在 Java 中实现 RSA-SHA1 签名算法(创建用于 OAuth RSA-SHA1 签名的私钥)
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/2545058/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Implementing RSA-SHA1 signature algorithm in Java (creating a private key for use with OAuth RSA-SHA1 signature)
提问by Buhake Sindi
As you know, OAuth can support RSA-SHA1 Signature. I have an OAuthSignatureinterface that has the following method
如您所知,OAuth 可以支持 RSA-SHA1 签名。我有一个OAuthSignature具有以下方法的接口
public String sign(String data, String consumerSecret, String tokenSecret) throws GeneralSecurityException;
I successfully implemented and tested HMAC-SHA1 Signature (which OAuth Supports) as well as the PLAINTEXT "signature".
我成功实现并测试了 HMAC-SHA1 签名(OAuth 支持)以及 PLAINTEXT“签名”。
I have searched google and I have to create a private key if I need to use SHA1withRSAsignature: Sample code:
我已经搜索过谷歌,如果我需要使用SHA1withRSA签名,我必须创建一个私钥:示例代码:
/**
* Signs the data with the given key and the provided algorithm.
*/
private static byte[] sign(PrivateKey key,
String data)
throws GeneralSecurityException {
Signature signature = Signature.getInstance("SHA1withRSA");
signature.initSign(key);
signature.update(data.getBytes());
return signature.sign();
}
Now, How can I take the OAuth key (which is key = consumerSecret&tokenSecret) and create a PrivateKeyto use with SHA1withRSAsignature?
现在,如何获取 OAuth 密钥(即 key = consumerSecret&tokenSecret)并创建一个PrivateKey与SHA1withRSA签名一起使用的密钥?
Thanks
谢谢
From OAuth Core
9.3. RSA-SHA1
The RSA-SHA1 signature method uses the RSASSA-PKCS1-v1_5 signature algorithm as defined in [RFC3447] (Jonsson, J. and B. Kaliski, “Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography; Specifications Version 2.1,” .) section 8.2 (more simply known as PKCS#1), using SHA-1 as the hash function for EMSA-PKCS1-v1_5. It is assumed that the Consumer has provided its RSA public key in a verified way to the Service Provider, in a manner which is beyond the scope of this specification.
9.3. RSA-SHA1
RSA-SHA1 签名方法使用 [RFC3447] 中定义的 RSASSA-PKCS1-v1_5 签名算法(Jonsson, J. 和 B. Kaliski,“Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography; Specifications Version 2.1, ” .) 第 8.2 节(更简单地称为 PKCS#1),使用 SHA-1 作为 EMSA-PKCS1-v1_5 的哈希函数。假设消费者已经以一种经过验证的方式向服务提供者提供了它的 RSA 公钥,这种方式超出了本规范的范围。
And I'm now using this (http://code.google.com/apis/gdata/docs/auth/oauth.html) as a reference to doing RSA-SHA1 signature.
我现在使用这个(http://code.google.com/apis/gdata/docs/auth/oauth.html)作为执行 RSA-SHA1 签名的参考。
采纳答案by Kevin
What API is the OAuthSignatureinterface from? Is it possible that the tokenSecretparameter is not necessary for RSA signatures?
OAuthSignature接口来自什么API ?tokenSecretRSA签名是否可能不需要该参数?
回答by Michael Zheng
Seems the RSA-SHA1 does't need the consumer secret, you can refer the Jersey implement here https://svn.java.net/svn/jersey~svn/trunk/jersey/contribs/jersey-oauth/oauth-signature/src/main/java/, the class com.sun.jersey.oauth.signature.RSA_SHA1.
似乎 RSA-SHA1 不需要消费者机密,您可以在此处参考 Jersey 工具https://svn.java.net/svn/jersey~svn/trunk/jersey/contribs/jersey-oauth/oauth-signature/ src/main/java/,类 com.sun.jersey.oauth.signature.RSA_SHA1。
