使用椭圆曲线加密技术验证签名
我需要验证包含多个值的消息的签名。我唯一的参数是签名、公钥和值本身。用于创建签名的算法是 192 位的椭圆曲线加密算法。我已经尝试在网上查找代码示例,但我没有找到适合这种情况的任何内容。
有没有人有使用java验证该算法的经验?您能否提供代码或示例链接?
感谢您的帮助!
I need to verify a signature of a message which contains several values. The only parameters I have are the signature, the public key and the values itself. The algorithm used for creating the signature is eliptic curve cryptography with 192 bit. I allready tried to find code examples on the net but I didn't find anything for this case.
Has anybody experiences with this algorithm using java for verification? Could you please provide code or a link to an example?
Thank you for your help!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
您在那里的信息有点缺乏......
有几种使用椭圆曲线的签名方案,但最广泛的(到目前为止)是 ECDSA。然后,您必须担心以下几点:
签名对位序列进行操作。每个数据位都必须正确。在这里,您有“值”,因此必须将这些值编码为位(或字节)序列。要验证签名,您必须使用与生成签名相同的编码。
ECDSA 首先使用加密哈希函数对输入数据进行哈希处理。同样,您必须使用与生成签名相同的签名。作为一个疯狂的猜测,我想说哈希函数可能是 SHA-1。< /p>
ECDSA 在椭圆曲线中运行。曲线大小不足以定义曲线:有很多192位曲线。然而,由于定义自己的曲线很困难,因此大多数人使用 FIPS 186-3。这 15 条曲线中的一条具有“192 位大小”(称为“P-192”),因此签名很可能使用该曲线。
ECDSA 公钥是曲线点的编码。名义上,曲线点是一对整数(X, Y)(这些是点的“坐标”)。这些整数来自曲线所在的基域;对于 P-192 曲线,坐标是 192 位整数。这样的公钥的“正常”编码是一个 49 字节的字符串:第一个字节是 0x02,后面是 X 的大端无符号编码(24 字节),然后是无符号Y 的编码(24 字节)。其他编码也是可能的。
ECDSA 签名形式上由两个整数值组成,通常称为 r 和 s(也是 192 位整数)。同样,您拥有的签名可能是一个字节序列,它是两个整数的编码。有两种常见的编码,一种是两个值的原始大端无符号编码(因此是 48 字节签名),另一种使用 ASN.1(对于长度为 53 或 54 字节等的签名)。
正如 @Ashkan 所建议的,使用 Bouncy Castle 是个好主意。但是,正如您所看到的,对于您的情况需要做很多假设。如果您想彻底了解正在发生的情况,请购买 ANSI X9.62:2005(ECDSA 标准)。请注意,数学内容相当繁重。
You are a bit short on information there...
There are several signature schemes which use elliptic curves, but the most widespread (by far) is ECDSA. You must then worry about the following points:
Signature operates on a sequence of bits. Every single data bit must be correct. Here, you have "values" so there must be an encoding of those values into a sequence of bits (or bytes). To verify the signature, you must use the same encoding than the one used to generate the signature.
ECDSA begins by hashing the input data with a cryptographic hash function. There again, you must use the same one than what was used for generating the signature. As a wild guess, I would say that the hash function is probably SHA-1.
ECDSA operates in an elliptic curve. The curve size is not enough to define the curve: there are many 192-bit curves. However, since defining your own curve is hard, most people use one curve among the 15 curves defined in FIPS 186-3. One of those 15 curves has a "192-bit size" (it is called "P-192") so chances are that the signature uses that curve.
An ECDSA public key is the encoding of a curve point. A curve point is, nominally, a pair of integers (X, Y) (these are the "coordinates" of the point). These integers are from the base field in which the curve lives; for the P-192 curve, the coordinates are 192-bit integers. The "normal" encoding for such a public key is then a 49-byte string: the first byte will be 0x02, followed by the big-endian unsigned encoding of X (24 bytes), then the unsigned encoding of Y (24 bytes). Other encodings are possible.
An ECDSA signature formally consists in two integer values, usually called r and s (192-bit integers too). There again, the signature you have is probably a sequence of bytes which is an encoding of the two integers. There are two common encodings, one being a raw big-endian unsigned encoding of both value (hence a 48-byte signature), the other using ASN.1 (for a signature of length 53 or 54 bytes, or so).
Using Bouncy Castle, as @Ashkan suggests, is a good idea. But, as you see, there are quite a lot of assumptions to do about your situation. If you want to gain a thorough understanding of what is going on, buy a copy of ANSI X9.62:2005 (the ECDSA standard). Be warned that the mathematical contents are quite heavy.
您可以使用 Bouncy Castle 库。
请参阅http://www.bouncycastle.org/wiki/display/JA1/使用+椭圆+曲线
You can probably use Bouncy Castle library.
See http://www.bouncycastle.org/wiki/display/JA1/Using+Elliptic+Curve