情况大概描述下
只有一个pem形式的公钥,以及加密前的字符串,待验证加密结果,现需要用公钥对加密结果做验证
pem文件内容
—–BEGIN PUBLIC KEY—–
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCkNfthC+Ultlm0sNiBAce6NcW4
mujK3jebPuhg8C6Jh4ziXYZCJ/l0qNDgP7PV2lBMDgSG1CoDCEmJlKnXKU2E2nWT
T5AtXkmGREIOGKq+dUjelqDjEiPW4a2aAQp/N0TkdQeBB/mscvyPoHPFkD1O/eL+
wRXOVb+uuszvgBXTiwIDAQAB
—–END PUBLIC KEY—–
遇到的问题集合
1、ObjectIdentifier mismatch: 1.3.14.3.2.26
源代码
Signature signature = Signature.getInstance("MD5WithRSA");
修改过后
Signature signature = Signature.getInstance("SHA1WithRSA");
2、
java.lang.IllegalArgumentException: Illegal base64 character 2d
还有个什么too big 127 的都是需要把pem文件中的首位两行也就是带有”—–”的去掉
贴下最终代码
/** 用公钥做RSA校验
* @param data 加密前字符串
* @param sign 待验证的解密结果
* @param publikKeyPath 公钥路径
* */
public static boolean doVerifyPublicKey(String data, String sign, String publikKeyPath) {
return verify(data.getBytes(),
0,
data.getBytes().length,
getKey(publikKeyPath),
Base64Utils.decodeFromString(sign));
}
/**
* 把pem文件解析为字节流
* @param publikKeyPath pem文件路径
*/
public static byte[] getKey(String publikKeyPath){
byte[] keyBytes = null;
try {
File file = ResourceUtils.getFile("classpath:"+publikKeyPath);
List<String> strLineList = Files.readAllLines(Paths.get(file.toURI()));
StringBuilder builder = new StringBuilder();
for (String string : strLineList){
builder.append(string);
}
return Base64Utils.decodeFromString(builder.toString());
} catch (FileNotFoundException ex) {
logger.error("", ex);
} catch (Exception ex) {
logger.error("", ex);
}
return keyBytes;
}
public static boolean verify(byte[] data, int offset, int length, byte[] publicKeyBytes, byte[] dataSignature) {
boolean result = false;
try {
X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(publicKeyBytes);
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
PublicKey publicKey = keyFactory.generatePublic(x509EncodedKeySpec);
Signature signature = Signature.getInstance("SHA1WithRSA");
signature.initVerify(publicKey);
signature.update(data, offset, length);
result = signature.verify(dataSignature);
} catch (Exception ex) {
logger.error("", ex);
}
return result;
}
另 由于公钥格式、公钥生成时选择的加密方式不同,验证时的代码也不尽相同