I have a piece of software doing a digital signature as follows.
MessageDigest md = MessageDigest.getInstance("SHA1", "BC");
Cipher cipher = Cipher.getInstance("RSA/None/NoPadding", "BC");
cipher.init(Cipher.ENCRYPT_MODE, privateKey);
byte[] hash = md.digest("message".getBytes());
byte[] signature = cipher.doFinal(hash);
I want to replace it by some lines of batch/openssl, but failed reproducing this signature. Basically it's a combination of a SHA1 and RSA, which isn't that bad. I was wondering why hash and encryption are separated. Both ways doing this with openssl resulting in a different signature (ignoring the format):
openssl dgst -sha1 -binary msg.txt > hash
openssl rsautl -sign -inkey priv.pem -in hash -hexdump
and
openssl dgst -sha1 -sign priv.pem -hex < msg.txt
So there's something I am missing...
Aucun commentaire:
Enregistrer un commentaire