[openssl-users] Java Snippet output is not equal to command line openssl command output , Why ?
Blumenthal, Uri - 0553 - MITLL
uri at ll.mit.edu
Wed Aug 1 16:46:20 UTC 2018
Actually, it all works just fine. Viktor's point about adding terminating "\n" to the input text helped.
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDGlXflMDDD8kOP
TP5y06tSXe1g8G3uJAoGHT8NewYANIONuJEZveXnfL8+bJRIu8FDzeCc4SWsCISK
WMmX/VY+IzZxLvUlOzRaKmO3Su7A9ABSc/AtcEVcrXhr9qV3axZDMXRXsWTxFnhO
/lRK8RpfGoGIhgCKkuNswy/DUjka0x03HymD7HwWhaNgsuvon+zWlSNTIV3t/WU4
093DlykKgDwEPym3UXHIgAecEAsYvm/YeYtM8NsHF2tzr40dKxA460lO/P8Vr7rL
df+AF9sNyfNFR81KBtPp2aqvZVXabHQrIZEpoZLrkz6uCObmyPiFx2m59Y3nXQV2
Fac8DuATAgEDAoIBAQCEY6VDdXXX9te03f73N8eMPp5AoElJbVwEE39eUgQAIwJe
ewtmfplE/dTUSGLbJ9YtM+sTQMPIBa2xkIZlU47UF3mgyfjDfM2RcZfPh0nV+AA2
9/VzoC49yPrypG5PnLmCIPg6dkNLZFA0qY2HS2bqEauwWVWxt0JIgh/XjCYR4OYZ
y7unFj5XnW93cAfL9U8CZPonO6iHCB14unk/UyiIHNrR41at0+qwVJYXdTFx+m0C
3KiWAwleRdVy2LBj3Fq1R3/pW3tnYTadgOInRYF4hQuF+ttIzEiuimhd6blUdMlR
WWbw8xp2A8buS4DQUKz0u1OAAhDvsqfEDsWLIAq7AoGBAPHwbdW8aLN85Y3W1pYf
2ELIlV1422sH+MrKv/jqQFf9LVmiXzq2+EZiYQcSxUFp5/1OvnRIHfY2hiBtq4Ww
VBq9/0u/D8Rv9bKPOvpLxYZP9FIOo8/BaLp5VV3Vz4pxVort0xHr+DfWFWH7t0cC
m/3LtfC1Y7j0TKyL/soyDWzXAoGBANIf/7pM4msWM+5WtEoW17OKaE6fbHYbeG44
/C76WhRBJ5onCuz7m0tdoB9mGv+D3s8FcBojzlbDKIrZvv7XDG1rAL2x5AGKqDZP
+bH5ahKJDg/tq7Sba6xqtLBMtzVqZrtDSGTUPLNkeDJM4F6rs/dK+HvEjruLhF1E
ALS5UWMlAoGBAKFK8+PS8HeomQk55GQVOtcwY5Ol55yv+zHcf/tG1Y/+HjvBlNHP
UC7sQK9h2NZGmqjfKaLavqQkWWrzx651jWcpVN0qCoL1TncKJ1GH2QQ1TYwJwoqA
8HxQ45Pj37Gg5FyejLadUCU5Y5anz4SsZ/6HzqB47SX4Mx2yqdwhXkiPAoGBAIwV
VSbd7EdkIp7keDFkj80G8DRqSE68+vQl/XSm5rgrb7waB0invNzpFWpEEf+tPzSu
SrwX3uSCGwc71KnksvOcqykhQquxxXmKpnamRrcGCV/zx8288nLxzcrdz3jxmdIs
2u3i0yJC+swzQD8dIqTcpafYXyeyWD4tVc3Q4OzDAoGBAML1gJ2slF0egQmxKSJK
YktcRX4IP1rWlYClgcJ9OLAxZBFWPwW8+hsTfCDoa5WEk4+CFHZ37PyibzjGuASC
UQmOZj6tVnaRkB62ExArgjzyyIMEUAbfFw4vKHe8cyF8MFC6JbTYj0EDlQtkhK65
HE0xeJjwo/swhpkBItsH0cYJ
-----END PRIVATE KEY-----
-----BEGIN PUBLIC KEY-----
MIIBIDANBgkqhkiG9w0BAQEFAAOCAQ0AMIIBCAKCAQEAxpV35TAww/JDj0z+ctOr
Ul3tYPBt7iQKBh0/DXsGADSDjbiRGb3l53y/PmyUSLvBQ83gnOElrAiEiljJl/1W
PiM2cS71JTs0Wipjt0ruwPQAUnPwLXBFXK14a/ald2sWQzF0V7Fk8RZ4Tv5USvEa
XxqBiIYAipLjbMMvw1I5GtMdNx8pg+x8FoWjYLLr6J/s1pUjUyFd7f1lONPdw5cp
CoA8BD8pt1FxyIAHnBALGL5v2HmLTPDbBxdrc6+NHSsQOOtJTvz/Fa+6y3X/gBfb
DcnzRUfNSgbT6dmqr2VV2mx0KyGRKaGS65M+rgjm5sj4hcdpufWN510FdhWnPA7g
EwIBAw==
-----END PUBLIC KEY-----
$ cat rsa_tst1.java
import java.security.KeyFactory;
import java.security.Signature;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Base64;
public class rsa_tst1
{
public static void main(String[] args) throws Exception
{
String input = "sample input\n";
final String strPk =
"-----BEGIN PRIVATE KEY-----\n"
+ "MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDGlXflMDDD8kOP\n"
+ "TP5y06tSXe1g8G3uJAoGHT8NewYANIONuJEZveXnfL8+bJRIu8FDzeCc4SWsCISK\n"
+ "WMmX/VY+IzZxLvUlOzRaKmO3Su7A9ABSc/AtcEVcrXhr9qV3axZDMXRXsWTxFnhO\n"
+ "/lRK8RpfGoGIhgCKkuNswy/DUjka0x03HymD7HwWhaNgsuvon+zWlSNTIV3t/WU4\n"
+ "093DlykKgDwEPym3UXHIgAecEAsYvm/YeYtM8NsHF2tzr40dKxA460lO/P8Vr7rL\n"
+ "df+AF9sNyfNFR81KBtPp2aqvZVXabHQrIZEpoZLrkz6uCObmyPiFx2m59Y3nXQV2\n"
+ "Fac8DuATAgEDAoIBAQCEY6VDdXXX9te03f73N8eMPp5AoElJbVwEE39eUgQAIwJe\n"
+ "ewtmfplE/dTUSGLbJ9YtM+sTQMPIBa2xkIZlU47UF3mgyfjDfM2RcZfPh0nV+AA2\n"
+ "9/VzoC49yPrypG5PnLmCIPg6dkNLZFA0qY2HS2bqEauwWVWxt0JIgh/XjCYR4OYZ\n"
+ "y7unFj5XnW93cAfL9U8CZPonO6iHCB14unk/UyiIHNrR41at0+qwVJYXdTFx+m0C\n"
+ "3KiWAwleRdVy2LBj3Fq1R3/pW3tnYTadgOInRYF4hQuF+ttIzEiuimhd6blUdMlR\n"
+ "WWbw8xp2A8buS4DQUKz0u1OAAhDvsqfEDsWLIAq7AoGBAPHwbdW8aLN85Y3W1pYf\n"
+ "2ELIlV1422sH+MrKv/jqQFf9LVmiXzq2+EZiYQcSxUFp5/1OvnRIHfY2hiBtq4Ww\n"
+ "VBq9/0u/D8Rv9bKPOvpLxYZP9FIOo8/BaLp5VV3Vz4pxVort0xHr+DfWFWH7t0cC\n"
+ "m/3LtfC1Y7j0TKyL/soyDWzXAoGBANIf/7pM4msWM+5WtEoW17OKaE6fbHYbeG44\n"
+ "/C76WhRBJ5onCuz7m0tdoB9mGv+D3s8FcBojzlbDKIrZvv7XDG1rAL2x5AGKqDZP\n"
+ "+bH5ahKJDg/tq7Sba6xqtLBMtzVqZrtDSGTUPLNkeDJM4F6rs/dK+HvEjruLhF1E\n"
+ "ALS5UWMlAoGBAKFK8+PS8HeomQk55GQVOtcwY5Ol55yv+zHcf/tG1Y/+HjvBlNHP\n"
+ "UC7sQK9h2NZGmqjfKaLavqQkWWrzx651jWcpVN0qCoL1TncKJ1GH2QQ1TYwJwoqA\n"
+ "8HxQ45Pj37Gg5FyejLadUCU5Y5anz4SsZ/6HzqB47SX4Mx2yqdwhXkiPAoGBAIwV\n"
+ "VSbd7EdkIp7keDFkj80G8DRqSE68+vQl/XSm5rgrb7waB0invNzpFWpEEf+tPzSu\n"
+ "SrwX3uSCGwc71KnksvOcqykhQquxxXmKpnamRrcGCV/zx8288nLxzcrdz3jxmdIs\n"
+ "2u3i0yJC+swzQD8dIqTcpafYXyeyWD4tVc3Q4OzDAoGBAML1gJ2slF0egQmxKSJK\n"
+ "YktcRX4IP1rWlYClgcJ9OLAxZBFWPwW8+hsTfCDoa5WEk4+CFHZ37PyibzjGuASC\n"
+ "UQmOZj6tVnaRkB62ExArgjzyyIMEUAbfFw4vKHe8cyF8MFC6JbTYj0EDlQtkhK65\n"
+ "HE0xeJjwo/swhpkBItsH0cYJ\n"
+ "-----END PRIVATE KEY-----\n";
String base64Signature = signSHA256RSA(input,strPk);
System.out.println("Signature:\n"+base64Signature);
}
// Create base64 encoded signature using SHA256/RSA.
private static String signSHA256RSA(String input, String strPk)
throws Exception
{
// Remove markers and new line characters in private key
String realPK = strPk.replaceAll("-----END PRIVATE KEY-----", "")
.replaceAll("-----BEGIN PRIVATE KEY-----", "")
.replaceAll("\n", "");
byte[] b1 = Base64.getDecoder().decode(realPK);
PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(b1);
KeyFactory kf = KeyFactory.getInstance("RSA");
Signature privateSignature = Signature.getInstance("SHA256withRSA");
privateSignature.initSign(kf.generatePrivate(spec));
privateSignature.update(input.getBytes("UTF-8"));
byte[] s = privateSignature.sign();
return Base64.getEncoder().encodeToString(s);
}
}
$ java rsa_tst1
Signature:
aM9GLnfy+yZ7g6PSpQ0+BEgQvNq0KwrKVeVUNtCNPnC7zOVd3wTp69xxcQfVCWY3MDGw0xVSs6P/Ud+do/NbFbw9ShdTfBi81hKe5rV8US//oF1RWa0uDdz6Pr5JCa+6E35oVZeoRC7i0UjJDLGx0PPpMshGQWtau8r7/Oaw2BywiIwvKWRp9zBMgQJRiO1rrCHqOEIegTGUCsRuzzk4XoFdDQEHJ8fydFV5/feIUQJCrC4HIIrwr8XPtEJrsJyssC6xmU5hkFKJhuovd/+9pfNEIVQnBFd03VCEdJWhuTf2IKabDGg8MGKMGsEkgFZpUQJijXMD7ifzLcQXzp7q7w==
Stored it in tsig.b64 file.
$ echo "sample input" > tt.txt
$ openssl base64 -in tsig.b64 -d -a -out tsig.sig
$ openssl dgst -sha256 -verify rsa2048-pub.pem -signature tsig.sig tt.txt
Verified OK
On 8/1/18, 12:17, "openssl-users on behalf of Viktor Dukhovni" <openssl-users-bounces at openssl.org on behalf of openssl-users at dukhovni.org> wrote:
> On Aug 1, 2018, at 12:14 PM, timmy pony <tim.fortinbras at gmail.com> wrote:
>
> Thanks Viktor,
> for assistance .....
> The embedded private key "skeleton" is only for visualisation purposes; No it will not.
>
>
> the openssl command returns binary.
> so i can do .But they are still coming out different.
>
> openssl base64 -in /tmp/sign.sha256 -out <signature>
Please re-read my previous post and respond to *all* the points.
--
Viktor.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5211 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20180801/f06b29fb/attachment-0001.bin>
More information about the openssl-users
mailing list