验证 ECDSA P-256 签名
Validating a ECDSA P-256 signature
最近一段时间,我一直在尝试构建一个 Java 库来解释和验证 NZ Covid 通行证。在签名验证(该过程的一个稍微重要的部分)之前,我已经得到了可以更好或更坏地工作的代码。代码完整is available here,但还是很粗糙。
验证器本身is available here, there is an accompying test. Technical specification for the covid pass is here. There are is at least one relevant section.
在与另一位开发人员合作后,我想我已经确定要解释所提供的 public 键。下面的代码(删除了调试输出)。 The public key details come from here
private PublicKey extractPublicKey(PublicKeysDetails publicKeyDetails) throws NoSuchAlgorithmException, InvalidParameterSpecException, InvalidKeySpecException {
byte[] xBytes = Base64.getDecoder().decode(publicKeyDetails.x().replace('-', '+').replace('_', '/'));
byte[] yBytes = Base64.getDecoder().decode(publicKeyDetails.y().replace('-', '+').replace('_', '/'));
BigInteger x = new BigInteger(xBytes);
BigInteger y = new BigInteger(yBytes);
ECPoint ecPoint = new ECPoint(x, y);
ECGenParameterSpec parameterSpec = new ECGenParameterSpec("secp256r1");//publicKeyDetails.crv() Should always come from the endpoint as "P-256", java wants to know exactly secp256r1, or NIST P-256
AlgorithmParameters parameters = AlgorithmParameters.getInstance("EC");//publicKeyDetails.kty() Should always come from the endpoint as "EC"
parameters.init(parameterSpec);
ECParameterSpec ecParameters = parameters.getParameterSpec(ECParameterSpec.class);
ECPublicKeySpec pubSpec = new ECPublicKeySpec(ecPoint, ecParameters);
KeyFactory kf = KeyFactory.getInstance("EC");
return kf.generatePublic(pubSpec);
}
该错误可能存在于该文件的其他地方,但此时我完全不知道它可能是什么。
请帮我堆栈溢出你我唯一的希望?
几天来一直在兜圈子的答案我的问题是专门将字节处理成大整数。
BigInteger x = new BigInteger(xBytes);
BigInteger y = new BigInteger(yBytes);
应该是
BigInteger x = new BigInteger(1, xBytes);
BigInteger y = new BigInteger(1, yBytes);
也就是说这个数字应该是正数。
最近一段时间,我一直在尝试构建一个 Java 库来解释和验证 NZ Covid 通行证。在签名验证(该过程的一个稍微重要的部分)之前,我已经得到了可以更好或更坏地工作的代码。代码完整is available here,但还是很粗糙。
验证器本身is available here, there is an accompying test. Technical specification for the covid pass is here. There are is at least one relevant section.
在与另一位开发人员合作后,我想我已经确定要解释所提供的 public 键。下面的代码(删除了调试输出)。 The public key details come from here
private PublicKey extractPublicKey(PublicKeysDetails publicKeyDetails) throws NoSuchAlgorithmException, InvalidParameterSpecException, InvalidKeySpecException {
byte[] xBytes = Base64.getDecoder().decode(publicKeyDetails.x().replace('-', '+').replace('_', '/'));
byte[] yBytes = Base64.getDecoder().decode(publicKeyDetails.y().replace('-', '+').replace('_', '/'));
BigInteger x = new BigInteger(xBytes);
BigInteger y = new BigInteger(yBytes);
ECPoint ecPoint = new ECPoint(x, y);
ECGenParameterSpec parameterSpec = new ECGenParameterSpec("secp256r1");//publicKeyDetails.crv() Should always come from the endpoint as "P-256", java wants to know exactly secp256r1, or NIST P-256
AlgorithmParameters parameters = AlgorithmParameters.getInstance("EC");//publicKeyDetails.kty() Should always come from the endpoint as "EC"
parameters.init(parameterSpec);
ECParameterSpec ecParameters = parameters.getParameterSpec(ECParameterSpec.class);
ECPublicKeySpec pubSpec = new ECPublicKeySpec(ecPoint, ecParameters);
KeyFactory kf = KeyFactory.getInstance("EC");
return kf.generatePublic(pubSpec);
}
该错误可能存在于该文件的其他地方,但此时我完全不知道它可能是什么。
请帮我堆栈溢出你我唯一的希望?
几天来一直在兜圈子的答案我的问题是专门将字节处理成大整数。
BigInteger x = new BigInteger(xBytes);
BigInteger y = new BigInteger(yBytes);
应该是
BigInteger x = new BigInteger(1, xBytes);
BigInteger y = new BigInteger(1, yBytes);
也就是说这个数字应该是正数。