Java SHA256withRSA 它做什么以及按什么顺序?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/21018355/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
SHA256withRSA what does it do and in what order?
提问by Whyser
I'm a total newbie when it comes to cryptography and such things. I don't (and dont want to) know the details of the SHA256 and RSA. I "know" what they do, not how they do it, and for now that's enough.
说到密码学之类的东西,我完全是个新手。我不(也不想)知道 SHA256 和 RSA 的详细信息。我“知道”他们在做什么,而不是他们是如何做的,现在就足够了。
I'm wondering what the "SHA256withRSA"-algorithm (if you can call it that) actually do and in what order. For example, does it hash the data with SHA256 and then encrypts it using RSA or is it vice-versa, or something else?
我想知道“SHA256withRSA”算法(如果你可以这样称呼它)实际上是做什么的以及以什么顺序。例如,它是使用 SHA256 对数据进行哈希处理,然后使用 RSA 对其进行加密,还是反之亦然,或者其他什么?
The reason I'm asking is because I wanna do the java equivalent of:
我问的原因是因为我想做 java 相当于:
Signature.getInstance("SHA256withRSA")
signature.initSign(privateKey); //privateKey == a key extracted from a .p12 file
in Objective-C on iOS. And I couldn't seem to find any stuff that does exactly this, therefore I'm asking, can I just hash the data (SHA256) and then encrypt it (RSA) (or vice-versa) and get the same behavior?
在 iOS 上的 Objective-C 中。而且我似乎找不到任何可以做到这一点的东西,因此我问,我可以只对数据进行哈希处理(SHA256)然后对其进行加密(RSA)(反之亦然)并获得相同的行为吗?
What is the suggested solution for doing this kind of thing?
做这种事情的建议解决方案是什么?
Thank you!
谢谢!
EDIT: I failed to mention that I sign the data using a private key that is obtained by doing:
编辑:我没有提到我使用通过以下方式获得的私钥对数据进行签名:
KeyStore keystore = KeyStore.getInstance("PKCS12");
keystore.load(new FileInputStream(new File(filename)), password.toCharArray());
PrivateKey privateKey = (PrivateKey)keystore.getKey(alias, password.toCharArray());
Where filename is for example: "/somewhere/mykey.p12".
其中文件名是例如:“/somewhere/mykey.p12”。
采纳答案by Maarten Bodewes
"SHA256withRSA"implements the PKCS#1 v1.5 padding and modular exponentiation with the formal name RSASSA-PKCS1-v1_5after calculating the hash over the data using SHA256.
"SHA256withRSA"在使用 SHA256 计算数据的散列后,使用正式名称RSASSA-PKCS1-v1_5实现 PKCS#1 v1.5 填充和模幂运算。
So the general order is:
所以一般顺序是:
- hashing;
- padding the hash for signature generation;
- modular exponentiation using the private exponent and the modulus.
- 散列;
- 填充哈希以生成签名;
- 使用私有指数和模数进行模幂运算。
The padding used for encryption and signature generation is different, so using encryption may result in erroneous signatures.
用于加密和签名生成的填充是不同的,因此使用加密可能会导致错误的签名。
The PKCS#1 v1.5 padding scheme has been superseded by PSS. For new protocols it is advisable to use the PSS scheme instead. For RSA a very readable public standard exists. This standard has also been used as a base for RFC 3447: Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1(which is basically a copy).
PKCS#1 v1.5 填充方案已被 PSS 取代。对于新协议,建议改用 PSS 方案。对于 RSA,存在一个非常易读的公共标准。该标准还被用作RFC 3447:公钥密码学标准 (PKCS) #1:RSA 密码学规范 2.1 版(基本上是副本)的基础。
With regards to the padding in iOS, please check this answerby Thomas Pornin. Basically you should create the SHA-256 hash, prefix a static block of data (defined in the PKCS#1 specifications) then use SecKeyRawSignusing kSecPaddingPKCS1.
关于 iOS 中的填充,请查看Thomas Pornin 的这个答案。基本上,您应该创建 SHA-256 哈希,为静态数据块(在 PKCS#1 规范中定义)添加前缀,然后使用SecKeyRawSignusing kSecPaddingPKCS1.
For your convenience, the PKCS#1 defined block of data that needs to be prefixed in hex notation for SHA-256 (it can be bit hard to find in the standard documents, it's in the notes of section 9.2):
为方便起见,PKCS#1 定义的数据块需要以 SHA-256 的十六进制表示法作为前缀(在标准文档中可能很难找到,它在第 9.2 节的注释中):
30 31 30 0D 06 09 60 86 48 01 65 03 04 02 01 05 00 04 20
Notes:
笔记:
- The above steps do not include the conversion from bytes to integer and vice versa. The result of raw RSA operations are generally converted to an unsigned big endian encoding with the same size of the modulus in bytes (which is generally the same as the key size, as the key size is already a multiple of 8). These conversions are called I2OSP and OS2IP in the RFC's.
- 上述步骤不包括从字节到整数的转换,反之亦然。原始 RSA 操作的结果通常转换为无符号大端编码,其模数大小相同,以字节为单位(通常与密钥大小相同,因为密钥大小已经是 8 的倍数)。这些转换在 RFC 中称为 I2OSP 和 OS2IP。
