在進行RSA2進行驗簽的時候,報了以下錯誤:
java.security.SignatureException: Signature length not correct: got 344 but was expecting 256
at sun.security.rsa.RSASignature.engineVerify(RSASignature.java:189)
at java.security.Signature$Delegate.engineVerify(Signature.java:1192)
at java.security.Signature.verify(Signature.java:626)
翻譯成中文的意思是:java.security.signatureException:簽名長度不正確:得到344,但期望256
問題原因是:
在生成簽名的時候,用的是 Base64.encodeBase64String(signByte) 成簽名字符串。
1 /** 2 * 生成簽名字符串. 3 * @param encryptStr 4 * @return 5 * @throws Exception 6 */ 7 private static String generateSignByRsa(String encryptStr) throws Exception { 8 if (logger.isInfoEnabled()) { 9 logger.info("生成Rsa簽名字符串..."); 10 } 11 12 // 用商戶私鑰生成簽名字符串 13 RsaEncrypt rsaEncrypt = new RsaEncrypt(); 14 rsaEncrypt.loadPrivateKey(MpayConfig.signMap.get(MpayConfig.PRIVATE_KEY)); 15 byte[] signByte = rsaEncrypt.sign(encryptStr, rsaEncrypt.getPrivateKey()); 16 String reqSign = Base64.encodeBase64String(signByte); 17 logger.info("Rsa簽名字符串:" + reqSign); 18 return reqSign; 19 }
在驗簽的時候,直接getBytes方法返回字節數據,這樣就導致簽名字符串長度不一致了。
1 RsaEncrypt rsaEncrypt=new RsaEncrypt(); 2 rsaEncrypt.loadPublicKey(publicKey); 3 return rsaEncrypt.verifySign(content,sign.getBytes(RsaEncrypt.ENCODING),rsaEncrypt.getPublicKey());
解決方案:
正確的方式應該是,獲取簽名字符串字節數組時,跟簽名時保持一樣,用Base64Util.decode(sign)方法來獲取
1 RsaEncrypt rsaEncrypt=new RsaEncrypt(); 2 rsaEncrypt.loadPublicKey(publicKey); 3 byte[] signByte = Base64Util.decode(sign); 4 return rsaEncrypt.verifySign(content,signByte,rsaEncrypt.getPublicKey());