设为首页收藏本站
开启辅助访问 切换到窄版

安全矩阵

 找回密码
 立即注册
搜索
安全矩阵»安全矩阵 安全矩阵实验室 技术转载 安卓逆向 -- 算法基础(数字签名)
返回列表 发新帖
查看: 2245|回复: 0

安卓逆向 -- 算法基础(数字签名)

[复制链接]
Delina

855

主题

862

帖子

2940

积分

金牌会员

Rank: 6Rank: 6

积分
2940
发表于 2021-9-1 19:18:00 | 显示全部楼层 |阅读模式
原文链接:安卓逆向 -- 算法基础(数字签名)
一、数字签名
数字签名的基础是公钥和私钥的非对称加密,发送者使用私钥加密消息摘要(签名),接收者使用公钥解密消息摘要以验证签名是否是某个人的。常见的有MD5withRSA,SHA256withRSA

二、Java版
  1. public  static String  pubkey="MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDkluCxbqyIIVEG6wq3xwOncwtO" +
  2. "Ew45xvjOdEuxBG5MCGIGfik7s2XB3Znz2ih7RWkQdOTWTLRfNKqGLCDXZrVfM6i6" +
  3. "jJlxrPlHt8JlDPKmu5QGLsap5DGwdShnL29bLEpmql4UbxPo0NsCq91rt90m60H6" +
  4. "4br6yURdv/Pr6jyOEQIDAQAB";
  5. public  static String prikey="MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAOSW4LFurIghUQbr" +
  6. "CrfHA6dzC04TDjnG+M50S7EEbkwIYgZ+KTuzZcHdmfPaKHtFaRB05NZMtF80qoYs" +
  7. "INdmtV8zqLqMmXGs+Ue3wmUM8qa7lAYuxqnkMbB1KGcvb1ssSmaqXhRvE+jQ2wKr" +
  8. "3Wu33SbrQfrhuvrJRF2/8+vqPI4RAgMBAAECgYEAoSn3FWIQZpIGzLfegJ/h5ado" +
  9. "6wzoVLgCJ5062H1lPloSsr00WREsxzh0GMdRD0hqwN2JkcXWzeEV8S8foH6blEQ3" +
  10. "Utycz1LzN8cOJRWlXz/+aPCjGMQKbAARXQOpY6LYj2Y9cB5OayoIh2/afsZbS6gv" +
  11. "yJYZQNVDBGwmfJibEAECQQD7yE7gxwCHtjd8l/yhm87TROVaLUlq1jZXWsYNx8ts" +
  12. "qq/gXUueIssn4b3VTof4Htog1ZE1kGcSNg4ccKIiH6KRAkEA6Gsc9uskNnqB/DdL" +
  13. "SfvD5iZ03I4REAnpMueV9NHAA+cbOJtqSYUxEjW6jvzRo2MdqrlxOvRdUQZNKUZ+" +
  14. "pzzzgQJBAM2B7X/ibjhXLmrv0zBFcEdZEKrOFAKz3Z7nZIiS7yM/HlbPT40/cPqY" +
  15. "cs3MT4biB8CNEPzbZIWkwVfNR0j68UECQE3QfvQUqh0rSxXclXKBvobx3TJyxjeu" +
  16. "ecs3SjebekRUPgLn1eAjndhQ8NMqxi2D48zjJYvtgMi96VumZIUtnQECQQCh46wV" +
  17. "zSQ+iQcqBRipaNNa6ipAg1h60wh3omoBZQubQQYtDsmIbhT2AUZy6usBi65nd1I3" +
  18. "UefrOu9gIHGeU3br";
  19. public static PublicKey getPublickKey(String key)throws Exception{
  20. byte[] keyBytes= new BASE64Decoder().decodeBuffer(key);
  21.     X509EncodedKeySpec keys = new X509EncodedKeySpec(keyBytes);//实例化key
  22.     KeyFactory keyFactory = KeyFactory.getInstance("RSA");
  23.     PublicKey publicKey = keyFactory.generatePublic(keys);
  24. return publicKey;
  25. }
  26. public static PrivateKey getPrivatekey(String key)throws Exception{
  27. byte[] bytes = new BASE64Decoder().decodeBuffer(key);
  28.     PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(bytes);
  29.     KeyFactory keyFactory = KeyFactory.getInstance("RSA");
  30.     PrivateKey privateKey = keyFactory.generatePrivate(keySpec);
  31. return privateKey;
  32. }
  33. public static byte[] encrypt(byte[] enstr)throws Exception{
  34.     PublicKey publickKey = getPublickKey(pubkey);
  35.     Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
  36.     cipher.init(Cipher.ENCRYPT_MODE,publickKey);
  37. byte[] bytes = cipher.doFinal(enstr);
  38. return bytes;
  39. }
  40. public static byte[] decrypt(byte[] destr)throws Exception{
  41.     PrivateKey privatekey = getPrivatekey(prikey);
  42.     Cipher cipht = Cipher.getInstance("RSA/ECB/PKCS1Padding");
  43.     cipht.init(Cipher.DECRYPT_MODE,privatekey);
  44. byte[] bytes= cipht.doFinal(destr);
  45. return bytes;
  46. }
  47. public static byte[] sign(byte[] bytes)throws Exception{
  48.     PrivateKey privatekey = getPrivatekey(prikey);
  49.     Signature sig = Signature.getInstance("SHA256withRSA");
  50.     sig.initSign(privatekey);
  51.     sig.update(bytes);
  52. return sig.sign();
  53. }
  54. public static boolean verify(byte[] bytes,byte[] sign)throws Exception{
  55.     PublicKey publickKey = getPublickKey(pubkey);
  56.     Signature sig = Signature.getInstance("SHA256withRSA");
  57.     sig.initVerify(publickKey);
  58.     sig.update(bytes);
  59. return sig.verify(sign);
  60. }
  61. public static void main(String[] args) throws Exception{
  62.     System.out.println("逆向有你");
  63.     String bs= "逆向有你a";
  64. byte[] signs = sign(bs.getBytes(StandardCharsets.UTF_8));
  65.     System.out.println("数字签名(字节):"+Arrays.toString(signs));
  66.     System.out.println("数字签名(Hex):"+bytes2HexString(signs));
  67.     System.out.println("数字签名(Base64):"+Base64.getEncoder().encodeToString(signs));
  68. boolean bl=verify(bs.getBytes(StandardCharsets.UTF_8),signs);
  69.     System.out.println("验证结果:"+bl);
  70. }
  71. 运行结果:
  72. 数字签名(字节):[26, -47, -18, 125, -106, -61, -56, -89, -97, 17, -16, -119, -86, 126, -81, -101, -91, -6, 5, -91, 93, 26, -11, -65, -84, 85, -112, -82, -123, -35, -115, 55, -113, -37, 80, -127, -128, -37, -78, 17, -45, -116, -4, 59, -103, -115, 27, 85, 69, -100, 23, 25, -33, 67, 88, -34, -59, 78, 18, 6, 57, -39, 54, -73, 100, -59, 77, 91, 75, -119, 118, 89, 95, 94, -82, -101, -74, -55, -15, -34, -9, -3, -93, -42, 22, 44, -7, -58, -116, -125, 78, 37, -25, 120, -58, -93, 86, 3, -30, -7, 55, 30, 45, 36, -112, -42, -104, 106, 1, -103, -24, 35, 60, 18, -71, -114, 83, 46, 107, 48, 16, -88, 113, -77, 46, 124, -92, -50]
  73. 数字签名(Hex):1AD1EE7D96C3C8A79F11F089AA7EAF9BA5FA05A55D1AF5BFAC5590AE85DD8D378FDB508180DBB211D38CFC3B998D1B55459C1719DF4358DEC54E120639D936B764C54D5B4B8976595F5EAE9BB6C9F1DEF7FDA3D6162CF9C68C834E25E778C6A35603E2F9371E2D2490D6986A0199E8233C12B98E532E6B3010A871B32E7CA4CE
  74. 数字签名(Base64):GtHufZbDyKefEfCJqn6vm6X6BaVdGvW/rFWQroXdjTeP21CBgNuyEdOM/DuZjRtVRZwXGd9DWN7FThIGOdk2t2TFTVtLiXZZX16um7bJ8d73/aPWFiz5xoyDTiXneMajVgPi+TceLSSQ1phqAZnoIzwSuY5TLmswEKhxsy58pM4=
  75. 验证结果:true
复制代码

三、JS版
1、用到的加密库下载地址
https://gitee.com/mirrors/jsrsasign
2、调用源码
  1. var signData="逆向有你a";
  2. var pubkey1="-----BEGIN PUBLIC KEY-----\n" +
  3. "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD3XSdz1MnzazBEN5KOfTx0IyVJ\n" +
  4. "Z5wb57isrCuHDhnYXwtmdhQalgII0fozeeFpMpAvlnmHC1kpW7XVGvZnLx3bWbCE\n" +
  5. "bf+pMSW4kmQuI+5cxRUJbCl7sdaODBrINgERHPICVC18AJLThEVMHyjuR6Jn4zQm\n" +
  6. "yYNbReSktY/BrFTvMQIDAQAB\n" +
  7. "-----END PUBLIC KEY-----";
  8. var privatekey="-----BEGIN PRIVATE KEY-----\n" +
  9. "MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAPddJ3PUyfNrMEQ3\n" +
  10. "ko59PHQjJUlnnBvnuKysK4cOGdhfC2Z2FBqWAgjR+jN54WkykC+WeYcLWSlbtdUa\n" +
  11. "9mcvHdtZsIRt/6kxJbiSZC4j7lzFFQlsKXux1o4MGsg2AREc8gJULXwAktOERUwf\n" +
  12. "KO5HomfjNCbJg1tF5KS1j8GsVO8xAgMBAAECgYEA6eG1JMrj63jEmStmMb1txG1a\n" +
  13. "mu4Q5z2QGgtr2HVXsIIlGEq6tWxyHf7TL4qkuz9onuYKn8n2Eqm44fZtVaBx+5ES\n" +
  14. "zRpIvlTvaxmVu0HZ1hYAzUw1XyRnXNMKpL5tT4GCjm8+QGPzlGxgXI1sNg8r9Jaw\n" +
  15. "9zRUYeA6LQR9RIMkHWUCQQD8QojjVoGjtiunoh/N8iplhUszZIavAEvmDIE+kVy+\n" +
  16. "pA7hvlukLw6JMc7cfTcnHyxDo9iHVIzrWlTuKRq9KWVLAkEA+wgJS2sgtldnCVn6\n" +
  17. "tJKFVwsHrWhMIU29msPPbNuWUD23BcKE/vehIyFu1ahNA/TiM40PEnzprQ5JfPxU\n" +
  18. "16S78wJANTfMLTnYy7Lo7sqTLx2BuD0wqjzw9QZ4/KVytsJv8IAn65P/PVn4FRV+\n" +
  19. "8KEx+3zmF7b/PT2nJRe/hycAzxtmlQJBAMrFwQxEqpXfoAEzx4lY2ZBn/nmaR/SW\n" +
  20. "4VNEXCbocVC7qT1j1R5HVMgV13uKiTtq8dUGWmhqsi7x3XayNK5ECPUCQQDZaAN6\n" +
  21. "tvIHApz9OLsXSw0jZirQ6KEYdharXbIVDy1W1sVE3lzLbqLdFp1bxAHQIvsYS5PM\n" +
  22. "A9veSJh372RLJKkj\n" +
  23. "-----END PRIVATE KEY-----";
  24. function signa(src){
  25. let signature=new KJUR.crypto.Signature({alg:"SHA256withRSA",prvkeypem:privatekey});   
  26.     signature.updateString(src);
  27. let a = signature.sign();
  28. let sign = hextob64(a);
  29. console.log(sign);
  30. }
  31. function signa1(src){
  32. var key = KEYUTIL.getKey(privatekey);
  33. var signature=new KJUR.crypto.Signature({alg:"SHA256withRSA"});
  34.     signature.init(key);
  35.     signature.updateString(src);
  36. var a = signature.sign();
  37. var sign = hextob64(a);
  38. console.log(sign);
  39. return sign;
  40. }
  41. function yanzheng(){
  42. var a=signa1(signData);
  43. var signatureVf = new KJUR.crypto.Signature({alg:"SHA256withRSA",prvkeypem:pubkey1});
  44.     signatureVf.updateString(signData);
  45. var b = signatureVf.verify(b64tohex(a));
  46. console.log("jsrsasign verify: "+b);
  47. }
  48. signa1(signData)
  49. yanzheng()
复制代码



回复

使用道具 举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

小黑屋|安全矩阵

GMT+8, 2024-11-29 17:22 , Processed in 0.012731 second(s), 18 queries .

Powered by Discuz! X4.0

Copyright © 2001-2020, Tencent Cloud.

快速回复 返回顶部 返回列表