問題描述

所以我試圖在 Java 中生成一個 ECDSAwithHA256 簽名，為此，我正在使用 BouncyCastle 提供程序.曲線是 secp521r1.

So I am trying to generate an ECDSAwithHA256 signature in Java, and for that, I am using the BouncyCastle provider. The curve is a secp521r1.

初始化我正在使用的簽名者:

To initalize the signer I am using:

public static final String SIGNATURE_ALGORITHEM = "SHA256withECDSA";

public void init() {
    signer = Signature.getInstance(SIGNATURE_ALGORITHEM, BouncyCastleProvider.PROVIDER_NAME);
    signer.initSign(privKey);
}

我正在使用簽名

public byte[] sign(byte[] bytes) throws SignatureException {
        signer.update(bytes);
        byte[] signature = signer.sign();
        System.out.println("Signature lenght is " + signature.length);
        return signature;
}

現(xiàn)在唯一的問題是，當(dāng)我運行代碼時，我得到長度在 137 到 139 字節(jié)之間的簽名.但我希望總是得到相同數(shù)量的字節(jié).有人知道我必須改變什么嗎，我的簽名長度始終相同，但仍然是標(biāo)準(zhǔn)化的簽名格式?

The only problem now is, that when I am running the code, I get signatures with a length between 137 and 139 byte. But I expected to get always the same amount of bytes. Does somebody know what I have to change, that I have always the same signature length, but still a standardized signature format?

推薦答案

Java 加密通常，Bouncy 默認使用可變長度的 ASN.1 DER 對 ECDSA(也稱為 DSA)簽名進行編碼.查看近乎 ECDSA 簽名長度 和交叉 https://crypto.stackexchange.com/questions/33095/shouldnt-a-signature-using-ecdsa-be-exactly-96-bytes-not-102-or-103 .

Java crypto normally, and Bouncy by default, encodes ECDSA (also DSA) signatures using ASN.1 DER which is variable length. See neardupe ECDSA signature length and cross https://crypto.stackexchange.com/questions/33095/shouldnt-a-signature-using-ecdsa-be-exactly-96-bytes-not-102-or-103 .

幸運的是，Bouncy(1.51 以上)還以 {hash}withPLAIN-ECDSA 或 {hash}withCVC- 的名稱實現(xiàn)了 P1363 風(fēng)格的固定長度編碼ECDSA(也用斜線代替 with).在這種情況下，CVC 顯然是指卡可驗證證書，盡管我不認為簽名編碼是有限設(shè)備證書驗證中最難的部分.

Fortunately for you however, Bouncy (1.51 up) also implements P1363-style fixed-length encoding under the names {hash}withPLAIN-ECDSA or {hash}withCVC-ECDSA (and also substituting a slash for with). CVC in this context apparently means Card Verifiable Certificate, although I would not have thought the signature encoding is anywhere near the hardest part of cert verification for a limited device.

更新:Bouncy 1.61 (2019-02) 修復(fù)了評論中提到的普通"編碼中的錯誤.此外，在 Java 9 (2018-12) 中，標(biāo)準(zhǔn) (Oracle) SunEC 提供程序支持此格式為 {hash}withECDSAinP1363format

Updates: Bouncy 1.61 (2019-02) fixes the bug in 'plain' encoding mentioned in comments. Also, in Java 9 (2018-12) up the standard (Oracle) SunEC provider supports this format as {hash}withECDSAinP1363format

這篇關(guān)于Java ECDSAwithSHA256 簽名長度不一致的文章就介紹到這了，希望我們推薦的答案對大家有所幫助，也希望大家多多支持html5模板網(wǎng)！