java 数字签名:用于验证和提取认证信息的示例代码
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/6148746/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Digital signature: sample code for verification and for extracting certification information
提问by Amit Kumar Gupta
I use a third party tool to verify signature and to get certificate detail(like serial number, CA etc..) from signature. The problem with this utility is it is licensed and works on certain machines only.
我使用第三方工具来验证签名并从签名中获取证书详细信息(如序列号、CA 等)。此实用程序的问题在于它已获得许可并且仅适用于某些机器。
Can i validate the signature against the data using simple java or .net code?(instead of using paid application). I dont have private key to extract certificate information from signed data.
我可以使用简单的 java 或 .net 代码根据数据验证签名吗?(而不是使用付费应用程序)。我没有从签名数据中提取证书信息的私钥。
Or if someone can suggest sample code in java or .net to extract certificate detail if i have pfx file. Of from signed data.
或者,如果我有 pfx 文件,有人可以建议使用 java 或 .net 中的示例代码来提取证书详细信息。来自签名数据。
Data is signed with asymmetric encryption.
数据使用非对称加密进行签名。
回答by noquery
To extract detail from certificate:
从证书中提取详细信息:
- Make a string which keeps certificate data. Just ensure it has
-----BEGIN CERTIFICATE-----in starting and-----END CERTIFICATE-----in end. - Now use the following code in Java to extract certificate detail.
- 制作一个保存证书数据的字符串。只要确保它
-----BEGIN CERTIFICATE-----在开始和-----END CERTIFICATE-----结束。 - 现在在 Java 中使用以下代码来提取证书详细信息。
InputStream inStream = new ByteArrayInputStream(certString.toString().getBytes("UTF-8"));
BufferedInputStream bis = new BufferedInputStream(inStream);
CertificateFactory cf = CertificateFactory.getInstance("X.509");
Certificate cert = cf.generateCertificate(bis);
X509Certificate xCert = (X509Certificate)cert;
System.out.println("Certificate Type: "+cert.getType());
System.out.println("Public Key: \n"+cert.getPublicKey());
try{
System.out.println("Signature Algorithm"+xCert.getSigAlgName());
System.out.println("IssuerDN : "+xCert.getIssuerDN());
System.out.println("Serial Number : "+xCert.getSerialNumber());
System.out.println("SubjectDN : "+xCert.getSubjectDN());
}catch(Exception exp){
:
}
InputStream inStream = new ByteArrayInputStream(certString.toString().getBytes("UTF-8"));
BufferedInputStream bis = new BufferedInputStream(inStream);
CertificateFactory cf = CertificateFactory.getInstance("X.509");
Certificate cert = cf.generateCertificate(bis);
X509Certificate xCert = (X509Certificate)cert;
System.out.println("Certificate Type: "+cert.getType());
System.out.println("Public Key: \n"+cert.getPublicKey());
try{
System.out.println("Signature Algorithm"+xCert.getSigAlgName());
System.out.println("IssuerDN : "+xCert.getIssuerDN());
System.out.println("Serial Number : "+xCert.getSerialNumber());
System.out.println("SubjectDN : "+xCert.getSubjectDN());
}catch(Exception exp){
:
}
回答by Raj
If you are having the PFX file, then that may contain the public key certificate which will be required to verify the signature.
如果您有 PFX 文件,则该文件可能包含验证签名所需的公钥证书。
Alternatively, if your signature is a PKCS#7 signature, then the signature itself will hold the data, signature and the certificate. Assuming PKCS#7 is not detached.
或者,如果您的签名是 PKCS#7 签名,则签名本身将保存数据、签名和证书。假设 PKCS#7 没有分离。
You need to ask your signer, how is he transferring his certificate for validation.
您需要询问您的签名者,他是如何传输证书进行验证的。
