java签名和签名数据
签名和签名数据有什么区别?我需要把它们传递到另一边。
我确实有代码:
private static byte[] sign(byte[] data) {
byte[] signedData = null;
try {
java.security.KeyStore keyStoreFile = java.security.KeyStore.getInstance("PKCS12");
keyStoreFile.load(new FileInputStream("keyStore.pfx"),
"password".toCharArray());
PrivateKey privateKey = (PrivateKey) keyStoreFile.getKey(
"alias", "password".toCharArray());
Signature dsa = Signature.getInstance("SHA1withRSA");
dsa.initSign(privateKey);
dsa.update(data);
signedData = dsa.sign();
} catch (Exception e) {
e.printStackTrace();
}
return signedData;
}
那么 signedData 是签名还是签名数据?我需要生成并发布它们,但我不明白其中的区别。请指教。谢谢。
What is the difference between signature and signed data? I need to pass them to other side.
I do have code:
private static byte[] sign(byte[] data) {
byte[] signedData = null;
try {
java.security.KeyStore keyStoreFile = java.security.KeyStore.getInstance("PKCS12");
keyStoreFile.load(new FileInputStream("keyStore.pfx"),
"password".toCharArray());
PrivateKey privateKey = (PrivateKey) keyStoreFile.getKey(
"alias", "password".toCharArray());
Signature dsa = Signature.getInstance("SHA1withRSA");
dsa.initSign(privateKey);
dsa.update(data);
signedData = dsa.sign();
} catch (Exception e) {
e.printStackTrace();
}
return signedData;
}
So is signedData a signature or signed data? I need to generate and post them both, but I don't understand the difference. Please advise. Thanks.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
来自 Signature.sign 的 javadoc:
因此,这绝对不是签名数据,而只是使用
update方法提供的数据的签名。From the javadoc of Signature.sign:
So this is definitely not signed data but only the signature for the data supplied using the
updatemethod.在您的示例中,
data是原始数据,即您想要签名的数据。signedData是签名数据。如果您使用相同的私钥和相同的数据,您将始终获得相同的signedData。将
data和signedData捆绑在一起后,我认为您可以将生成的捆绑包称为“签名数据”。原始数据是您想要提供的数据,而签名数据是您或任何其他人可以确认原始数据未被更改的方式。也就是说,要使用原始数据,只需要原始数据即可;为了验证数据没有被更改,您需要原始数据、签名数据和公钥。 (公钥必须与用于生成签名数据的私钥相匹配。)为了使验证操作成功,验证软件需要具有与原始签名操作完全相同的输入作为输入有。因此,无论将原始数据和签名数据捆绑在一起,您都需要注意不要添加或删除数据的任何部分。
您可以将原始数据放入一个文件中,将签名数据放入另一个文件中,然后制作 zip 存档或任何其他类型的存档。您可以对两者进行 Base64 编码,并将它们放在带有分隔符的文本文件中。任何。但数据的最终用户需要原始数据、签名数据和公钥来验证原始数据是否正确。
In your example,
datais the original data, what you want to sign.signedDatais the signature data. If you use the same private key and the samedatayou will always get the samesignedDataout.Once you bundle together
dataandsignedDataI think you can call the resulting bundle the "signed data". The original data is what you want to make available, and the signature data is how you or anyone else can confirm that the original data hasn't been altered. In other words, in order to use the original data, you just need the original data; in order to verify that the data hasn't been changed, you need the original data, the signature data, and the public key. (The public key has to be the one that matches the private key that was used to generate the signature data.)For the verify operation to succeed, the verify software needs to have, as input, the exact same input that the original signing operation had. So however you bundle together the original data and the signature data, you need to be careful not to add or delete any part of the data.
You could put the original data in a file, the signature data in another file, and make a zip archive or any other sort of archive. You could Base64-encode both and put them together in a text file with delimiters. Whatever. But the end-user of the data needs the original data, the signature data, and the public key to verify that the original data is correct.