How to use created openssl artifacts (Signature and RSA public key in x509)
from Java to verify signature of the contents of a file.
I ran into problems doing this so I am posting it for others in the future.
I use openssl to create artifacts
a signature for a file contents and
an RSA key in an x509 certificate.
But I am required to use Java to verify the file contents using javax API.
/*****************************************************
This will read the X509 certificate RSApublic.x509.1
created by the openssl commands and print out information about it.
Then Open binary saved signature file using the public key and verify the
contents
of a file.
*****************************************************/
import java.util.Date;
import java.io.*;
import java.security.cert.X509Certificate;
import java.security.*;
import java.security.cert.*;
public class sample {
public static PublicKey x509GetPublic(String filename){
try{
File f = new File(filename);
FileInputStream fis = new FileInputStream(f);
BufferedInputStream ksbufin = new BufferedInputStream(fis);
X509Certificate certificate = (X509Certificate)
CertificateFactory.getInstance("X.509").generateCertificate(ksbufin);
if (certificate!= null){
System.out.println("yes we can open it \n");
}
Principal p= certificate.getIssuerDN();
System.out.println("DN: "+p.getName()+"\n");
Date d= certificate.getNotAfter();
if (d!=null)
System.out.println("got Not After Date \n"+d.toString());
PublicKey pubkey= certificate.getPublicKey();
if (pubkey!=null)
System.out.println("\n got public key \n");
System.out.println("public key format is "+pubkey.getFormat());
return pubkey;
}catch (Exception e){
e.printStackTrace();
}
return null;
}
public static byte[] SHA1(String filename)throws Exception {
MessageDigest md = MessageDigest.getInstance("SHA-1");
FileInputStream fis = new FileInputStream(filename);
byte[] dataBytes = new byte[1024];
int nread = 0;
while ((nread = fis.read(dataBytes)) != -1) {
md.update(dataBytes, 0, nread);
};
byte[] mdbytes = md.digest();
System.out.println("SHA1 Length is "+mdbytes.length);
return mdbytes;
}
static void hexout(byte[] mdbytes){
StringBuffer sb = new StringBuffer();
for (int i = 0; i < mdbytes.length; i++) {
sb.append(Integer.toString((mdbytes[i] & 0xff) + 0x100,
16).substring(1));
}
System.out.println("Hex format : " + sb.toString());
}
/****************************
The signature algorithm with SHA-* and the RSA encryption algorithm as
defined in the OSI Interoperability Workshop, using the padding
conventions described in PKCS #1.
SHA1withRSA
SHA256withRSA
SHA384withRSA
SHA512withRSA
The ECDSA signature algorithms as defined in ANSI X9.62.
Note:"ECDSA" is an ambiguous name for the "SHA1withECDSA" algorithm and
should not be used. The formal name "SHA1withECDSA" should be used instead.
NONEwithECDSA
SHA1withECDSA
SHA256withECDSA
SHA384withECDSA
SHA512withECDSA
*****************************/
static public void checkSignature(PublicKey pubkey, byte[] bytes,
byte[] sigToVerify){
try{
// Signature sig = Signature.getInstance("SHA256withRSA"); //,
"SUN");
Signature sig = Signature.getInstance("SHA1withRSA");
//,"SUN");
sig.initVerify(pubkey);
sig.update(bytes, 0, bytes.length);
boolean verifies = sig.verify(sigToVerify);
System.out.println("signature verifies: " + verifies);
}catch (Exception e){
e.printStackTrace();
}
}
/**
* @param args
*/
public static void main(final String[] args) {
System.out.println("hello\n");
try{
/**
* Get public key from X509 cert
**/
PublicKey pubkey=x509GetPublic("RSApublic.x509.1");
/**
* Make MessageDigest from file contents: DO NOT DO THIS
byte[] mdbytes=SHA1("landscape.steg.jpg");
hexout(mdbytes);
**/
/**
* Get contents of file Java will compute the SHA1
*/
FileInputStream sigfis = new FileInputStream("landscape.steg.jpg");
byte[] data = new byte[sigfis.available()];
int datan= sigfis.read(data);
System.out.println("read content BYTES "+datan);
sigfis.close();
/**
* Read Signature into bytes
**/
sigfis = new FileInputStream("landscape.steg.jpg.rsasigned");
int len=sigfis.available();
System.out.println("Signature length is "+len);
byte[] sigToVerify = new byte[len];
int n= sigfis.read(sigToVerify);
System.out.println("read SIGNATURE BYTES "+n);
sigfis.close();
/**
* Check signature with public key, Message Digest of file and its
signature
**/
checkSignature( pubkey, data, sigToVerify);
}catch (Exception e) {
e.printStackTrace();
}
}
}
--
View this message in context:
http://old.nabble.com/Use-openssl-artifacts-RSA_sign%28%29-%28signature%29--and-Java-to-verify-tp34621837p34621837.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
