Java ECDSAwithSHA256 签名长度不一致
所以我试图在 Java 中生成一个 ECDSAwithHA256 签名,为此,我正在使用 BouncyCastle 提供程序.曲线是 secp521r1.
So I am trying to generate an ECDSAwithHA256 signature in Java, and for that, I am using the BouncyCastle provider. The curve is a secp521r1.
初始化我正在使用的签名者:
To initalize the signer I am using:
public static final String SIGNATURE_ALGORITHEM = "SHA256withECDSA";
public void init() {
signer = Signature.getInstance(SIGNATURE_ALGORITHEM, BouncyCastleProvider.PROVIDER_NAME);
signer.initSign(privKey);
}
我正在使用签名
public byte[] sign(byte[] bytes) throws SignatureException {
signer.update(bytes);
byte[] signature = signer.sign();
System.out.println("Signature lenght is " + signature.length);
return signature;
}
现在唯一的问题是,当我运行代码时,我得到长度在 137 到 139 字节之间的签名.但我希望总是得到相同数量的字节.有人知道我必须改变什么吗,我的签名长度始终相同,但仍然是标准化的签名格式?
The only problem now is, that when I am running the code, I get signatures with a length between 137 and 139 byte. But I expected to get always the same amount of bytes. Does somebody know what I have to change, that I have always the same signature length, but still a standardized signature format?
推荐答案
Java 加密通常,Bouncy 默认使用可变长度的 ASN.1 DER 对 ECDSA(也称为 DSA)签名进行编码.查看近乎 ECDSA 签名长度 和交叉 https://crypto.stackexchange.com/questions/33095/shouldnt-a-signature-using-ecdsa-be-exactly-96-bytes-not-102-or-103 .
Java crypto normally, and Bouncy by default, encodes ECDSA (also DSA) signatures using ASN.1 DER which is variable length. See neardupe ECDSA signature length and cross https://crypto.stackexchange.com/questions/33095/shouldnt-a-signature-using-ecdsa-be-exactly-96-bytes-not-102-or-103 .
幸运的是,Bouncy(1.51 以上)还以 {hash}withPLAIN-ECDSA
或 {hash}withCVC- 的名称实现了 P1363 风格的固定长度编码ECDSA
(也用斜线代替 with
).在这种情况下,CVC 显然是指卡可验证证书,尽管我不认为签名编码是有限设备证书验证中最难的部分.
Fortunately for you however, Bouncy (1.51 up) also implements P1363-style fixed-length encoding under the names {hash}withPLAIN-ECDSA
or {hash}withCVC-ECDSA
(and also substituting a slash for with
). CVC in this context apparently means Card Verifiable Certificate, although I would not have thought the signature encoding is anywhere near the hardest part of cert verification for a limited device.
更新:Bouncy 1.61 (2019-02) 修复了评论中提到的普通"编码中的错误.此外,在 Java 9 (2018-12) 中,标准 (Oracle) SunEC 提供程序支持此格式为 {hash}withECDSAinP1363format
Updates: Bouncy 1.61 (2019-02) fixes the bug in 'plain' encoding mentioned in comments. Also, in Java 9 (2018-12) up the standard (Oracle) SunEC provider supports this format as {hash}withECDSAinP1363format
相关文章