An Dương
Reputation: 369
Verify data with Signature public key RSA java
I have simple text.
Then i encrypt this text with Cipher RSA.
But when verify this text with encrypt text by Signature it always return false.
Generate key pair:
KeyPairGenerator keyPairGen = KeyPairGenerator.getInstance("RSA");
keyPairGen.initialize(2048);
KeyPair kp = keyPairGen.generateKeyPair();
Plain text:
byte[] plaintext = "a".getBytes(StandardCharsets.UTF_8);
Encrypt text using RSA:
Cipher cipher = Cipher.getInstance("RSA");
cipher.init(Cipher.ENCRYPT_MODE, kp.getPublic());
byte[] encryptText = cipher.doFinal(plaintext);
Verify data using Signature:
Signature sig = Signature.getInstance("SHA256withRSA");
sig.initVerify(kp.getPublic());
sig.update(plaintext);
boolean result = sig.verify(encryptText);
System.out.println(result);
Why this code always return false? How to verify right way?
Upvotes: 4
Views: 6517
Answers (1)
Wajdy Essam
Reputation: 4340
In digital signature, you sign (encrypt) the hash of the data using your private key.
You could use Signature class, it will handle the hasing of the data:
public static void main(String[] args) throws Exception {
String message = "Digital Signature Example";
byte[] messageBytes = message.getBytes("UTF8");
// Key generation
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
keyGen.initialize(2048);
KeyPair key = keyGen.generateKeyPair();
// sign
Signature sig = Signature.getInstance("SHA256WithRSA");
sig.initSign(key.getPrivate());
sig.update(messageBytes);
byte[] signature = sig.sign();
// verification
sig.initVerify(key.getPublic());
sig.update(messageBytes);
boolean result = sig.verify(signature);
// result
System.out.println("Message = " + message);
System.out.println("Signature = "
+ Base64.getEncoder().encodeToString(signature));
System.out.println("Verification Result = " + result);
}
Or you could encrypt/decrypt by using cipher class:
public static void main(String[] args) throws Exception {
String message = "Digital Signature Example";
byte[] messageBytes = message.getBytes("UTF8");
// Key generation
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
keyGen.initialize(2048);
KeyPair key = keyGen.generateKeyPair();
// sign
Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
cipher.init(Cipher.ENCRYPT_MODE, key.getPrivate());
byte[] messageHash = SHA(message);
byte[] signature = cipher.doFinal(messageHash);
// verification
Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
cipher.init(Cipher.DECRYPT_MODE, key.getPublic());
byte[] decryptedMessageHash = cipher.doFinal(signature);
byte[] messageHash = SHA(message);
boolean result = Arrays.equals(decryptedMessageHash, messageHash);
System.out.println("Message = " + message);
System.out.println("Signature = "
+ Base64.getEncoder().encodeToString(signature));
System.out.println("Verification Result = " + result);
}
private static byte[] SHA(String message) throws Exception {
MessageDigest digest = MessageDigest.getInstance("SHA-512");
digest.update(message.getBytes("UTF8"));
return digest.digest();
}
Upvotes: 7
Related Questions
- How to validate a public and private key pair in Java
- RSA Java complaint signing and verfiying
- RSA key signing and verifying in Java(Android)
- RSA Signing and verifying in java
- Signing and verifying with java android
- java signature verification
- Verifying a signature with a public key
- how to do verify using java.security.Signature
- Verifying a signature in java using a certificates public key
- Getting public key from digital signature