我需要使用 MakeCert.exe(来自 Windows SDK 8.)生成的 DSA 私钥在 java 中签署一个大文件。
makecert.exe -sy 13 -sv C:\SignFile3\dsasign.pvk -pe -r -n "CN=LGS CA" C:\SignFile3\dsasign.crt
pvk 是我要签名的私钥。
接下来是我完整的 Java 代码:
import java.io.*;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.DataInputStream;
import java.io.BufferedReader;
import java.io.FileReader;
import java.security.*;
import java.security.spec.*;
class GenSig {
public static final String PRIVATE_KEY_FILE = "dsasign.pvk";
public static byte[] fullyReadFile(File file) throws IOException {
DataInputStream dis = new DataInputStream(new FileInputStream(file));
byte[] bytesOfFile = new byte[(int) file.length()];
return bytesOfFile;
public static void main(String[] args) {
if (args.length != 1) {
System.out.println("Usage: GenSig nameOfFileToSign");
else {
try {
KeyFactory keyFactory = KeyFactory.getInstance("DSA");
File myfile = new File(PRIVATE_KEY_FILE);
byte[] decodedprivatekey = fullyReadFile(myfile);
PKCS8EncodedKeySpec priKeySpec = new PKCS8EncodedKeySpec(decodedprivatekey);
PrivateKey priv = keyFactory.generatePrivate(priKeySpec);
Signature dsa = Signature.getInstance("SHA1withDSA", "SUN");
/* Update and sign the data */
FileInputStream fis = new FileInputStream(args[0]);
BufferedInputStream bufin = new BufferedInputStream(fis);
byte[] buffer = new byte[1024];
int len;
while (bufin.available() != 0) {
len = bufin.read(buffer);
dsa.update(buffer, 0, len);
/* Now that all the data to be signed has been read in, generate a signature for it */
byte[] realSig = dsa.sign();
/* Save the signature in a file */
FileOutputStream sigfos = new FileOutputStream("signature.binary");
catch (Exception e) {
System.err.println("Caught exception " + e.toString());
我运行它的错误是:捕获异常java.security.spec.InvalidKeySpecException:不适当的密钥规范:IOException:DerInputStream.getLength():lengthTag = 113,太大。