现在做的一个工程中需要对服务端发送过来的签名串进行验签...服务器端是java写的,代码没问题,在windows mobile, android, j2me等系统中已经通过的
但在iphone中使用Security Framework验签却通过不了...SecKeyRawVerify 方法的padding参数 kSecPaddingPKCS1SHA1 返回-50(参数无效), 而用kSecPaddingPKCS1和kSecPaddingNone则返回-9809(文档中并没定义)不知道哪位对这方面有经验的,帮忙出下主意,或换别的签名/验签方式也可以.谢谢服务端java部分的签名/验签代码,用bouncycastle很简单的 @Override
public byte[] createSignature(byte[] rgbHash) {
SHA1Digest dig = new SHA1Digest();
RSADigestSigner signer = new RSADigestSigner(dig); signer.init(true, keyParameter);
signer.update(rgbHash, 0, rgbHash.length); try {
return signer.generateSignature();
} catch (CryptoException e) {
throw new CryptographicException(e);
}
} @Override
public boolean verifySignature(byte[] rgbHash, byte[] rgbSignature) {
SHA1Digest dig = new SHA1Digest();
RSADigestSigner signer = new RSADigestSigner(dig); signer.init(false, keyParameter);
signer.update(rgbHash, 0, rgbHash.length); return signer.verifySignature(rgbSignature);
}
而iphone这边的代码 NSString* cerFilePath = [[NSBundle mainBundle] pathForResource:@"xxxxAgent" ofType:@"cer"];
NSData* cerFileData = [[NSData alloc] initWithContentsOfFile:cerFilePath];
SecCertificateRef certificate = SecCertificateCreateWithData(kCFAllocatorDefault, (CFDataRef)cerFileData);
CFArrayRef certificates = CFArrayCreate(kCFAllocatorDefault, (const void **)&certificate, 1, NULL);
SecTrustRef trust;
SecPolicyRef x509Policy = SecPolicyCreateBasicX509();
OSStatus status = SecTrustCreateWithCertificates(certificates, x509Policy, &trust);
assert (status == noErr);
SecTrustResultType trustResult;
status = SecTrustEvaluate(trust, &trustResult);
assert (status == noErr); NSLog(@"certificate trust result: %d", trustResult); // kSecTrustResultRecoverableTrustFailure etc
SecKeyRef publicKey = SecTrustCopyPublicKey(trust); status = SecKeyRawVerify(publicKey, kSecPaddingPKCS1SHA1, regSignature, regSignatureLen, rgbHash, rgbHashLen); // TODO: check the status
但在iphone中使用Security Framework验签却通过不了...SecKeyRawVerify 方法的padding参数 kSecPaddingPKCS1SHA1 返回-50(参数无效), 而用kSecPaddingPKCS1和kSecPaddingNone则返回-9809(文档中并没定义)不知道哪位对这方面有经验的,帮忙出下主意,或换别的签名/验签方式也可以.谢谢服务端java部分的签名/验签代码,用bouncycastle很简单的 @Override
public byte[] createSignature(byte[] rgbHash) {
SHA1Digest dig = new SHA1Digest();
RSADigestSigner signer = new RSADigestSigner(dig); signer.init(true, keyParameter);
signer.update(rgbHash, 0, rgbHash.length); try {
return signer.generateSignature();
} catch (CryptoException e) {
throw new CryptographicException(e);
}
} @Override
public boolean verifySignature(byte[] rgbHash, byte[] rgbSignature) {
SHA1Digest dig = new SHA1Digest();
RSADigestSigner signer = new RSADigestSigner(dig); signer.init(false, keyParameter);
signer.update(rgbHash, 0, rgbHash.length); return signer.verifySignature(rgbSignature);
}
而iphone这边的代码 NSString* cerFilePath = [[NSBundle mainBundle] pathForResource:@"xxxxAgent" ofType:@"cer"];
NSData* cerFileData = [[NSData alloc] initWithContentsOfFile:cerFilePath];
SecCertificateRef certificate = SecCertificateCreateWithData(kCFAllocatorDefault, (CFDataRef)cerFileData);
CFArrayRef certificates = CFArrayCreate(kCFAllocatorDefault, (const void **)&certificate, 1, NULL);
SecTrustRef trust;
SecPolicyRef x509Policy = SecPolicyCreateBasicX509();
OSStatus status = SecTrustCreateWithCertificates(certificates, x509Policy, &trust);
assert (status == noErr);
SecTrustResultType trustResult;
status = SecTrustEvaluate(trust, &trustResult);
assert (status == noErr); NSLog(@"certificate trust result: %d", trustResult); // kSecTrustResultRecoverableTrustFailure etc
SecKeyRef publicKey = SecTrustCopyPublicKey(trust); status = SecKeyRawVerify(publicKey, kSecPaddingPKCS1SHA1, regSignature, regSignatureLen, rgbHash, rgbHashLen); // TODO: check the status
解决方案 »
免费领取超大流量手机卡,每月29元包185G流量+100分钟通话, 中国电信官方发货