Java ECDSAwithSHA256 签名长度不一致

所以我试图在 Java 中生成一个 ECDSAwithHA256 签名,为此,我正在使用 BouncyCastle 提供程序.曲线是 secp521r1.

So I am trying to generate an ECDSAwithHA256 signature in Java, and for that, I am using the BouncyCastle provider. The curve is a secp521r1.

初始化我正在使用的签名者:

To initalize the signer I am using:

public static final String SIGNATURE_ALGORITHEM = "SHA256withECDSA";

public void init() {
    signer = Signature.getInstance(SIGNATURE_ALGORITHEM, BouncyCastleProvider.PROVIDER_NAME);
    signer.initSign(privKey);
}

我正在使用签名

public byte[] sign(byte[] bytes) throws SignatureException {
        signer.update(bytes);
        byte[] signature = signer.sign();
        System.out.println("Signature lenght is " + signature.length);
        return signature;
}

现在唯一的问题是,当我运行代码时,我得到长度在 137 到 139 字节之间的签名.但我希望总是得到相同数量的字节.有人知道我必须改变什么吗,我的签名长度始终相同,但仍然是标准化的签名格式?

The only problem now is, that when I am running the code, I get signatures with a length between 137 and 139 byte. But I expected to get always the same amount of bytes. Does somebody know what I have to change, that I have always the same signature length, but still a standardized signature format?

推荐答案

Java 加密通常,Bouncy 默认使用可变长度的 ASN.1 DER 对 ECDSA(也称为 DSA)签名进行编码.查看近乎 ECDSA 签名长度 和交叉 https://crypto.stackexchange.com/questions/33095/shouldnt-a-signature-using-ecdsa-be-exactly-96-bytes-not-102-or-103 .

Java crypto normally, and Bouncy by default, encodes ECDSA (also DSA) signatures using ASN.1 DER which is variable length. See neardupe ECDSA signature length and cross https://crypto.stackexchange.com/questions/33095/shouldnt-a-signature-using-ecdsa-be-exactly-96-bytes-not-102-or-103 .

幸运的是,Bouncy(1.51 以上)还以 {hash}withPLAIN-ECDSA{hash}withCVC- 的名称实现了 P1363 风格的固定长度编码ECDSA(也用斜线代替 with).在这种情况下,CVC 显然是指卡可验证证书,尽管我不认为签名编码是有限设备证书验证中最难的部分.

Fortunately for you however, Bouncy (1.51 up) also implements P1363-style fixed-length encoding under the names {hash}withPLAIN-ECDSA or {hash}withCVC-ECDSA (and also substituting a slash for with). CVC in this context apparently means Card Verifiable Certificate, although I would not have thought the signature encoding is anywhere near the hardest part of cert verification for a limited device.

更新:Bouncy 1.61 (2019-02) 修复了评论中提到的普通"编码中的错误.此外,在 Java 9 (2018-12) 中,标准 (Oracle) SunEC 提供程序支持此格式为 {hash}withECDSAinP1363format

Updates: Bouncy 1.61 (2019-02) fixes the bug in 'plain' encoding mentioned in comments. Also, in Java 9 (2018-12) up the standard (Oracle) SunEC provider supports this format as {hash}withECDSAinP1363format

相关文章