533F01A9FA4977439FF9594C703380BEDF49A47A7B060ECAC26AEB53B8732D93E18FAD3B2D5889B3311C1B0D4F9F6B318169BDEB143D771DEFB56BAFE49B2B59F172757D4273EF369AFCB32490EC954E17599BD66D4E3BDB345B860748DB0C3B5A272ECFA546E65F2D4C87870CC62D91680AB71DB52DE618C006356258A941E8F36A5DCC7A06BA6DACAC3DC35F482B168107B4D7DA6C19A56FEDC247232DD7210CA9DB7273AA9AE6A90A8A4DFEB64BA0FBC830AB922

其中包含PKCS#1 v1.5填充DigestInfo和哈希(当使用公钥解密时)：

0001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF003031300D060960864801650304020105000420579116B63E065883248C0716DA6A034D23370B321CA080081F4203818E543AC6

由于您只有哈希(而不是数据)要签名,您需要在java中使用NONEwithRSA algorithm(它应该执行PKCS#1 v1.5填充输入数据的签名,而不需要任何哈希值),并生成正确的输入DigestInfo与手动散列OID.像这样(在Apache Commons Lang的帮助下)::

byte[] btHash = new byte[] { ....the same.... };
KeyStore keystore = KeyStore.getInstance("PKCS12");
keystore.load(new FileInputStream("dummy.p12"),"1234".toCharArray());
PrivateKey privKey = (PrivateKey)keystore.getKey("Dummy","1234".toCharArray());
byte[] asn=ArrayUtils.addAll(new byte[] { (byte)0x30,(byte)0x31,(byte)0x30,(byte)0x0d,(byte)0x06,(byte)0x09,(byte)0x60,(byte)0x86,(byte)0x48,(byte)0x01,(byte)0x65,(byte)0x03,(byte)0x04,(byte)0x02,(byte)0x05,(byte)0x00,(byte)0x20},btHash);
Signature signature = Signature.getInstance("NONEwithRSA");
signature.initSign(privKey);
signature.update(asn);
byte[] ret = signature.sign();

它给出与C#代码相同的签名(使用默认的SunJCE / SunRsaSign提供程序).

SunMSCAPI提供商supports the NONEWithRSA algorithm具有限制.引用sun.security.mscapi.RSASignature javadoc：

NOTE: NONEwithRSA must be supplied with a pre-computed message digest.
Only the following digest algorithms are supported: MD5,SHA-1,
SHA-256,SHA-384,SHA-512 and a special-purpose digest algorithm which
is a concatenation of SHA-1 and MD5 digests.

其中一见钟情可能适用于这种情况.不幸：

Signature mscapiSignatureNoneWithRSA = Signature.getInstance("NONEwithRSA","SunMSCAPI");
mscapiSignatureNoneWithRSA.initSign(mscapiPrivKey);
mscapiSignatureNoneWithRSA.update(btHash);
byte[] mscapiSignatureNoneWithRSA_btHash = mscapiSignatureNoneWithRSA.sign();

提供不同的签名：

CE26A9F84A85037856D8F910141CE7F68D6CAAB416E5C2D48ACD9677BBACCB46B41500452A79018A22AB1CA866DD878A76B040A343C1BABCDB683AFA8CE1A6CCCA48E3120521E8A7E4F8B62B453565E6A6DC08273084C0748C337724A84929630DC79E2EB1F45F5EEBA2148EC0CA5178F2A232A2AE8A5D22BB06C508659051CD1F5A36951B60F6322C5AEB5D4461FABE4D84E28766501A1583EC2A5D8553C163EC8DB9E80EF972233516BEC50AAC38E54C8B5E3B3DEAE90F37A1D230CD976ABEEE97A4601461E842F0F548DA7A74645AAB42586044B084E6A9F3EFE409EE12D98EB0B16CDC2C0AB75BF5DC9B52EBB7E3303C53A2B1BDF14000B99112B1871A6A

其中只包含PKCS#1 v1.5填充的哈希值(没有ASN.1 DigestInfo序列/在这种情况下是错误的)：

0001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00579116B63E065883248C0716DA6A034D23370B321CA080081F4203818E543AC6

尝试从SunJCE示例中签署DigestInfo提供了一个例外：

java.security.SignatureException: Message digest is too long

(Here和here是这种行为的原因.)

使用RSA私钥加密生成签名的另一种方法,它与SunJCE提供者(使用与上述相同的asn变量)提供与C#代码相同的签名：

Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
cipher.init(Cipher.ENCRYPT_MODE,privKey);
byte[] ret = cipher.doFinal(asn);

不适用于SunMSCAPI提供程序：

cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding","SunMSCAPI");
cipher.init(Cipher.ENCRYPT_MODE,mscapiPrivKey);
byte[] ret = cipher.doFinal(asn1);

如它所示：

4A540DFAD44EBDAE89BF5DD52121DA831E7C394E0586DC9EAEF949C466E649979E19DF81A44801EBD80B8946605B4EFCED53011A844A3A4E023136F0CDEAA57EAAB1EA1FA75400B3B2D5FAB3955BEB13A178AC03DED6AACA0571412B74BCE30E772082A368B58E94D8E20D8F2A116BA5B3881824A014281E9F04BD687C087ACF7164CAF7C74274BA356A671ADA2BB4142504DB2883AFEDA563C6E590BC962725D6697402AB24391409F50D7D16B8BF64A1C0224C379EF9C7B8E493BE889A70674C3AEEC524366DBF9DE36FEE01F186FC00DE2F06096C46CC873D37E194CB217FBFCCF450C1F96C804022E25E1589DF67247927AAD59C66294B027DD5EE991D46

使用公共密钥进行解密是一个废话：

3A9E0F985D1CF2CFDB45F201A68EF0F241ADBAED2D945FD36451CB4BE77D9B30D977004F95E6EDC208805E62870CD19D87C5E7F4E4C1AC2546F7F9C410299C9D203C47C2B547BAA55DA05C44DACB7E07C3F0DB99AE291E48A67EE089F8DA34EB1AABE352A7F94B082CFB167C0FE90761B79FCE238A0F3D0D917CA51220EEA9A43877703FC06CDC1F13A77CA9904E3660F7AD84DE0C34C877B737C20B1A117E60D69E6766054A30B95E6E88CF2C11AEE5CE30F2DD780C0334BE085302E73E0E5BB096893B7155E7A48CA16DD5EA9FC6F63090F7223E7FBAAA133BDFDA7251F412E395F4D8A462569BC5DCC34C2DF7D996BB3278C3F6B0E1EE9E729925937C8BAE

但是(更有趣的是)当使用私钥解密时,包含一个有效的PKCS#1 v1.5填充加密明文：

000211F7946FAD6BDB18830F8DD1238FD7EFCCFF041D55B88FBABDAAA6B06A5E9FD7556EB33678D9954D26E07B2FCE6D7304386DBDFC352C9932E2BA1794A3A0E0F6D78AA656DEB36CC483171A77ABF34408F4BF60661ECA79852B8E39C1A710976208FFBF6BE0DFB566149E6C5838762316F394B70BDF6D494F8C43C42CB6E527292DEF9204712CB24AC82C572BBC0E70A298D5FB050A27B54AFFA1332EEF37A14E65D379968BCE717BEC37C67A180DE943AAF2FE83560D33BC588E11B85D1C3391CCB13E4A80F57166BAC9003031300D060960864801650304020105000420579116B63E065883248C0716DA6A034D23370B321CA080081F4203818E543AC6

这意味着SunMSCAPI虽然为加密操作提供了一个私钥,但是使用公钥部分(我没有详细介绍实现细节来找出这个原因).

所以(AFAIK)SunMSCAPI提供程序不能直接在你的场景中使用…

(请注意,对于每次加密运行,您将获得不同的结果,因为PKCS#1 v1.5加密填充包含随机数据)

幸运的是有一些替代选择：

[A]滥用SunMSCAPI内部API执行这样的签名(再次借助Apache Commons Lang)：

// Obtain the handles
long hCryptKey = (Long)MethodUtils.invokeMethod(mscapiPrivKey,"getHCryptKey");
long hCryptProvider = (Long)MethodUtils.invokeMethod(mscapiPrivKey,"getHCryptProvider");
// Call the internal native method
Class<?> internalClass = Class.forName("sun.security.mscapi.RSASignature");
Method internalSignHashMethod = internalClass.getDeclaredMethod("signHash",boolean.class,byte[].class,int.class,String.class,long.class,long.class);
internalSignHashMethod.setAccessible(true);
byte[] res = (byte[])internalSignHashMethod.invoke(internalClass,false,btHash,btHash.length,"SHA-256",hCryptProvider,hCryptKey);
ArrayUtils.reverse(res); // Make it big endian

>其中的结果与C#代码相同.
>但是强烈依赖于可以随时改变的基础SunMSCAPI实现

[B]使用JNI/JNA直接调用winapi函数

>哪个是一个更清洁的方法,因为它取决于一个公共API
>我找到了this project,但还没有试过

祝你好运！

附录：RSA私钥在示例中使用：

（编辑：李大同）

【声明】本站内容均来自网络，其相关言论仅代表作者个人观点，不代表本站立场。若无意侵犯到您的权利，请及时与联系站长删除相关内容!