In web development, using RSA public Key system to make Ukey, file certificate Landing, the common practice is: the browser side of the use of C + + ActiveX control, using C + + Third library OpenSSL for RAS add-sign operation, The client's signature is checked by Java on the server side. This involves the process of verifying the identity of the client with the interactive plus check between C + + OpenSSL and Java.
If you find my side of the article through the search, I believe you must have found that the use of OpenSSL plus signed data, the Java side of the verification is not successful, using OpenSSL verification can pass. The problem is that the public key of OpenSSL is problematic when the server is converted to a Java RSA public key, and the OpenSSL's public key format appends some of its own additional information. Therefore, when Java constructs its own pubkey on the server side, it must first remove the unique information of OpenSSL.
For example, if I use OpenSSL to generate modulus size to 1024x768, the public key pair for the exponent 65537---rsa_generate_key (1024x768, 65537, NULL, NULL) Then, when we construct a Java-formatted public key from the Java side through the public key of OpenSSL, we must obtain the modulus in the following way, and then construct the public key in Java to perform a check operation.
private static byte[] Getmodulus (byte[] pkdata, int begin) {
byte[] Moddata = new byte[128];
byte[] ss = {pkdata[0],pkdata[1],pkdata[2],pkdata[3]};
for (int i = 0, y = begin; i <; i++,y++) {
Moddata[i] = Pkdata[y];
}
return moddata;
}
/**
* Raise the relevant 128 public key data from OpenSSL
* @param b64str
* @return
*/
private static byte[] Get128pkdata (String b64str) {
String PK = b64str.replace ("-----BEGIN RSA Public KEY-----", "");//reject the previous message
PK = Pk.replace ("-----END RSA Public KEY-----", "");//reject the information behind
byte[] Pkdata = Base64.decode (PK);
Return Getmodulus (Pkdata, 7);//subscript starting from 7, get bytes modulus
}
/** If you ask me what information is in the end, I do not know, I am starting from subscript 1 to test constantly, only to conclude that the subscript 7 should start to get modulus value ***/
/**
* Public key converted from 1024-bit public key to x509 format
* @param moddata
* @return
* @throws Exception
*/
private static PublicKey Getpublickey (byte[] moddata) throws exception{
Keyfactory Keyf = keyfactory.getinstance ("RSA");
Rsapublickeyspec Pubkeyspec = new Rsapublickeyspec (new BigInteger (Moddata), New BigInteger ("65537"));
Rsapublickey pk = (rsapublickey) keyf.generatepublic (PUBKEYSPEC);
Decrypts the public key encoded by the Base64 and constructs the X509encodedkeyspec object
Java.security.spec.X509EncodedKeySpec Bobpubkeyspec = new Java.security.spec.X509EncodedKeySpec (
Pk.getencoded ());
Return Keyf.generatepublic (BOBPUBKEYSPEC);
}
As for OpenSSL I do not introduce, there is a lot of information on the Internet, and its own documentation is also very complete
Enclosed are some related classes, the Signprovider.java side is responsible for the public key conversion and signing Base64.java responsible for 64 encoding Fcopensslref.rar---OpenSSL related classes
Note: I am not familiar with C + +, so some of the above C + + code only for reference.
Original: http://www.chlusoft.com/tech/347.jhtml