implementation 'ch.dissem.jabit:jabit-cryptography-bouncy:1.0.1'
public void verifySignature() throws Exception {
PemReader reader=publicKeyReader();
InputStream data = data();
// InputStream signatureData = signature();
final PemObject publicKeyPem = reader.readPemObject();
final byte[] publicKeyBytes = publicKeyPem.getContent();
final KeyFactory keyFactory = KeyFactory.getInstance("RSA");
final X509EncodedKeySpec publicKeySpec = new X509EncodedKeySpec(publicKeyBytes);
final RSAPublicKey publicKey = (RSAPublicKey) keyFactory.generatePublic(publicKeySpec);
final Signature signature = Signature.getInstance("SHA256withRSA");
signature.initVerify(publicKey);
final byte[] buffy = new byte[16 * 1024];
int read = -1;
while ((read = data.read(buffy)) != -1) {
signature.update(buffy, 0, read);
}
byte[] signatureBytes = new byte[publicKey.getModulus().bitLength() / 8];
// signatureData.read(signatureBytes);
String tmp="mafxI8/zMvfMvQQxOvOPJz6xF+6DroYv4LzQ+arc+gBlqS09m5TfxHx9GnIDRgjrxBef4aQ4HIf7wvWJCrkwWmaHaSI7F6xAwN5kaTXfjygiYYEH8lLlHuLQaoouBZLWxYAzP3vnmNPVzfBNrXh6a5CTqBFbX43/9rX5cpmvx6lY4nbSCvIle2vYNgCi7HJtRqfBPxGjRZXdIdJk0lDjCSZfgfBQHLBEed8XxkUQFCkFlHN5Jx7Pp13aiJ3kY1lmoFmxVb95HDbcLZdSQDUit3T94gc7OsazdBDrvmLlxGzxUeuU7aaxa0dSCUH1yGr1DceKU5lywr1aiRsaZYxjg9ynRPzBXpf3l6TReilANFvfCGR6tpy4H77Ma/y4cSN2rO7J0Cd12v/D+MV2ITFAM30kZmGbSOe91Fo77ynveZPdwWQzDrjaUHL/sZ5ijDQkz++fNioLohPj7+caQVFE2moEekAUJp+uDzOcJHgi4VivOJ4Riv/seutZ4eIS7vx3jUqRrAzRA6E5SSleIc9GitgC+eePvcFSuI0WLpuxtHo6T6s7kOhzloXWiImP2ED1J+TMgRPtY4snGtlHcILSXuxlFL8PF5mi+W/gOsSMdVtOFKLNLSrb/TPK0Fze1zO1ZGkY+iiplMn+OkGyao3OfbEhuA3vsCVAmASKV3qk5F4=";
InputStream in=new ByteArrayInputStream(Base64.decode(tmp.getBytes(),Base64.NO_WRAP));
byte[] signatureBytes2 = new byte[publicKey.getModulus().bitLength() / 8];
in.read(signatureBytes2);
Log.i("b","1 "+signature.verify(signatureBytes2));
// Log.i("b","2 "+signature.verify(signatureBytes));
}
private InputStream data() throws FileNotFoundException {
return new FileInputStream("/storage/emulated/0/Download/test.zip");
}
private PemReader publicKeyReader() throws FileNotFoundException {
//return new PemReader(new InputStreamReader(new FileInputStream("/storage/emulated/0/Download/publickey.pem")));
try {
return new PemReader(new InputStreamReader(getResources().openRawResource(R.raw.publickey)));
} catch (Exception e) {
e.printStackTrace();
}
return null;
}
private InputStream signature() throws FileNotFoundException {
return new FileInputStream("/storage/emulated/0/test.zip.dgst.signed");
}
data()就是你下載的源文件
publickKeyReader()就是你的public key文件
signature() 就是你的signature文件
tmp是我從服務器上獲取的,然後再用base64解碼,得出的就是和signature文件一樣的內容,所以這個signature文件可以用也可以換成從服務器上直接獲取內容。