问题描述
我正在实施Bing Cashback.为了验证来自Bing的传入请求是否有效,他们提供了签名.签名是使用RSA加密的URL的160位SHA-1哈希.
I'm working on implementing Bing Cashback. In order to verify an incoming request from Bing as valid they provide a signature. The signature is a 160-bit SHA-1 hash of the url encrypted using RSA.
Microsoft提供了RSA公钥",模数和指数,我应该使用它来解密哈希.
Microsoft provides the RSA "public key", modulus and exponent, with which I'm supposed to decrypt the hash.
是否有一种方法可以创建Microsoft所说的解密哈希所需的Java密钥对象?
Is there a way to create the Java key objects needed to decrypt the hash as Microsoft says?
我能找到的所有东西都会自动创建RSA密钥对,因为这就是RSA应该起作用的方式.我真的很想使用Java对象,因为它显然比手工编码的解决方案更可靠.
Everything I can find creates RSA key pairs automatically since that's how RSA is supposed to work. I'd really like to use the Java objects if at all possible since that's obviously more reliable than a hand coded solution.
他们提供的示例代码在.NET中,并使用.NET库函数来验证哈希.特别是RSACryptoServiceProvider.VerifyHash()
The example code they've provided is in .NET and uses a .NET library function to verify the hash. Specifically RSACryptoServiceProvider.VerifyHash()
推荐答案
RSAPublicKeySpec spec = new RSAPublicKeySpec(modulus, exponent);
KeyFactory factory = KeyFactory.getInstance("RSA");
PublicKey pub = factory.generatePublic(spec);
Signature verifier = Signature.getInstance("SHA1withRSA");
verifier.initVerify(pub);
verifier.update(url.getBytes("UTF-8")); // Or whatever interface specifies.
boolean okay = verifier.verify(signature);
这篇关于根据Java中的已知参数创建RSA密钥的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!